I saw in the docs the DB login is very flexible, and yet quite simple. A couple of queries for password and roles retrieval, plus an util for password hashing. And not so complex to quickly implement. Pages and portlets access control was something I was excited about... I was intending to remove the public portal (no unauthorized), define many pages, probably one (maximized) portal per page (no decorations and no playing around with portlet window states and positioning), and then restrict the pages access according to user roles (we will have 6-10 of them). Many of our users will have little to no computer knowledge, so we wanted to simplify the design to the max. As I haven't tested Portal properly, I'm not aware of such gotchas. Even so you think Portal would not be so useful for me, maybe I'm hoping it could do more than it can as it is. Seeing the Portal with login, navigaion, authorization, access control already working on first run, then I wonder why you think all this won't be useful And I'd be very grateful if you could share this resource os Security. Any additional toughts on your opinion is very welcome too. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4235781#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...