"ask4saif" wrote : | how can i restrict users from unauthorized access of pages. | Probably use a servlet filter for your web application. The filter intercepts all requests to the URLs it is mapped to. If you place something in the session context when a login is succesful the filter can check for the lack of this in the session and block access. Seam has a finer control mechanism for doing this via a custom interceptor if you only want to apply security to certain pages. See the docs. "ask4saif" wrote : | how can i redirect users to login page if their username does not exist in the session. | Use a RequestDispatcher in the filter described above to forward the request to the login page. "ask4saif" wrote : | how can i check if the form is submitted illeaglly. | Not sure what you mean by "submitted illegally" View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3995887#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...