Also, if 99/100 pages need to only allow access to logged in users, do I need to add the following to every one of those 99 page elements in pages.xml? Or is there a simpler way to do this (e.g. set a default of every page requiring login then override it with a few pages that don't)? Or does using security.drl have some functionality that'd be useful for this? <restrict>#{identity.loggedIn}</restrict> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4011404#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...