Consequentially registration of new users for which obviously login-required="true" doesn't work. So as it is that prevents us from having a <page view-id="*" scheme="http" login-required="true"> because we cannot have a subsection of the site then that allows registration. I'd rather do a search for login-required to make sure there is no inappropriate login-required="false" than having to remember to put in a new login-required="true" for each new directory. Maybe we can even figure an Ant task that fails if a new login-required appears, or something like that, if we want to be secure. But I do want to open up individual pages for login-required="false". Any thoughts? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4026066#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...