anonymous wrote : If you are not using Identity to authenticate then you need to override Identity.checkRestriction() with your own implementation that doesn't check isLoggedIn(). This is what I suspected - that <restrict\> and @Restrict require the Identity component. And so it sounds like the answer to my original question is - no, you can't just put <restrict>#{isUserInRole['Admin']}</restrict> on a page in pages.xml or @Restrict("#{isUserInRole['Admin']}") on a class or a method and have it 'just work' as you would expect in Seam. The combination of Identity and and/or @Restrict is an all-or-nothing component. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4034073#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...