Not 100% confirmed, but I think I got a reproducible case: Don't have a login-required for a page, but for the page have a s:hasRole or s:hasPermission that consequentially throws a different exception than what you probably have been expecting. Meanwhile though ... I'm having a heck of a time getting the patch right for JBSEAM-1009. Because the DTD says <!ATTLIST page login-required (true|false) "false"> we're getting from dom4j element.attribute().getValue() or element.attributeValue() a "false" even if the attribute isn't there. Any way to tell (the dom4j way) whether attribute login-required has been set explicitely? I've been a JDOM user for years, without DTDs. Wrote XML parser before that, not a dummy. But this automatic fixing up things curtesy of DTD is a bit unnerving. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027806#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...