Thanks, I'll give that a try. It would be disapointing to have something as modern as Seam and then have to write a dumb old filter again. Also I do want fine-grained security. Like I might have a changeCreditLimit() method, and only an Admin should be able to call that. I know that JAAS can manage stuff like that. So I'll grind through whatever XML madness I need to do to get it working. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966175#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...