In Seam 1.1 the security classes are available to setup an Authentication Provider and begin using the @Secure annotation. I've successfully run the examples\security application (after a few minor tweaks in the User and Role EJBs). So, now my questions are: how do I use the annotations? Specifically, the ProtectedAction class has a series of annotations and calls, which apparently work because I receive the security error when I'm not the 'admin' user, but for which I can not find documentation. The foo() method's: @Secure(permissions = {@Permission(name = "protected", action = "call")}) I get an error that I don't have permission but how do I setup a user/role with the necessary permissions? The modifyCustomer() and modifyReadonlyCustomer() methods' both make these calls: SeamSecurityManager.instance().checkPermission(customer, "modify"); Is this explicit call really necessary? There must be away to check permissions using an annotation. BTW: the modifyReadonlyCustomer() method breaks when logged in as the 'admin' user but works fine when logged in as the 'user' user role. Thanks for any more information on how to use this API. In comparison to all the other hoops there are to jump through in setting up JAAS security on Seam this setup seems much, much simpler and streamlined. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985629#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...