Advantage of JAAS is that it deeply integrated into JEE. EJB3 allows you to have method access security, Seam gives you isUserInRole, userPrincipal components, Tomahawk gives you attributes to disable/hide the JSF component and probably some more which I'm unaware of :). The one thing I haven't seen is a nice way of authenticating using a Seam component. It is a bit difficult getting JAAS set up, but once all the xml files are correct it does 'just work'; there is a security example on the wiki which should get you going (be careful to put all the xml files in the correct archive and in the correct place (META-INF or archive root)). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3965988#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...