I just had a superficial look into this topic for Seam. Acegi is complex ... for many of my colleagues an enigma. But we've been able to handle very requirement regarding Authentication/Authorization. What I like on Acegi is that the application code can be written at first without any tags or security considerations like specific roles etc.. Later on you can configure the usage of it and implement required authorization classes. To hear that Seam Security Layer and JBoss rules are similar flexible to Acegi sound good. Currently we have some framework classes developed based on Acegi for integrating an application in our infrastructure. CacheUp View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4127263#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...