I would like to try this, but it seems complicated to set up and I didn't want to run CVS code in production, so I'll wait. I ended up using a plain old Servlet Filter, like I have always done. I would prefer to use more Seam-oriented methods, including being able to restrict which user classes can access which methods in other objects, but for now, a filter is it. I also took a long look at JAAS but it seemed like a bad idea. It looked like a lot of work just to get a login page working, it doesn't work with my entities, and it doesn't install my entities into the Session, which is where they need to be. It is unfortunate that Java has such an advanced security system, but I can't use it to do stupid-simple Web application authentication: "Check the password. If the password is correct put the user object into the session and redirect to a welcome page." That should NOT be something that requires five XML files and a complicated configuration. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967601#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...