I like the idea that we are separating out the security logic from Seam 3 so that it can mature and integrate in its own cycles...basically not being tied to Seam.

However, what concerns me is the change in developer experience. Security in Seam 2 is so simple to understand. There is barely any configuration, it ties in nicely with the managed ORM sessions and it covers role-based, rule-based and ACL authorization, plain and simple.

From looking at the PicketBox wiki pages, I just see a lot of configuration that makes my eyes cross. I just don't get what I am looking at, really. Either it is going to be more complicated, or you guys just don't have a basic example for people to grok. Can you paint a clearer picture for us?



On Fri, Mar 5, 2010 at 12:32 PM, PicketBox JBoss <> wrote:
Hi all,
   (I created this gmail address for twitter for Project PicketBox. I may as well use it for mailing lists).

Shane and I had a couple of days of intense discussion on security at Brisbane last week. Some of those discussions were fed back into the PicketBox project. 

Read more on Project PicketBox here:

I guess when Seam 3 is released, we are going to offload majority of the security code to PicketBox.

I will be loitering around this dev list to basically answer any security related questions.

Anil Saldhana

seam-dev mailing list

Dan Allen
Senior Software Engineer, Red Hat | Author of Seam in Action
Registered Linux User #231597