you cant. That is up to your webapp/application to protect. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4176930#4176930 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4176930