@All I have created a CODI add-on that allows you to 'secure' JSF components by using an implementation of the CODI AbstractAccessDecisionVoter.
These voters can then be used to restrict the access. In the next example, the text is only visible when the voter 'loggedIn' (which is a named CDI bean extending AbstractAccessDecisionVoter) don't set any ViolationException. <h:outputFormat value="#{msg['general.label.welcome']} | "> <s:securedComponent voter="loggedIn"/> <f:param value="#{loggedInUserBean.login}"/> </h:outputFormat> It is also possible to supply the method some parameter values. You can supply it for example with the looping variable from a dataTable, and thus hiding the values in a column except when the user has access to it. <h:column> <f:facet name="header">Salary</f:facet> <h:outputText value="#{employee.salary}"> <s:securedComponent voter="currentUser, hasAdministratorRole"> <s:securedComponentParameter value="#{employee}"/> </s:securedComponent> </h:outputText> </h:column> In the above example, the salary value is visible only to employee itself or the administrator. More info can be found in the readme that comes with the add-on. You can find the initial version here (1) Since it has a very deep integration with JSF structures, I need to make more tests to confirm it works in more environments. For the moment, the example works with Tomcat 6.0.29. When you do have questions, remarks or finds any problems, just let it me know. 1 = http://bitbucket.org/os890/codi-addons secureComponent directory. Regards rudy.