Having played a bit with the security API I assume the answer on 1. & 2. is Yes - please correct me if I'm wrong.
Regarding 3.: anonymous wrote : Why do you add "activation-group permissions" in the security-rules.drl file (the rules should be mutually exclusive because there is just one PermissionCheck in the working memory) ? Is the answer: If they don't belong to the same activation group the rules engine would evaluate the remaining rules (after it found a match) although they obviously would evaluate to false - so you put them in the same activation-group to ensure it doesn't waste its time ? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4017933#4017933 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4017933 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user