Thanks, I'll give that a try. It would be disapointing to have something as
modern as Seam and then have to write a dumb old filter again. Also I do want
fine-grained security. Like I might have a changeCreditLimit() method, and
only an Admin should be able to call that. I know that JAAS can
Advantage of JAAS is that it deeply integrated into JEE. EJB3 allows you to
have method access security, Seam gives you isUserInRole, userPrincipal
components, Tomahawk gives you attributes to disable/hide the JSF component and
probably some more which I'm unaware of :). The one thing I haven'