Hi, SecurityContext can help.
http://myfaces.apache.org/sandbox/securityContext.html You need to provide and plugin your own implementation of using jaas, Default implementation uses container managed security by default; http://svn.apache.org/viewvc/myfaces/tomahawk/trunk/sandbox/core/src/main/java/org/apache/myfaces/custom/security/SecurityContextImpl.java?view=markup Also with securitycontext you can add security constraints to all jsf components in your app not the ones extended in tomahawk. Regards, Cagatay
