Hi folks,

I'm starting a project which consists of a dozen of smaller sub-systems.  In our architecture, we would like to have a common module providing all user profile related services, including authentication and authorization, to other sub-systems.

i.e.
common.jar (user entities, ejb service to access user profile)
app1.ear
app2.ear
...

My target is to use Seam Security (jpa flavour) to provide the security control.  I tried to re-use the same user-class and role-class in security:jpa-identity-store.  To no avail, as the common module and the sub-systems are using different classloaders, AnnotatedBeanProperty, which is used by JpaIdentityStore, could not pick up the annotations from the entity classes.

So, under this scenario, is implementing our custom identity store and permission store the way to go?

I’ll be delighted if somebody could share their experiences on working multiple applications with Seam.

Thank you.