I'm thinking of an enterprise application having some EJB's, some WAR's, no JSF and maybe RESTeasy. The jsp pages will send ajax requests to the RESTeasy stuff (or servlets if RESTeasy is not used). Seam is used only for its security module because I don't want to spend time writing a bunch of filters and place them in web.xml. The application server is weblogic 10.3.5 (JEE 5 compliant --> EJB's can be injected into Servlet's with @EJB, so no need of Seam DI).

Does it sound ok?
Thanks in advance for any of your idea/opinion.