I wanted to use the hasPermission in a different way than what is used by default. By default it loads it from the business rules engine and I wanted to do it from a database where I had all the permission infromation stored.
What I did was to extended the Identity class and then tell Seam to use that class instead. This was when a user was authenticated I would load the permissions myself into my own identity object and then I overwrote the hasPermission check to then look for my permissions.
I'm sure you can do this smae approach to plug in whatever security mechanism you want to use.
Thank you very much. I was thinking about something like that, but didn't know whether I could just extend / wrap it.
I'll give it a go tonight.