@Restrict works fine on pojos. Maybe the documentation is talking about EJB-style security (which I know nothing about), not Seam security.
That's what I thought. The documentation needs to be corrected or clarified. "Declarative security" sounds like JBoss Rules-based security, using the @Restrict annotation.
I just wanted to confirm that before I build this system on 90% POJOs, because it's going to use Drools security rules for everything.
(I'm going through the Drools docs right now learning how to build a rules file.)
Cool. I'm using a pojo system with drools security rules, too. I really like drools-based security; Shane did a great job with it.