I would certainly create a JIRA for this one.
wouldn't it overall be a better design not to change the payload of the events in observers? In my view all events should be made immutable, and than stuff like this would never happen.
The AuthorizationCheckEvent is used to loosely couple Seam Faces to Seam Security. Toggling the passed is how the two modules communicate.
For instance whouldn't it be nice to have a new event that would get fired if authorization is ok?? (It could be called something like AuthorizationPassedEvent)
This is indeed the appropriate course of action. Please file a jira requesting this addition. (File it quickly to get it in in time for the upcoming 3.1 release!)
What is going on with this jirra issue? It has been filed more that a month ago, and nobody seems to even noticed/commented/assigned it. To me it seems like a straight forward thing to do in order to increase the quality and usability of seam security module. Also it seems really easy to implement (just add new event, and document that the old one is not safe for usage).