Hi Fang zx,

For our project we have the following requirements; which I've been able to achieve in prototype form with JBoss RestEasy:

• A subset of services that augment our main seam application


• Services use the existing functionality provided in SLSB


• Will use the same user database but different login method - i.e. the web application will use a seam login form, services might use basic authentication.

I have been able to sort of get security running by wrapping the RESTEasy Servlet in basic authentication and a custom login config witch authenticates with the same user database as our Seam authenticator, then calls the seam authenticator during the service call to create the identity object. Pretty ugly but it works for experimentation. Interestingly some work had been done integrating Resteasy with seam in it's first release; the current release appears to have this removed.

I would been keen to hear from anyone using a different (better) approach that handles security more elegantly.

I've recently seen a link on the RESTlet forums indicating that they have been doing some work on restlet integration with with seam. I hope to have a look at what's been done shortly.

Keep us informed how you get on.

Cheers Phillip