Hello,

looking into the security implementation of the Seam-booking demo (examples/booking), it uses 'authenticate-method' defined in components.xml and 'login-view' defined in pages.xml. These security features work fine in protecting access to specific view-ids, but it is unable to protect access to restricted resources of a web application, like image files.

My questions is, how can one protect anonymous access to protected resources/files that are only accessible to authorized user? Similar to the type of security provided by Tomcat, <security-constraint/>, defined in web.xml?

Thank you.