Have you configured exception handling in pages.xml ? Show it. If so then failing gracefully means redirecting user to either login or error view.
Yes, I have (below) and the redirection works. But that doesn't prevent the ERROR severity message in my application's logs.
<exception class="org.jboss.seam.security.AuthorizationException"> <redirect view-id="/authorizationFailed.xhtml"> <message severity="WARN">You do not have the permission necessary to perform this action.</message> </redirect> </exception>
The <exception> tag has attributes which can be used to control logging of the exception.