Thanks for your feedback!
This looks like a bug to me. We shouldn't display the page (even briefly) if the user doesn't have the permission (or isn't authenticated). Can you create a JIRA for this?
Yes, if we stick to the current security approach we will upgrade to whatever WildFly is using. There's currently another issue with this when deploying errai-security to WildFly: https://issues.jboss.org/browse/ERRAI-683
We are currently working towards the 3.0.0.M4 release. After that the plan is to pick up work on Errai Security again. If you want to contribute a fix and send a pull request for any of these issues you're more than welcome!
Also, we're eagerly looking for more feedback on the Errai Security module. So, if you have any ideas/suggestions please let us know as well.
Thanks for the reply Christian, I'll put together some example code that reproduces the issue and submit a Jira issue for it. And if I can figure out any changes that might help I'll definitely submit a pull request.
If I can pull together any constructive feedback on the security module I will definitely share it as well.
We've put some more work into Errai Security, and I wanted to let you know that your issue #1 is now fixed on the Errai 3.0-SNAPSHOT.
I will also be looking into your second issue shortly and intend to upgrade the picketlink version before our next release.
I just tested this and it works like a charm! Thanks a lot!