This question may be easier to answer if you can give us a better idea of your requirements (i.e. "features not possible").
1) I am using credentials that are more complicated than username+password and want the flexibility to arbitrarily alter them without the complication of container managed security. I also need features like the ability to add roles at runtime not in the database (Ex: SuperUser automatically results in the users having every role queried and added to their role list among other things). There are other features likely needed but it is hard to say what those are this early.
2) I know that the container managed security isn't appropriate for this application (It don't need any of the features it provides aside from checking credentials which is a trivially simple task that shouldn't need that much overhead). What used to be easily possible with Seam is totally missing... I need the system to call a method I specify that returns a Boolean true or false if the user authenticated. That method (that I implement) will do the actual check of the credentials and manipulate the roles as needed.
This is my 5th large app... The first to hit this wall because this basic feature was provided by Seam.
Hi, if you want to stick to the seam-like authentication/authorization model, may be this can be suitable for you:
Just a hint to get you an idea, if you dont want to dive deep into cont. security: