Security is a central concern is Seam. There are no extra JARs you need. It is baked into the core. You can implement one method and bang, you have authentication. In Seam 2.1, there is an entire security management API that goes beyond what I have ever seen, including Spring Security. Then the Drools stuff is just so powerful that you could fine tune security down to the middle name of a person.