From e59400ff6752cbe6dac11e20c746431bb345ab24 Mon Sep 17 00:00:00 2001
From: Rafael Benevides <rafabene@gmail.com>
Date: Thu, 22 Nov 2012 05:41:16 -0800
Subject: [PATCH] JDF-158 Add custom authorization example using
 @SecurityBindingType from DeltaSpike

---
 .gitignore                                    |   2 +-
 README.md                                     |   1 -
 deltaspike-security/README.md                 | 100 +++++++++
 deltaspike-security/pom.xml                   | 196 ++++++++++++++++++
 .../deltaspike/security/ErrorController.java  |  50 +++++
 .../security/SecuredController.java           |  72 +++++++
 .../security/annotations/AdminAllowed.java    |  45 ++++
 .../security/annotations/GuestAllowed.java    |  45 ++++
 .../deltaspike/util/CustomAuthorizer.java     |  78 +++++++
 .../deltaspike/util/Resources.java            |  47 +++++
 .../src/main/webapp/WEB-INF/beans.xml         |  28 +++
 .../src/main/webapp/WEB-INF/faces-config.xml  |  18 ++
 .../src/main/webapp/WEB-INF/web.xml           |  51 +++++
 .../src/main/webapp/error.xhtml               |  51 +++++
 .../src/main/webapp/index.html                |  23 ++
 .../src/main/webapp/login-error.xhtml         |  39 ++++
 .../src/main/webapp/login.xhtml               |  45 ++++
 .../src/main/webapp/template.xhtml            |  79 +++++++
 .../src/main/webapp/welcome.xhtml             |  42 ++++
 19 files changed, 1010 insertions(+), 2 deletions(-)
 create mode 100644 deltaspike-security/README.md
 create mode 100644 deltaspike-security/pom.xml
 create mode 100644 deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/ErrorController.java
 create mode 100644 deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/SecuredController.java
 create mode 100644 deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/AdminAllowed.java
 create mode 100644 deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/GuestAllowed.java
 create mode 100644 deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/CustomAuthorizer.java
 create mode 100644 deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/Resources.java
 create mode 100644 deltaspike-security/src/main/webapp/WEB-INF/beans.xml
 create mode 100644 deltaspike-security/src/main/webapp/WEB-INF/faces-config.xml
 create mode 100644 deltaspike-security/src/main/webapp/WEB-INF/web.xml
 create mode 100644 deltaspike-security/src/main/webapp/error.xhtml
 create mode 100644 deltaspike-security/src/main/webapp/index.html
 create mode 100644 deltaspike-security/src/main/webapp/login-error.xhtml
 create mode 100644 deltaspike-security/src/main/webapp/login.xhtml
 create mode 100644 deltaspike-security/src/main/webapp/template.xhtml
 create mode 100644 deltaspike-security/src/main/webapp/welcome.xhtml

diff --git a/.gitignore b/.gitignore
index f7b9ecb8d0..2c1fdb4e1f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,4 +30,4 @@ bin
 *.log
 .clover
 *.swp
-!/wicket-war/src/main/resources/META-INF/MANIFEST.MF
\ No newline at end of file
+!/wicket-war/src/main/resources/META-INF/MANIFEST.MF
diff --git a/README.md b/README.md
index 76b4b28c13..13fae9411a 100644
--- a/README.md
+++ b/README.md
@@ -617,4 +617,3 @@ When instructed to use Byteman to halt the application, perform the following st
  
 When you are done testing the quickstart, remember to restore the configuration file with the backup copy you made in step 2 above.
 
-
diff --git a/deltaspike-security/README.md b/deltaspike-security/README.md
new file mode 100644
index 0000000000..7ebf3964b5
--- /dev/null
+++ b/deltaspike-security/README.md
@@ -0,0 +1,100 @@
+jboss-as-deltaspike-projectstage: Demonstrate the creation of a custom authorization example using @SecurityBindingType from DeltaSpike
+======================================================
+Author: Rafael Benevides
+Level: Beginner
+Technologies: JSF, CDI, Deltaspike
+Summary: Demonstrate the creation of a custom authorization example using @SecurityBindingType from DeltaSpike
+Prerequisites: 
+Target Product: WFK
+
+What is it?
+-----------
+
+SecurityBinding is a feature of the security module that acts by intercepting method calls, and performing a security check before invocation is allowed to proceed.
+
+To use it, it's needed to create a security parameter binding annotation. In this application we created `@AdminAllowed` and `@GuestAllowed` annotations.
+
+The application also defines an `Authorizer` class that implements behavior for both `SecurityBindingType`. This class is simply a CDI bean which declares a @Secures method, qualified with the security binding annotation we created.
+
+This `Authorizer` is integrated with JAAS so the check is delegated to JAAS API through `FacesContext`, but any other ways to check if the method is allowed could be used. 
+
+Both annotations was applied to methods on `SecuredController` class.
+
+
+System requirements
+-------------------
+
+All you need to build this project is Java 6.0 (Java SDK 1.6) or better, Maven 3.0 or better.
+
+The application this project produces is designed to be run on JBoss Enterprise Application Platform 6 or JBoss AS 7. 
+
+ 
+Configure Maven
+---------------
+
+If you have not yet done so, you must [Configure Maven](../README.md#mavenconfiguration) before testing the quickstarts.
+
+
+
+Add an Application User
+----------------
+This quickstart uses secured management interfaces and requires that you create an application user to access the running application. Instructions to set up the quickstart application user can be found here: [Add an Application User](../README.md#addapplicationuser)
+
+
+Start JBoss Enterprise Application Platform 6 or JBoss AS 7
+-------------------------
+
+1. Open a command line and navigate to the root of the JBoss server directory.
+2. The following shows the command line to start the server with the web profile:
+
+        For Linux:   JBOSS_HOME/bin/standalone.sh
+        For Windows: JBOSS_HOME\bin\standalone.bat
+
+Build and Deploy the Quickstart
+-------------------------
+
+_NOTE: The following build command assumes you have configured your Maven user settings. If you have not, you must include Maven setting arguments on the command line. See [Build and Deploy the Quickstarts](../README.md#buildanddeploy) for complete instructions and additional options._
+
+1. Make sure you have started the JBoss Server as described above.
+2. Open a command line and navigate to the root directory of this quickstart.
+3. Type this command to build and deploy the archive:
+
+        mvn clean package jboss-as:deploy
+4. This will deploy `target/jboss-as-deltaspike-security.war` to the running instance of the server.
+
+Access the application
+---------------------
+
+Access the running application in a browser at the following URL:  <localhost:8080/jboss-as-deltaspike-security/>
+
+When you try to access the application, you're redirected to a Login form already filled. (remember to setup the Application User).
+
+Log in application and you see the secured page showing your username and two buttons. 
+
+Click on `Guest Method` button and realize that you will see the following message: `You executed a @GuestAllowed method`.
+
+Now, click on `Admin Method` button and you will be redirected to a error page with the following exception: `org.apache.deltaspike.security.api.authorization.AccessDeniedException`
+        
+Undeploy the Archive
+--------------------
+
+1. Make sure you have started the JBoss Server as described above.
+2. Open a command line and navigate to the root directory of this quickstart.
+3. When you are finished testing, type this command to undeploy the archive:
+
+        mvn jboss-as:undeploy
+
+
+Run the Quickstart in JBoss Developer Studio or Eclipse
+-------------------------------------
+
+You can also start the server and deploy the quickstarts from Eclipse using JBoss tools. For more information, see [Use JBoss Developer Studio or Eclipse to Run the Quickstarts](../README.md#useeclipse) 
+
+Debug the Application
+------------------------------------
+
+If you want to debug the source code or look at the Javadocs of any library in the project, run either of the following commands to pull them into your local repository. The IDE should then detect them.
+
+    mvn dependency:sources
+    mvn dependency:resolve -Dclassifier=javadoc
+
diff --git a/deltaspike-security/pom.xml b/deltaspike-security/pom.xml
new file mode 100644
index 0000000000..71c4eaaa13
--- /dev/null
+++ b/deltaspike-security/pom.xml
@@ -0,0 +1,196 @@
+<?xml version="1.0"?>
+<!-- JBoss, Home of Professional Open Source Copyright 2012, Red Hat, Inc. 
+    and/or its affiliates, and individual contributors by the @authors tag. See 
+    the copyright.txt in the distribution for a full listing of individual contributors. 
+    Licensed under the Apache License, Version 2.0 (the "License"); you may not 
+    use this file except in compliance with the License. You may obtain a copy 
+    of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+    by applicable law or agreed to in writing, software distributed under the 
+    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+    OF ANY KIND, either express or implied. See the License for the specific 
+    language governing permissions and limitations under the License. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.jboss.as.quickstarts</groupId>
+    <artifactId>jboss-as-deltaspike-security</artifactId>
+    <version>7.1.2-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <name>JBoss AS Quickstarts: DeltaSpike Security</name>
+    <description>DeltaSpike Security: shows a custom authorization example using @SecurityBindingType from DeltaSpike</description>
+
+    <url>http://jboss.org/jbossas</url>
+    <licenses>
+        <license>
+            <name>Apache License, Version 2.0</name>
+            <distribution>repo</distribution>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
+        </license>
+    </licenses>
+
+    <properties>
+        <!-- Explicitly declaring the source encoding eliminates the following 
+            message: -->
+        <!-- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered 
+            resources, i.e. build is platform dependent! -->
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+        <!-- JBoss dependency versions -->
+        <version.org.jboss.as.plugins.maven.plugin>7.3.Final</version.org.jboss.as.plugins.maven.plugin>
+        <version.org.jboss.bom>1.0.4.CR4</version.org.jboss.bom>
+
+        <!-- other plugin versions -->
+        <version.compiler.plugin>2.3.1</version.compiler.plugin>
+        <version.war.plugin>2.1.1</version.war.plugin>
+
+        <!-- maven-compiler-plugin -->
+        <maven.compiler.target>1.6</maven.compiler.target>
+        <maven.compiler.source>1.6</maven.compiler.source>
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <!-- JBoss distributes a complete set of Java EE 6 APIs including 
+                a Bill of Materials (BOM). A BOM specifies the versions of a "stack" (or 
+                a collection) of artifacts. We use this here so that we always get the correct 
+                versions of artifacts. Here we use the jboss-javaee-6.0-with-deltaspike stack 
+                (you can read this as the JBoss stack of the Java EE 6 APIs with Deltaspike). 
+                You can actually use this stack with any version of JBoss AS that implements 
+                Java EE 6, not just JBoss AS 7! -->
+            <dependency>
+                <groupId>org.jboss.bom</groupId>
+                <artifactId>jboss-javaee-6.0-with-deltaspike</artifactId>
+                <version>${version.org.jboss.bom}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+
+        <!-- Import the Servlet API, we use provided scope as the API is included 
+            in JBoss AS 7 -->
+        <dependency>
+            <groupId>org.jboss.spec.javax.servlet</groupId>
+            <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Import the CDI API, we use provided scope as the API is included 
+            in JBoss AS 7 -->
+        <dependency>
+            <groupId>javax.enterprise</groupId>
+            <artifactId>cdi-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Import the Common Annotations API (JSR-250), we use provided 
+            scope as the API is included in JBoss AS 7 -->
+        <dependency>
+            <groupId>org.jboss.spec.javax.annotation</groupId>
+            <artifactId>jboss-annotations-api_1.1_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Import the JSF API, we use provided scope as the API is included 
+            in JBoss AS 7 -->
+        <dependency>
+            <groupId>org.jboss.spec.javax.faces</groupId>
+            <artifactId>jboss-jsf-api_2.1_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Import the JPA API, we use provided scope as the API is included 
+            in JBoss AS 7 -->
+        <dependency>
+            <groupId>org.hibernate.javax.persistence</groupId>
+            <artifactId>hibernate-jpa-2.0-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Import the JPA API, we use provided scope as the API is included 
+            in JBoss AS 7 -->
+        <dependency>
+            <groupId>org.jboss.spec.javax.transaction</groupId>
+            <artifactId>jboss-transaction-api_1.1_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Import the EJB API, we use provided scope as the API is included 
+            in JBoss AS 7 -->
+        <dependency>
+            <groupId>org.jboss.spec.javax.ejb</groupId>
+            <artifactId>jboss-ejb-api_3.1_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Deltaspike API. we use compile scope as we need its API -->
+        <dependency>
+            <groupId>org.apache.deltaspike.core</groupId>
+            <artifactId>deltaspike-core-api</artifactId>
+            <scope>compile</scope>
+        </dependency>
+
+        <!-- Deltaspike Impl. we use runtime scope as we its implementation 
+            dependencies only on runtime -->
+        <dependency>
+            <groupId>org.apache.deltaspike.core</groupId>
+            <artifactId>deltaspike-core-impl</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+        <!-- Deltaspike Security Module API. we use compile scope as we need 
+            its API -->
+        <dependency>
+            <groupId>org.apache.deltaspike.modules</groupId>
+            <artifactId>deltaspike-security-module-api</artifactId>
+            <scope>compile</scope>
+        </dependency>
+
+        <!-- Deltaspike Security Impl. we use runtime scope as we its implementation 
+            dependencies only on runtime -->
+        <dependency>
+            <groupId>org.apache.deltaspike.modules</groupId>
+            <artifactId>deltaspike-security-module-impl</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <!-- Set the name of the war, used as the context root when the app 
+            is deployed -->
+        <finalName>${project.artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <artifactId>maven-war-plugin</artifactId>
+                <version>${version.war.plugin}</version>
+                <configuration>
+                    <!-- Java EE 6 doesn't require web.xml, Maven needs to 
+                        catch up! -->
+                    <failOnMissingWebXml>false</failOnMissingWebXml>
+                </configuration>
+            </plugin>
+            <!-- JBoss AS plugin to deploy war -->
+            <plugin>
+                <groupId>org.jboss.as.plugins</groupId>
+                <artifactId>jboss-as-maven-plugin</artifactId>
+                <version>${version.org.jboss.as.plugins.maven.plugin}</version>
+            </plugin>
+            <!-- Compiler plugin enforces Java 1.6 compatibility and activates 
+                annotation processors -->
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>${version.compiler.plugin}</version>
+                <configuration>
+                    <source>${maven.compiler.source}</source>
+                    <target>${maven.compiler.target}</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
+
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/ErrorController.java b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/ErrorController.java
new file mode 100644
index 0000000000..e1822ab053
--- /dev/null
+++ b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/ErrorController.java
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.quickstarts.deltaspike.security;
+
+import javax.enterprise.inject.Model;
+import javax.faces.context.FacesContext;
+
+/**
+ * @author <a href="mailto:benevides@redhat.com">Rafael Benevides</a>
+ * 
+ */
+//The @Model stereotype is a convenience mechanism to make this a request-scoped bean that has an
+//EL name
+//Read more about the @Model stereotype in this FAQ:
+//http://sfwk.org/Documentation/WhatIsThePurposeOfTheModelAnnotation
+@Model
+public class ErrorController {
+    
+    //This method return the stack trace string from the Exception
+    public String getStackTrace() {
+        Throwable throwable = (Throwable)  FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get("javax.servlet.error.exception");
+        StringBuilder builder = new StringBuilder();
+        builder.append(throwable.getMessage()).append("\n");
+        for (StackTraceElement element : throwable.getStackTrace()) {
+            builder.append(element).append("\n");
+        }
+        return builder.toString();
+    }
+
+}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/SecuredController.java b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/SecuredController.java
new file mode 100644
index 0000000000..3f46aa5053
--- /dev/null
+++ b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/SecuredController.java
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.quickstarts.deltaspike.security;
+
+import java.io.IOException;
+
+import javax.enterprise.inject.Model;
+import javax.faces.application.FacesMessage;
+import javax.faces.context.FacesContext;
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.jboss.as.quickstarts.deltaspike.security.annotations.AdminAllowed;
+import org.jboss.as.quickstarts.deltaspike.security.annotations.GuestAllowed;
+
+/**
+ * @author <a href="mailto:benevides@redhat.com">Rafael Benevides</a>
+ * 
+ */
+// The @Model stereotype is a convenience mechanism to make this a request-scoped bean that has an
+// EL name
+// Read more about the @Model stereotype in this FAQ:
+// http://sfwk.org/Documentation/WhatIsThePurposeOfTheModelAnnotation
+@Model
+public class SecuredController {
+
+    @Inject
+    private FacesContext facesContext;
+
+    //This method is allowed only to users with Guest role
+    @GuestAllowed
+    public void guestMethod() {
+        facesContext.addMessage(null, new FacesMessage("You executed a @GuestAllowed method"));
+    }
+
+    //This method is allowed only to users with Admin role
+    @AdminAllowed
+    public void adminMethod() {
+        facesContext.addMessage(null, new FacesMessage("You executed a @AdminAllowed method"));
+    }
+    
+    //Invalidate the session and send a redirect to index.html
+    public void logout() throws IOException {
+        HttpSession session = (HttpSession) facesContext.getExternalContext().getSession(false);
+        session.invalidate();
+        HttpServletResponse response = (HttpServletResponse) facesContext.getExternalContext().getResponse();
+        response.sendRedirect("index.html");
+        facesContext.responseComplete();
+    }
+
+}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/AdminAllowed.java b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/AdminAllowed.java
new file mode 100644
index 0000000000..bc306c6f7a
--- /dev/null
+++ b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/AdminAllowed.java
@@ -0,0 +1,45 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.quickstarts.deltaspike.security.annotations;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
+
+/**
+ * This annotation is used to to add security behavior to our business classes and methods
+ * 
+ * @author <a href="mailto:benevides@redhat.com">Rafael Benevides</a>
+ * 
+ */
+@Retention(value = RetentionPolicy.RUNTIME)
+@Target({ ElementType.TYPE, ElementType.METHOD })
+@Documented
+@SecurityBindingType
+public @interface AdminAllowed {
+
+}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/GuestAllowed.java b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/GuestAllowed.java
new file mode 100644
index 0000000000..00ea6e6cf3
--- /dev/null
+++ b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/security/annotations/GuestAllowed.java
@@ -0,0 +1,45 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.quickstarts.deltaspike.security.annotations;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import org.apache.deltaspike.security.api.authorization.annotation.SecurityBindingType;
+
+/**
+ * This annotation is used to to add security behavior to our business classes and methods
+ * 
+ * @author <a href="mailto:benevides@redhat.com">Rafael Benevides</a>
+ * 
+ */
+@Retention(value = RetentionPolicy.RUNTIME)
+@Target({ ElementType.TYPE, ElementType.METHOD })
+@Documented
+@SecurityBindingType
+public @interface GuestAllowed {
+
+}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/CustomAuthorizer.java b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/CustomAuthorizer.java
new file mode 100644
index 0000000000..fb6a1dd1e8
--- /dev/null
+++ b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/CustomAuthorizer.java
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.quickstarts.deltaspike.util;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.faces.context.FacesContext;
+import javax.inject.Inject;
+import javax.interceptor.InvocationContext;
+
+import org.apache.deltaspike.security.api.authorization.annotation.Secures;
+import org.jboss.as.quickstarts.deltaspike.security.annotations.AdminAllowed;
+import org.jboss.as.quickstarts.deltaspike.security.annotations.GuestAllowed;
+
+/**
+ * This Authorizer class implements behavior for our custom SecurityBindingType. This class is simply a CDI bean which declares
+ * a @Secures method, qualified with the security binding annotation.
+ * 
+ * @author <a href="mailto:benevides@redhat.com">Rafael Benevides</a>
+ * 
+ */
+@ApplicationScoped
+public class CustomAuthorizer {
+
+    @Inject
+    private FacesContext facesContext;
+
+    /**
+     * This method is used to check if classes and methods annotated with {@link AdminAllowed} can perform
+     * the operation or not
+     * 
+     * @param invocationContext
+     * @param manager
+     * @return true if the user can execute the method or class
+     * @throws Exception
+     */
+    @Secures
+    @AdminAllowed
+    public boolean doAdminCheck(InvocationContext invocationContext, BeanManager manager) throws Exception {
+        return facesContext.getExternalContext().isUserInRole("admin");
+    }
+
+    /**
+     * This method is used to check if classes and methods annotated with {@link GuestAllowed} can perform
+     * the operation or not
+     * 
+     * @param invocationContext
+     * @param manager
+     * @return true if the user can execute the method or class
+     * @throws Exception
+     */
+    @Secures
+    @GuestAllowed
+    public boolean doGuestCheck(InvocationContext invocationContext, BeanManager manager) throws Exception {
+        return facesContext.getExternalContext().isUserInRole("guest");
+    }
+
+}
diff --git a/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/Resources.java b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/Resources.java
new file mode 100644
index 0000000000..e3cd2489c1
--- /dev/null
+++ b/deltaspike-security/src/main/java/org/jboss/as/quickstarts/deltaspike/util/Resources.java
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+ * contributors by the @authors tag. See the copyright.txt in the 
+ * distribution for a full listing of individual contributors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,  
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jboss.as.quickstarts.deltaspike.util;
+
+import java.util.logging.Logger;
+
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.inject.Produces;
+import javax.enterprise.inject.spi.InjectionPoint;
+import javax.faces.context.FacesContext;
+import javax.inject.Named;
+
+/**
+ * This class uses CDI to alias Java EE resources, such as the persistence context, to CDI beans
+ * 
+ */
+public class Resources {
+
+    
+    @Produces
+    public Logger produceLog(InjectionPoint injectionPoint) {
+        return Logger.getLogger(injectionPoint.getMember().getDeclaringClass().getName());
+    }
+
+    @Named
+    @Produces
+    @RequestScoped
+    public FacesContext getFacesContext() {
+        return FacesContext.getCurrentInstance();
+    }
+
+
+}
diff --git a/deltaspike-security/src/main/webapp/WEB-INF/beans.xml b/deltaspike-security/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000000..eb6983b607
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/WEB-INF/beans.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+JBoss, Home of Professional Open Source
+Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+contributors by the @authors tag. See the copyright.txt in the 
+distribution for a full listing of individual contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+    <!-- 
+        We define the Security Interceptor
+        According to CDI spec 1.0 (9.5. Interceptor resolution) 
+        "An interceptor is bound to a method if: [....] 
+        The interceptor is enabled in the bean archive containing the bean." -->
+    <interceptors>
+        <class>org.apache.deltaspike.security.impl.extension.SecurityInterceptor</class>
+    </interceptors>
+</beans>
\ No newline at end of file
diff --git a/deltaspike-security/src/main/webapp/WEB-INF/faces-config.xml b/deltaspike-security/src/main/webapp/WEB-INF/faces-config.xml
new file mode 100644
index 0000000000..0ac9d884ee
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/WEB-INF/faces-config.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- JBoss, Home of Professional Open Source Copyright 2012, Red Hat, Inc. 
+    and/or its affiliates, and individual contributors by the @authors tag. See 
+    the copyright.txt in the distribution for a full listing of individual contributors. 
+    Licensed under the Apache License, Version 2.0 (the "License"); you may not 
+    use this file except in compliance with the License. You may obtain a copy 
+    of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+    by applicable law or agreed to in writing, software distributed under the 
+    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+    OF ANY KIND, either express or implied. See the License for the specific 
+    language governing permissions and limitations under the License. -->
+<!-- This file is not required if you don't need any extra configuration. -->
+<faces-config xmlns="http://java.sun.com/xml/ns/javaee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd"
+    version="2.1">
+    <!-- This descriptor activates the JSF 2.0 Servlet -->
+</faces-config>
diff --git a/deltaspike-security/src/main/webapp/WEB-INF/web.xml b/deltaspike-security/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000000..2aeeab3bd5
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- JBoss, Home of Professional Open Source Copyright 2012, Red Hat, Inc. 
+    and/or its affiliates, and individual contributors by the @authors tag. See 
+    the copyright.txt in the distribution for a full listing of individual contributors. 
+    Licensed under the Apache License, Version 2.0 (the "License"); you may not 
+    use this file except in compliance with the License. You may obtain a copy 
+    of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required 
+    by applicable law or agreed to in writing, software distributed under the 
+    License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS 
+    OF ANY KIND, either express or implied. See the License for the specific 
+    language governing permissions and limitations under the License. -->
+<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+
+    <!-- Redirect any 500 Error Code to /error.jsf -->
+    <error-page>
+        <error-code>500</error-code>
+        <location>/error.jsf</location>
+    </error-page>
+
+    <!-- Apply security to all pages -->
+    <security-constraint>
+        <display-name>secure resource</display-name>
+        <web-resource-collection>
+            <web-resource-name>welcome page</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>guest</role-name>
+            <role-name>admin</role-name>
+        </auth-constraint>
+    </security-constraint>
+    
+    <!-- Configure form authentication -->
+    <login-config>
+        <auth-method>FORM</auth-method>
+        <form-login-config>
+            <form-login-page>/login.jsf</form-login-page>
+            <form-error-page>/login-error.jsf</form-error-page>
+        </form-login-config>
+    </login-config>
+    
+    <!-- Define application roles -->
+    <security-role>
+        <role-name>admin</role-name>
+    </security-role>
+    <security-role>
+        <role-name>guest</role-name>
+    </security-role>
+</web-app>
diff --git a/deltaspike-security/src/main/webapp/error.xhtml b/deltaspike-security/src/main/webapp/error.xhtml
new file mode 100644
index 0000000000..55809b052c
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/error.xhtml
@@ -0,0 +1,51 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+JBoss, Home of Professional Open Source
+Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+contributors by the @authors tag. See the copyright.txt in the 
+distribution for a full listing of individual contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:h="http://java.sun.com/jsf/html"
+      xmlns:f="http://java.sun.com/jsf/core"
+      xmlns:ui="http://java.sun.com/jsf/facelets">
+
+	<!-- 
+		Replace path to template, title, header and body
+		with actual data.
+	 -->
+	<ui:composition template="/template.xhtml">
+			<ui:define name="pageTitle">Error!!!</ui:define>
+			<ui:define name="pageHeader">An error has occurred:</ui:define>
+			<ui:define name="body">
+                <h:form>
+    			   The error message is:  
+                   <b>
+                        #{requestScope['javax.servlet.error.message']}  
+                   </b>
+                   <p />
+                        <h:commandButton value="Back" action="/welcome.jsf" /> 
+                   <p /> 
+                   <font color="RED">  
+                        Please show the system administator the error below.  
+                   </font>  
+                   <p />  
+                   <textarea rows="30" cols="100">  
+                       <h:outputText escape="false" value="#{errorController.stackTrace}"/>  
+                   </textarea>  
+                   <p />
+               </h:form>
+			</ui:define>
+	</ui:composition>
+
+</html>
\ No newline at end of file
diff --git a/deltaspike-security/src/main/webapp/index.html b/deltaspike-security/src/main/webapp/index.html
new file mode 100644
index 0000000000..a9fb6fbfc3
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/index.html
@@ -0,0 +1,23 @@
+<!--
+JBoss, Home of Professional Open Source
+Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+contributors by the @authors tag. See the copyright.txt in the 
+distribution for a full listing of individual contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!-- Plain HTML page that kicks us into the app -->
+
+<html>
+<head>
+<meta http-equiv="Refresh" content="0; URL=welcome.jsf">
+</head>
+</html>
diff --git a/deltaspike-security/src/main/webapp/login-error.xhtml b/deltaspike-security/src/main/webapp/login-error.xhtml
new file mode 100644
index 0000000000..ca6e91c6b0
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/login-error.xhtml
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+JBoss, Home of Professional Open Source
+Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+contributors by the @authors tag. See the copyright.txt in the 
+distribution for a full listing of individual contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core"
+    xmlns:ui="http://java.sun.com/jsf/facelets">
+
+<!-- 
+		Replace path to template, title, header and body
+		with actual data.
+	 -->
+<ui:composition template="/template.xhtml">
+    <ui:define name="pageTitle">Login error</ui:define>
+    <ui:define name="pageHeader">Invalid user name or password</ui:define>
+    <ui:define name="body">
+        <p style="text-align: justify;">
+            Please enter a user name or password that is authorized to access this application.
+            <br/>
+            To create a application user, see the following <a target="_blank" href="http://www.jboss.org/jdf/quickstarts/jboss-as-quickstart/#addapplicationuser">instructions</a>.
+            <br /><br />
+            Click here to <a href="welcome.jsf">Try Again</a>
+        </p>
+    </ui:define>
+</ui:composition>
+
+</html>
\ No newline at end of file
diff --git a/deltaspike-security/src/main/webapp/login.xhtml b/deltaspike-security/src/main/webapp/login.xhtml
new file mode 100644
index 0000000000..28df298624
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/login.xhtml
@@ -0,0 +1,45 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+JBoss, Home of Professional Open Source
+Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+contributors by the @authors tag. See the copyright.txt in the 
+distribution for a full listing of individual contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core"
+    xmlns:ui="http://java.sun.com/jsf/facelets">
+
+<!-- 
+		Replace path to template, title, header and body
+		with actual data.
+	 -->
+<ui:composition template="/template.xhtml">
+    <ui:define name="pageTitle">Login</ui:define>
+    <ui:define name="pageHeader">Login</ui:define>
+    <ui:define name="body">
+        <form name="foo" action="j_security_check" method="post">
+            <table>
+                <tr>
+                    <td>Username:</td>
+                    <td><input type="text" name="j_username" value="quickstartUser" /></td>
+                </tr>
+                <tr>
+                    <td>Password:</td>
+                    <td><input type="password" name="j_password" value="quickstartPassword"/></td>
+                </tr>
+            </table>
+            <input type="submit" value="Login" />
+        </form>
+    </ui:define>
+</ui:composition>
+
+</html>
\ No newline at end of file
diff --git a/deltaspike-security/src/main/webapp/template.xhtml b/deltaspike-security/src/main/webapp/template.xhtml
new file mode 100644
index 0000000000..59d7bc5fba
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/template.xhtml
@@ -0,0 +1,79 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+JBoss, Home of Professional Open Source
+Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+contributors by the @authors tag. See the copyright.txt in the 
+distribution for a full listing of individual contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:h="http://java.sun.com/jsf/html"
+      xmlns:f="http://java.sun.com/jsf/core"
+      xmlns:ui="http://java.sun.com/jsf/facelets">
+		<head>
+		<title><ui:insert name="pageTitle">Page Title</ui:insert></title>
+		<style type="text/css">
+			body {
+				  font-family: Verdana, Arial, Helvetica, sans-serif;
+				  font-size: 14px;
+			}
+			.header {
+				  font-family: Verdana, Arial, Helvetica, sans-serif;
+				  font-size: 18px;
+			}
+			.bottom {
+				  font-family: Verdana, Arial, Helvetica, sans-serif;
+				  font-size: 9px;
+				  text-align: center;
+				  vertical-align: middle;
+				  color: #8E969D;
+			}
+		</style>
+		</head>
+
+<body bgcolor="#ffffff">
+<table style="border:1px solid #CAD6E0"  align="center" cellpadding="0" cellspacing="0" border="0" width="1000">
+<tbody>
+
+	<tr>
+		<td class="header" height="42" align="center" valign="middle" width="100%" bgcolor="#E4EBEB">
+			<ui:insert name="pageHeader">Page Header</ui:insert>
+		</td>
+	</tr>
+	<tr>
+		<td height="1" width="100%" bgcolor="#CAD6E0"></td>
+	</tr>	
+
+	<tr>
+		<td width="100%"  colspan="2">
+			<table width="100%" style="height:150px" align="left" cellpadding="0" cellspacing="0" border="0">
+			<tbody>
+				<tr>
+					<td align="center" width="100%" valign="middle">
+					<h:messages globalOnly="true"/>
+					<ui:insert name="body">Page Body</ui:insert>
+					
+					</td>
+				</tr>
+			</tbody>
+			</table>
+		</td>
+	</tr>	
+	
+	<tr>
+		<td colspan="2"  valign="bottom" height="1" width="100%" bgcolor="#CAD6E0"></td>
+	</tr>
+</tbody>
+</table>
+</body>
+		
+</html>
\ No newline at end of file
diff --git a/deltaspike-security/src/main/webapp/welcome.xhtml b/deltaspike-security/src/main/webapp/welcome.xhtml
new file mode 100644
index 0000000000..998134c750
--- /dev/null
+++ b/deltaspike-security/src/main/webapp/welcome.xhtml
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--
+JBoss, Home of Professional Open Source
+Copyright 2012, Red Hat, Inc. and/or its affiliates, and individual
+contributors by the @authors tag. See the copyright.txt in the 
+distribution for a full listing of individual contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,  
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<html xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:h="http://java.sun.com/jsf/html"
+      xmlns:f="http://java.sun.com/jsf/core"
+      xmlns:ui="http://java.sun.com/jsf/facelets">
+
+	<!-- 
+		Replace path to template, title, header and body
+		with actual data.
+	 -->
+	<ui:composition template="/template.xhtml">
+			<ui:define name="pageTitle">Welcome</ui:define>
+			<ui:define name="pageHeader">Welcome to the secured page!</ui:define>
+			<ui:define name="body">
+                 <h:form>
+    			     Welcome <b>#{facesContext.externalContext.userPrincipal.name}</b>!
+                     <h:commandButton value="Logout" action="#{securedController.logout()}" />
+                     <p />
+                     Execute some action:                  
+                     <h:commandButton value="Guest Method" action="#{securedController.guestMethod()}" />
+                     <h:commandButton value="Admin Method" action="#{securedController.adminMethod()}" />
+                 </h:form>
+			</ui:define>
+	</ui:composition>
+
+</html>
\ No newline at end of file