[jboss-dev-forums] [Design of JBoss Portal] - setting security constraint for portal pagess

I have a couple of questions regarding setting security for portal pages: 1) In my *-object.xml I have the following configuration: | ... | <page> | <page-name>MyPage</page-name> | ... | <security-constraint> | <policy-permission> | <role-name>User</role-name> | <action-name>viewrecursive</action-name> | </policy-permission> | </security-constraint> | </page> | ... | I was hoping that with this, I could restrict access to the portal page with URL /portal/..../MyPage. But unfortunately, this does not seem to work. I have read the JSR000168, and both the Portal reference and user manuals for 2.4. 2) Do security constraint on portlet instances overwrite those of the constraints set for the page? 3) Can I have multiple <policy-permissions> or multiple <security-constraints>? (I could find a scheme for the *-object.xml file.) 4) Is it possible to specify the security-domain for the security constraints set in *-object.xml, i.e. different from the security-domain of the portal? Many thanks, pieter View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968354#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...