OK, Not much feedback here :) However, I have made some progress. The default portal page that I log in to contains a number of custom pages and portlets that I have deployed. If I add a security constraint to any of these pages (in the object.xml of the page definiton) where I do not have the stated security role, the page is no longer visible on login. However, in the 'pages' portlet on the default page I can still see a link to the secured page. If I click that link, I get the Http 401 error experienced when trying to open the Admin page. If I change the security setting to be a role I have in LDAP, I can see the pages again as tabs in the default page, all good. This 401 error seems to be returned when I do not have the required role to access the page/resource, a strange error to receive, I thought this error was thrown for BASIC authentication, which I didn't know was being used. I use FORM authentication on portal login. The problem is, I still can't access the Admin page. Now, I'd like to change the role for the Admin page in portal 2.4 to 'Authenticated' to test the security, but can't find an object.xml that defines that page? Without this, I don't know how to change the required role for the admin page. Does anyone know where the Admin page is configured and where the security constraint is for that page? Or, does anyone know the name of the required role (probably Admin?) so I can maybe create that group in LDAP so I can log in to the admin page. Any help would be appreciated. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993773#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...