Hello. I'm using portal 2.4.1 on 4.0.5GA. I recently got my LDAP authentication working and started trying out the security constraints. Everything was working until I removed my test user from the "Authenticated' group in LDAP. At first my credentials were cached, but I blew away the hypersonic database and tried to login again and was correctly denied viewing a portlet that required the "Authenticated" role. Now I can't get it to work correctly again. I have changed the security constraint to "Admin" in hopes that would get me somewhere, as my users can login and see the Admin tab on the web console, but I'm still not about to see my portlet. Am i missing a cache of old credentials somewhere? DefaultCacheTimeout is set to zero. This is the stack trace I'm seeing: 15:22:53,395 ERROR [PortalPermissionCollection] Permission check against the rep | ository failed | java.lang.IllegalArgumentException: Illegal action viewrecursive | at org.jboss.portal.core.model.instance.InstancePermission.addAction(Ins | tancePermission.java:117) | ... | And finally, for a brief time I added this to my login-config.xml ( not sure if this is relevant): <!-- Add this line to your login-config.xml to include the ClientLoginModule propogation --> | <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> Thanks! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4035146#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...