If you read my original posting, you'll see that I've already quoted the Jboss Portal Security documentation link. The problem is not that I cannot create a portal page or I cannot assign security constraints. The problem is that the assigned security constraints do not work as expected. I want to force a login before my portal page can be accessed. You've made reference to changing the access permission of the 'default' portal, which is the parent portal of my page. However, nowhere is it documented how the 'default' portal is configured. Is it configured in [JBoss_Home]\server\default\deploy\jboss-portal.sar\portal-server.war\WEB-INF? In that file, there is reference to PortalServletWithPathMapping servlet. Does the security constraints of this servlet need to be changed? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4072705#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...