Look in the JSR-168 how to set security constraints on portal objects. or look in the default portal descriptor files (default-object.xml), looking for "security-constraint" xml item. but by example, you may not see all of it. and the jboss portal ref doc. for a page, visible or not, add a security-constraint item a the end of the page descriptor. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4037829#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...