Okay so the same fix did work in 2.7... just missed an important line along the way. Here is the diff file from the 2.7 svn branch that should add support: http://codingislife.com/share/jbp/guest/JBossPortalGuestRolePatch.diff If you don't feel like recompiling I also have the portal-security-lib.jar: http://codingislife.com/share/jbp/guest/portal-security-lib.jar With this, the role name "Guest" should be active when a person is not logged in. Here is an example of the deployment xml from portlet-instances.xml: | <deployment> | <if-exists>overwrite</if-exists> | <instance> | <instance-id>GuestPortletInstance</instance-id> | <portlet-ref>TestPortlet</portlet-ref> | <security-constraint> | <policy-permission> | <action-name>view</action-name> | <role-name>Guest</role-name> | </policy-permission> | </security-constraint> | </instance> | </deployment> | I didn't try it with page security (as in an -object.xml) but I'd imagine it should work the same. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193108#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...