This I tried on 2.7.1.GA. I created a new portal called "prabhat" using admin ui. Saw the default security was view-recursive and personalize-recursive for "role unchecked". I made "prabhat" portal the default portal. I signed out as admin. I am taken to the page http://host:8080/portal/portal/prabhat. As you can see there is no "auth" in url and I was able to access it without logging in. I am too tired to dig more but this is a very common use case. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4203848#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...