Hi all, I have deployed HelloWorldPortlet (avaialble at portletSwap.com) on JBoss Portal 2.6. Now I need to make this portlet secured so that only users from the roles defined in portlet-instance.xml can access this portlet. I have made proper entries for security-constraints in portlet-instances.xml but to no avail. Any user can access the portlet. The entry I made look like this: <instance-id>AJAXSearchViewerPortletInstance</instance-id> <portlet-ref>AJAXSearchViewerPortlet</portlet-ref> <security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>admin</action-name> </policy-permission> </security-constraint> Question: 1. Just making an entry in portlet-instance.xml would do? 2. Or I need to do this programmatically? if so please provide references. Thanks, Shakti View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4137332#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...