There is an open source project called acegi-ext which provides integration support for Acegi Security Framework within portlets. You can use all authorization features of Acegi Security in your portlets deployed into JBoss Portal 2.6.1.

There is also a documentation about how this integration is achieved as well as samples which demonstrate use of security features within portlet applications.

You can also find additional expalanations and support form blog of project's creator.