hi,
i deploy a two portlets in a war file.
the two portlets are in a page, testPage.
when i deploy the war, i can see a tab with my testPage and the 2 portlets.
but I want that this page is only visible for authenticated users.
so in my file-object.xml i use the security-constraint tag like this :
<page> <page-name>testPage</page-name> <security-constraint> <auth-constraint> <role-name>Authenticated</role-name> </auth-constraint> </security-constraint>
</portlet> <portlet> <portlet-name>TestPortletB</portlet-name> <portlet-class>PortletB</portlet-class> <supports> <mime-type>text/html</mime-type> <portlet-mode>VIEW</portlet-mode> </supports> <portlet-info> <title>Test portlet B</title> </portlet-info> <security-role-ref> <role-name>Authenticated</role-name> </security-role-ref> </portlet>
You're missing the action that is allowed. Add an action-name element like:
<security-constraint> <policy-permission> <role-name>Authenticated</role-name> <action-name>view</action-name> </policy-permission> </security-constraint>