Hi everybody.
Can anybody help me with a portal security issue?

The question is how to secure different portal instances with different security domains.

For an example I took JBoss demo portal as it is.
Then I have deployed "helloworldportal.war" (mentioned in portal documentation) under "jboss-portal.sar" directory.

Demo portal uses the following security domain (specified in jboss-web.xml file under "portal-server.war"/WEB-INF dir):
<security-domain>java:jaas/portal</security-domain>

For "helloworldportal.war" portal I want to use different security domain.
I have defined "application-policy" in login-config.xml file:
<application-policy name="testportal">
....

And in the file helloworldportal.war/WEB-INF/jboss-web.xml have specified security domain:
<security-domain>java:jaas/testportal</security-domain>
Also for "helloworldportal.war" portal have specified security constraints (in helloworldportal.war/WEB-INF/web.xml file):
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated</web-resource-name>

<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss Portal</realm-name>
</login-config>
<security-role>
<role-name>Authenticated</role-name>
</security-role>

Now when I go to url:

http://localhost:8080/portal/portal/HelloPortal/fooPage

nothing happens - my security constraints are ignored.
Could somebody hint what is wrong or how to solve the issue?

Thanks in advance,
Siarhei Baidun