as far as i know there are 3 modes to enable security in jboss portal:
/portal/auth/index.html forces the user to login
/portal/sec/index.html switches to a secured (ssl) url
/portal/authsec/index.html forces the user to login and switches to a secured (ssl ) url

i can force the user login if a add a security constratin to my page definition, e.g.
<security-constraint>
<policy-permission>
<role-name>Manager</role-name>
<action-name>view</action-name>
</policy-permission>
</security-constraint>

are there any other settings/constraints to set, to force the url to switch to sec or authsec? how do i configure this? so where do i have to change the configuration to get a secured page?