Hello,
can someone help me to understand the authentication mechanism?
I've deployed a custom portal and now I wish to add a login feature using the same authentication method of the UserPortlet but without using it (because I don't want "guests" registers their own accounts).
I wrote a login.jsp and a loginfailure.jsp and I added the following lines to my web.xml:

 <resource-ref>
 <res-ref-name>jdbc/PortalDS</res-ref-name>
 <res-type>javax.sql.DataSource</res-type>
 <res-auth>Container</res-auth>
 <res-sharing-scope>Shareable</res-sharing-scope>
 </resource-ref>
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>Authenticated</web-resource-name>
 <description/>
 <url-pattern>/auth/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <description/>
 <role-name>Authenticated</role-name>
 </auth-constraint>
 </security-constraint>
 <security-role>
 <description/>
 <role-name>Authenticated</role-name>
 </security-role>
 <login-config>
 <auth-method>FORM</auth-method>
 <realm-name>JBoss Portal</realm-name>
 <form-login-config>
 <form-login-page>/jsp/login.jsp</form-login-page>
 <form-error-page>/jsp/loginfailed.jsp</form-error-page>
 </form-login-config>
 </login-config>

In the "mycustomportal-object.xml" file I've added a default page with "view" action for "unckecked" users (this shows up a welcome portlet with a login link) and I "restricted" all other pages to "users" and "administrators". The problem is on the login link, where it should point to?
I tried pointing it to:
http://localhost:8080/portal/portal/mycustomportal/auth/
http://localhost:8080/portal/portal/auth/mycustomportal/
http://localhost:8080/portal/auth/portal/mycustomportal/

The last one shows up the "JBoss Portal" standard login page while others doesn't work at all showing up my default portal page. What's wrong?