I discovered something recently that is concerning with the GateIn portal security and am wondering if anyone else has noticed this and could provide a solution.  When trying to access a page via a bookmark (or just typing in the complete path in the address bar) that is only accessible to a specified role (just not Everyone), I would expect that the user would be directed to the login page.  However, the user is just directed to the Homepage.  Then, even after signing in, the user is then not taken to the page originally requested.

I would expect the behavior of the portal when any page not accessible to Everyone to redirect the user to "/portal/private" to login to the portal at the minimum.  It would also be nice to navigate the user to a requested page following login if applicable. 

I noticed this issue when changing the access-permissions to "*:/platform/users" for the homepage of the portal via pages.xml.  In this case, actually the site map page shows.  From this behavior, it seems there is not a way to secure your entire portal to only authenticated users.  Is there a settting that can change this behavior?  Or does custom functionality to do this need to be developed?

I have been able to change the url-pattern on the security-constraint in <server>/deploy/gatein.ear/02portal.war/WEB-INF/web.xml from "/private/* to "/public/*".  This actually does do what I want for this issue, but it requires changing the standard installation of the portal product.  Is there a way of accomplishing this without changing any default configuration files?

Thanks for any assistance.

Tim