I saw this in another thread. You would put this in your page declaration that you want to protect:
<security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint>
I don't think that answers my question.
There is now two different meanings with the word page. With your XML piece I could secure portal pages, but I am not talking about them. What I do want is to secure an individual HTML page I upload with the CMS admin and they do not have XML declarators with them. As far as I understand the responsible piece here would be the CMSPortlet, which should check for each page/resource whether the user is authorized to view it.
I fear that if I don't find a solution to this we may need to switch to another portal, but that would again cause other problems