Clearly states that I can secure pages in my *-object.xml file. After successfully securing an instance with the following security constraint:
<security-constraint> <policy-permission> <role-name>Authenticated</role-name> <action-name>view</action-name> </policy-permission> </security-constraint>
On 2.6 it works fine for me :-)
First of all you can modify the security in the admin console.
You do not have to use the xxx-object.xml things to begin with
a) avoid cascading on a higher level.
b) ensure your group exists
c) ensure you use the groupname NOT the description