I don't think you can associate security domain on a per page basis in the portal. The security domain that is specified is applied to the entire portal as a whole
Ideally, it makes sense to authenticate against the whole portal but define authorization at individual pages/components in a page.
actually I need some part of my portal to be accessible with user login and blank password. Solution doesn't need to be secure.
I can make my own user session scheme, but i'm trying to use jboss mechanisms and keep 'security' away from business logic and presentation.