Hi PeterJ, ok, thanks - I moved the security-constraint to the portlet-instances.xml.
But what can I do to prevent direct access to my war? I cannot set up a security-constraint in my web.xml, because I will be asked for username/password, when I call my app from JBoss Portal. Or is this a "single-sign-on"-issue and I have to configure jboss-web.deployer anyhow to recognize, that I'm already logged on via the portal login? Thank you very much for a tip or hint. Carsten View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138098#4138098 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138098 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
