Thank You Julien, it's very clear.
But what about if Main.jsp contains 2 hyperlink.
One is for all authenticathed user and one only for user with admin role.
In a standard web container all user see links, but if a non "admin" user try
to access to the page authorized only to admin, a std web se
it is because you need to secure your portlet.
when you access the portal, you are either authenticated or not against the
portal. in both case if you access the portal then you can hit any servlet in
the server, servlet container security will not apply.
the security you set a the war level on