Security Access Manager Permissions
In many installations, WebSEAL is behind Portal between the portlets and the back-end servers they access.
Portlets accessing back-end services through an external security manager
Portlets require some method of getting through the ESM to the back-end, and the portlets can use the Portal credential vault. The portlets are themselves designed to reuse existing security tokens from the Portal security context.