How do I get users to authenticate by http-auth before they can access Liferay?
More specific: How do I use http-auth instead of Liferay's sign-in page or portlets. Access to Liferay should be completely blocked unless credentials have been presented by http-auth.
I can't speak directly to how Liferay works, however, in JBoss Portal you have to manually modify the Portal's web.xml to include the appropriate authentication mechanism and desired roles.
I would assume that Liferay would probably be the same course of action since they are both Java-based web applications at their cores.