I am not sure if this is caused by DatabasePageManager is not finished coding yet. If yes, please close this issue.
The issue is when I switch to DatabasePageManager, I start the J2 and visit http://localhost:8080/jetspeed/ and I did not login, but I can see all the PSML tags and Administrator folder entry display too.
I found that this is caused by class:
The member variables usersList, rolesList, groupsList and permissionsList will out of synchronization with users, roles, groups and permissions in class SecurityConstraintImpl when use DatabasePagemanager.
You must call getSecurityConstraintsRefs() and getSecurityConstraints() to initialize the member variable securityConstraints and securityConstraintsRefs.
The attached patch is a work around for this issue.