From do-not-reply at jboss.org Tue May 25 17:42:24 2010
Content-Type: multipart/mixed; boundary="===============5067227002639770386=="
MIME-Version: 1.0
From: do-not-reply at jboss.org
To: gatein-commits at lists.jboss.org
Subject: [gatein-commits] gatein SVN: r3194 -
 portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US.
Date: Tue, 25 May 2010 17:42:24 -0400
Message-ID: <201005252142.o4PLgOPh002648@svn01.web.mwc.hst.phx2.redhat.com>

--===============5067227002639770386==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Author: smumford
Date: 2010-05-25 17:42:24 -0400 (Tue, 25 May 2010)
New Revision: 3194

Modified:
   portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release=
_Notes/en-US/Release_Notes.xml
Log:
JBEPP-279: Add autologin text as a Recommended Practice section. Correct ty=
po.

Modified: portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_=
Release_Notes/en-US/Release_Notes.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Releas=
e_Notes/en-US/Release_Notes.xml	2010-05-25 13:40:49 UTC (rev 3193)
+++ portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Releas=
e_Notes/en-US/Release_Notes.xml	2010-05-25 21:42:24 UTC (rev 3194)
@@ -689,6 +689,36 @@
 			</variablelist>
 		</section> -->
 =

+		<section>
+			<title>Recommended Practices</title>
+<!--				<para>
+					&PRODUCT; &VERSION; includes four pre-configured user accounts for te=
sting and evaluation puposes. These accounts can be used for direct access =
to the portal. =

+				</para> -->
+				<para>
+					For security reasons, before going in production, you should restrict=
 the access to the login servlet to POST.
+				</para>
+				<para>
+					To do so, edit the file <filename>$JBOSS_HOME/server/[configuration]/=
gatein.ear/02portal.war/WEB-INF/web.xml</filename> and add: =

+				</para>
+<programlisting language=3D"XML" role=3D"XML"><![CDATA[
+<security-constraint>
+  <web-resource-collection>
+   <web-resource-name>login</web-resource-name>
+    <url-pattern>/login</url-pattern>
+    <http-method>GET</http-method>
+    <http-method>PUT</http-method>
+    <http-method>DELETE</http-method>
+    <http-method>HEAD</http-method>
+    <http-method>OPTIONS</http-method>
+    <http-method>TRACE</http-method>
+  </web-resource-collection>
+ <auth-constraint/>
+</security-constraint> ]]></programlisting>
+			<para>
+				Doing this will render the login links provided on the front page inac=
tive. =

+			</para>
+			=

+		</section>
 =

 		<section id=3D"sect-Release_Notes-_Known_Issues_with_this_release_-Gener=
al_Known_Issues">
 			<title>General Known Issues</title>
@@ -928,7 +958,7 @@
 =

 =

 	<section>
-		<title>Migration from Enteprise Portal Platform 4.3</title>
+		<title>Migration from Enterprise Portal Platform 4.3</title>
 			<para>
 				As stated in section 5 of this document, Enterprise Portal Platform 5 =
is based upon an entirely new core architecture and is not backwards compat=
ible with Enterprise Portal Platform 4.3.
 			</para>


--===============5067227002639770386==--