[gatein-commits] gatein SVN: r3195 - portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US.

Author: smumford Date: 2010-05-25 21:47:05 -0400 (Tue, 25 May 2010) New Revision: 3195 Modified: portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml Log: JBEPP-279: Moved Recommended Practices section as per request from MarkY Modified: portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml =================================================================== --- portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml 2010-05-25 21:42:24 UTC (rev 3194) +++ portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml 2010-05-26 01:47:05 UTC (rev 3195) @@ -689,37 +689,6 @@ </variablelist> </section> --> - <section> - <title>Recommended Practices</title> -<!-- <para> - &PRODUCT; &VERSION; includes four pre-configured user accounts for testing and evaluation puposes. These accounts can be used for direct access to the portal. - </para> --> - <para> - For security reasons, before going in production, you should restrict the access to the login servlet to POST. - </para> - <para> - To do so, edit the file <filename>$JBOSS_HOME/server/[configuration]/gatein.ear/02portal.war/WEB-INF/web.xml</filename> and add: - </para> -<programlisting language="XML" role="XML"><![CDATA[ -<security-constraint> - <web-resource-collection> - <web-resource-name>login</web-resource-name> - <url-pattern>/login</url-pattern> - <http-method>GET</http-method> - <http-method>PUT</http-method> - <http-method>DELETE</http-method> - <http-method>HEAD</http-method> - <http-method>OPTIONS</http-method> - <http-method>TRACE</http-method> - </web-resource-collection> - <auth-constraint/> -</security-constraint> ]]></programlisting> - <para> - Doing this will render the login links provided on the front page inactive. - </para> - - </section> - <section id="sect-Release_Notes-_Known_Issues_with_this_release_-General_Known_Issues"> <title>General Known Issues</title> <formalpara> @@ -958,6 +927,37 @@ <section> + <title>Recommended Practices</title> +<!-- <para> + &PRODUCT; &VERSION; includes four pre-configured user accounts for testing and evaluation puposes. These accounts can be used for direct access to the portal. + </para> --> + <para> + For security reasons, before going in production, you should restrict the access to the login servlet to POST. + </para> + <para> + To do so, edit the file <filename>$JBOSS_HOME/server/[configuration]/gatein.ear/02portal.war/WEB-INF/web.xml</filename> and add: + </para> +<programlisting language="XML" role="XML"><![CDATA[ +<security-constraint> + <web-resource-collection> + <web-resource-name>login</web-resource-name> + <url-pattern>/login</url-pattern> + <http-method>GET</http-method> + <http-method>PUT</http-method> + <http-method>DELETE</http-method> + <http-method>HEAD</http-method> + <http-method>OPTIONS</http-method> + <http-method>TRACE</http-method> + </web-resource-collection> + <auth-constraint/> +</security-constraint> ]]></programlisting> + <para> + Doing this will render the login links provided on the front page inactive. + </para> + + </section> + + <section> <title>Migration from Enterprise Portal Platform 4.3</title> <para> As stated in section 5 of this document, Enterprise Portal Platform 5 is based upon an entirely new core architecture and is not backwards compatible with Enterprise Portal Platform 4.3.