Author: smumford
Date: 2010-05-25 21:47:05 -0400 (Tue, 25 May 2010)
New Revision: 3195
Modified:
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml
Log:
JBEPP-279: Moved Recommended Practices section as per request from MarkY
Modified:
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml
===================================================================
---
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml 2010-05-25
21:42:24 UTC (rev 3194)
+++
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml 2010-05-26
01:47:05 UTC (rev 3195)
@@ -689,37 +689,6 @@
</variablelist>
</section> -->
- <section>
- <title>Recommended Practices</title>
-<!-- <para>
- &PRODUCT; &VERSION; includes four pre-configured user accounts for testing
and evaluation puposes. These accounts can be used for direct access to the portal.
- </para> -->
- <para>
- For security reasons, before going in production, you should restrict the access to
the login servlet to POST.
- </para>
- <para>
- To do so, edit the file
<filename>$JBOSS_HOME/server/[configuration]/gatein.ear/02portal.war/WEB-INF/web.xml</filename>
and add:
- </para>
-<programlisting language="XML" role="XML"><![CDATA[
-<security-constraint>
- <web-resource-collection>
- <web-resource-name>login</web-resource-name>
- <url-pattern>/login</url-pattern>
- <http-method>GET</http-method>
- <http-method>PUT</http-method>
- <http-method>DELETE</http-method>
- <http-method>HEAD</http-method>
- <http-method>OPTIONS</http-method>
- <http-method>TRACE</http-method>
- </web-resource-collection>
- <auth-constraint/>
-</security-constraint> ]]></programlisting>
- <para>
- Doing this will render the login links provided on the front page inactive.
- </para>
-
- </section>
-
<section
id="sect-Release_Notes-_Known_Issues_with_this_release_-General_Known_Issues">
<title>General Known Issues</title>
<formalpara>
@@ -958,6 +927,37 @@
<section>
+ <title>Recommended Practices</title>
+<!-- <para>
+ &PRODUCT; &VERSION; includes four pre-configured user accounts for testing
and evaluation puposes. These accounts can be used for direct access to the portal.
+ </para> -->
+ <para>
+ For security reasons, before going in production, you should restrict the access to
the login servlet to POST.
+ </para>
+ <para>
+ To do so, edit the file
<filename>$JBOSS_HOME/server/[configuration]/gatein.ear/02portal.war/WEB-INF/web.xml</filename>
and add:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[
+<security-constraint>
+ <web-resource-collection>
+ <web-resource-name>login</web-resource-name>
+ <url-pattern>/login</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>PUT</http-method>
+ <http-method>DELETE</http-method>
+ <http-method>HEAD</http-method>
+ <http-method>OPTIONS</http-method>
+ <http-method>TRACE</http-method>
+ </web-resource-collection>
+ <auth-constraint/>
+</security-constraint> ]]></programlisting>
+ <para>
+ Doing this will render the login links provided on the front page inactive.
+ </para>
+
+ </section>
+
+ <section>
<title>Migration from Enterprise Portal Platform 4.3</title>
<para>
As stated in section 5 of this document, Enterprise Portal Platform 5 is based upon
an entirely new core architecture and is not backwards compatible with Enterprise Portal
Platform 4.3.