Author: smumford
Date: 2010-05-25 17:42:24 -0400 (Tue, 25 May 2010)
New Revision: 3194
Modified:
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml
Log:
JBEPP-279: Add autologin text as a Recommended Practice section. Correct typo.
Modified:
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml
===================================================================
---
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml 2010-05-25
13:40:49 UTC (rev 3193)
+++
portal/branches/EPP_5_0_0_Branch_Docs/Enterprise_Portal_Platform_Release_Notes/en-US/Release_Notes.xml 2010-05-25
21:42:24 UTC (rev 3194)
@@ -689,6 +689,36 @@
</variablelist>
</section> -->
+ <section>
+ <title>Recommended Practices</title>
+<!-- <para>
+ &PRODUCT; &VERSION; includes four pre-configured user accounts for testing
and evaluation puposes. These accounts can be used for direct access to the portal.
+ </para> -->
+ <para>
+ For security reasons, before going in production, you should restrict the access to
the login servlet to POST.
+ </para>
+ <para>
+ To do so, edit the file
<filename>$JBOSS_HOME/server/[configuration]/gatein.ear/02portal.war/WEB-INF/web.xml</filename>
and add:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[
+<security-constraint>
+ <web-resource-collection>
+ <web-resource-name>login</web-resource-name>
+ <url-pattern>/login</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>PUT</http-method>
+ <http-method>DELETE</http-method>
+ <http-method>HEAD</http-method>
+ <http-method>OPTIONS</http-method>
+ <http-method>TRACE</http-method>
+ </web-resource-collection>
+ <auth-constraint/>
+</security-constraint> ]]></programlisting>
+ <para>
+ Doing this will render the login links provided on the front page inactive.
+ </para>
+
+ </section>
<section
id="sect-Release_Notes-_Known_Issues_with_this_release_-General_Known_Issues">
<title>General Known Issues</title>
@@ -928,7 +958,7 @@
<section>
- <title>Migration from Enteprise Portal Platform 4.3</title>
+ <title>Migration from Enterprise Portal Platform 4.3</title>
<para>
As stated in section 5 of this document, Enterprise Portal Platform 5 is based upon
an entirely new core architecture and is not backwards compatible with Enterprise Portal
Platform 4.3.
</para>
Show replies by date