Author: smumford
Date: 2010-07-25 22:31:50 -0400 (Sun, 25 Jul 2010)
New Revision: 3705
Modified:
epp/docs/branches/EPP_5_0_Branch/Installation_Guide/en-US/Post_Installation.xml
Log:
JBEPP-373: Added information about disabling pre-configured user accounts
Modified: epp/docs/branches/EPP_5_0_Branch/Installation_Guide/en-US/Post_Installation.xml
===================================================================
---
epp/docs/branches/EPP_5_0_Branch/Installation_Guide/en-US/Post_Installation.xml 2010-07-24
10:40:14 UTC (rev 3704)
+++
epp/docs/branches/EPP_5_0_Branch/Installation_Guide/en-US/Post_Installation.xml 2010-07-26
02:31:50 UTC (rev 3705)
@@ -241,5 +241,37 @@
</programlisting>
</para>
</formalpara>
+ <formalpara>
+ <title>Disabling Pre-configured Accounts</title>
+ <para>
+ &PRODUCT; &VERSION; includes four pre-configured user accounts for testing
and evaluation puposes. These accounts can be used for direct access to the portal.
+ </para>
+ </formalpara>
+ <para>
+ For security reasons, before going in production, you should restrict the access to
the login servlet to POST.
+ </para>
+ <para>
+ To do so, edit the file
<filename>$JBOSS_HOME/server/[configuration]/gatein.ear/02portal.war/WEB-INF/web.xml</filename>
and add:
+ </para>
+<programlisting language="XML" role="XML"><![CDATA[
+<security-constraint>
+ <web-resource-collection>
+ <web-resource-name>login</web-resource-name>
+ <url-pattern>/login</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>PUT</http-method>
+ <http-method>DELETE</http-method>
+ <http-method>HEAD</http-method>
+ <http-method>OPTIONS</http-method>
+ <http-method>TRACE</http-method>
+ </web-resource-collection>
+ <auth-constraint/>
+</security-constraint> ]]></programlisting>
+ <para>
+ Doing this will render the login links provided on the front page inactive.
+ </para>
+
+
+
</section>
</chapter>
Show replies by date