I think that the rumors you might have heard are related to JBoss AS and not JBoss Portal.
The AS provided for subscribers, called JBoss EAP, has various services locked down. This
is to prevent the unfortunate, but ubiquitous case, of people deploying a JBoss AS
instance on the internet and failing to lock that instance down - without it being locked
down anybody can do fun things such as bring the web site down. Since EAP is locked down,
the admin is required to think about configuring security, but doing so is no different,
or harder, than under AS.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221144#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...