JBoss.orgCommunity Documentation
Finally, you need to do some common changes on both app servers as follows:
First, change the JAAS realm to match your own security constraints and then identify the entry named exo.security.domain inside the configuration.properties file.
# Realm name exo.security.domain=gatein-domain
Internally, eXo Platform uses this setting to set a new variable named "portal.container.realm" that is then used in the Kernel configuration files, such as platform-extension/WEB-INF/conf/platform/repository-configuration.xml.
Inside portal.war, you should declare the Realm name in the web.xml file:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>gatein-domain</realm-name>
<form-login-config>
...
</form-login-config>
</login-config>
You also need to modify rest.war to provide secured REST services properly.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>gatein-domain</realm-name>
</login-config>
This change is very important, allowing you to secure the file downloads via WEBDAV.