On Monday, October 31, 2016, Ahmed Ragab <[email protected]> wrote:
> > > Sent from my iPhone > > > On 30 Oct 2016, at 11:46, Stephen Cameron <[email protected] > <javascript:;>> wrote: > > > > I have an isis app that will be publicly accessible. > > > > I'd like to make is as secure as is reasonable. > > > > Use of SSL is necessary of course. > > > > Internet banking sites seem to make do with password authentication, but > > expire dormant sessions very promptly and not show any account details in > > the UI (so someone can see the account name and guess the password). Is > > similar possible in Apache Isis? > > > I didn't understood what you want to achieve If a logged-in user stops interacting with the app for a period, the login gets expired and they have to enter their password again. I'm wondering if the time interval to expiry can be configured. > > I need to disable the RESTful objects interface too. > > > That one is as simple as removing the RESTful objects filter from the > web.xml > > Thanks for any suggestions or tips. > > > > Stephen Cameron >
