Hi all,
I developed a portal application some time ago with Jboss Portal Server 2.2 , and I was looking for a way to enhance security settings.
In particular, some users notify me that
- it is possible for a user to login from different hosts
- there is no a limit for login attempts, so the portal is vulnerable to a brute force attack.

This JBoss instance was not setting up by me so even after some searches I wasn't able to find where to modify to enable these security setting, or, if necessary, which java class to edit and recompile...

Does anywone have experience on it and/or can help me?
Thank you so much! :)