...
[09:56:43 CST(-0600)] <dmccallum54> i think that's actually a more desirable solution, but would require a certain amount of research to determine if there's a coherent way to manage permissions for the anonymous user if we're not always accessing GPS "through" the portal
[09:58:50 CST(-0600)] <dmccallum54> then there's the application UI space… i think you said GPS actually depends on publicly visible *.jsp resources… I don't see anything protecting those resources in security-config.xml… and I'm guessing the jsp's themselves could just be wide-open if they're really just shells that call back to APIs for all their data
[09:59:14 CST(-0600)] <dmccallum54> let me know if any of that actually answered your questions