
Feeds and authentication
From the Jira Issue: Before Liferay 5.2.x you could access Message Board RSS feeds (and other) from a private page without authentication. Since 5.2.x you must authenticate for accessing such a feed. Instead of using HTTP (Basic) Authentication, you must use the form-based auth (or OpenID, CAS-SSO,..)
That is very annoying, because common feed readers only know to authenticate by using HTTP Authentication. And the is a property in portal.properties where you can set the non auth paths "auth.public.paths". If this property is there and "/message_boards/rss" in included in this property, there should be no authentication required for feeds.
So what is the point? Either the entries in "auth.public.paths" are respected with no exceptions, or feeds should be accessible by using HTTP (Basic) Authentication, if a feed is from a Message Board in a private community.
What about OpenID, CAS-SSO and other Single Sign-On systems? They should also be supported, otherwise the access to RSS feeds might be broken again, if you use any kind of SSO