secure our rest/gwt apis/UI (only authenticated users may GET)
An option to allow admin to allow/disallow anonymous doing GET in our api
enabled by default - for new instances only
disallow download/read access to source/translations
lock all pages(except registration, login and info page (info for user to contact admin, report issue etc)), redirect to login page.
Using interceptor or filter to handle most cases.