continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joakim Erdfelt <joa...@erdfelt.com>
Subject Re: rbac-integration continuum branch
Date Thu, 28 Sep 2006 02:01:01 GMT
+1 to merge this work into continuum/trunk

- Joakim

Jesse McConnell wrote:
> Over the course of the past 3 weeks I've worked with joakim on the
> plexus-security effort to bring rbac based security to Archiva.
> We succeeded.
>
> Last Friday (or so) I took the continuum/trunk and created the
> rbac-integration branch.
> I wanted from to test the integration of rbac based security, using
> the plexus-security project, into continuum.
>
> It integrated beautifully, without a whole lot of work, in record
> time, and is pretty functional now ...
>
> Some of the fun things that plexus-security brings with it are:
>
> * full separation between application webapp and security (lightweight
> integration).
> * proper modularization for security components (authentication,
> authorization, policy, system, web, etc...)
> * rbac (role based access control) authorization provider.
> * full user management war overlay (using healthy chunk of maven-user
> to make it happen)
> * toggle-able guest user authorization.
> * remember me and single sign on authentication.
> * forced admin account creation (through use of interceptor)
> * key based authentication (remember me, single sign on, new user
> validation emails, and password resets).
> * http auth filters (basic and digest).
> * aggressive plexus utilization.
> * aggressive xwork / webwork integration.
> * xwork interceptors for force admin, auto login (remember me),
> secured action, and environment checks.
> * secured actions for all of the /security namespace and at least one
> continuum secured action (these are enforced by the
> pssSecureActionInterceptor)
> * all the password validation, user management stuff (again maven-user
> origins)
> * continuum-security artifact containing the actual static and dynamic
> roles, and a continuum role manager that merges permissions to the
> core system, user, and guest users
> * ifAuthorized, ifAnyAuthorized, elseAuthorized jsp tags.
> * placeholders for ldap authentication, authorization and user details
> retrieval using plexus ldap components
> * ability to re-use Acegi for authentication
>
> I think it is very usable now, its a matter of some jsp and action
> work to clean up some things and hide some other knobs and buttons.
>
> I'd like to get feedback and discussion from the others here about the
> implementation, and consider a vote to merge it to trunk after that. I
> believe it is stable enough to move forward with.
>
> jesse
>


Mime
View raw message