continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse McConnell" <>
Subject rbac-integration continuum branch
Date Thu, 28 Sep 2006 01:58:07 GMT
Over the course of the past 3 weeks I've worked with joakim on the
plexus-security effort to bring rbac based security to Archiva.
We succeeded.

Last Friday (or so) I took the continuum/trunk and created the
rbac-integration branch.
I wanted from to test the integration of rbac based security, using
the plexus-security project, into continuum.

It integrated beautifully, without a whole lot of work, in record
time, and is pretty functional now ...

Some of the fun things that plexus-security brings with it are:

* full separation between application webapp and security (lightweight
* proper modularization for security components (authentication,
authorization, policy, system, web, etc...)
* rbac (role based access control) authorization provider.
* full user management war overlay (using healthy chunk of maven-user
to make it happen)
* toggle-able guest user authorization.
* remember me and single sign on authentication.
* forced admin account creation (through use of interceptor)
* key based authentication (remember me, single sign on, new user
validation emails, and password resets).
* http auth filters (basic and digest).
* aggressive plexus utilization.
* aggressive xwork / webwork integration.
* xwork interceptors for force admin, auto login (remember me),
secured action, and environment checks.
* secured actions for all of the /security namespace and at least one
continuum secured action (these are enforced by the
* all the password validation, user management stuff (again maven-user origins)
* continuum-security artifact containing the actual static and dynamic
roles, and a continuum role manager that merges permissions to the
core system, user, and guest users
* ifAuthorized, ifAnyAuthorized, elseAuthorized jsp tags.
* placeholders for ldap authentication, authorization and user details
retrieval using plexus ldap components
* ability to re-use Acegi for authentication

I think it is very usable now, its a matter of some jsp and action
work to clean up some things and hide some other knobs and buttons.

I'd like to get feedback and discussion from the others here about the
implementation, and consider a vote to merge it to trunk after that. I
believe it is stable enough to move forward with.


jesse mcconnell

View raw message