continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse McConnell" <>
Subject [vote] rbac-integration branch merge to trunk
Date Mon, 02 Oct 2006 21:16:38 GMT
Brett suggested we do a vote for this today so I figured I would just
do that now.

[-1/0/+1] vote will be open for 72 hours

Pulling from the other mail, this branch was pulled a bit over a week
ago to test out the plexus-security integration with continuum.  Some
of the added features are

* full separation between application webapp and security (lightweight
* proper modularization for security components (authentication,
authorization, policy, system, web, etc...)
* rbac (role based access control) authorization provider.
* full user management war overlay (using healthy chunk of maven-user
to make it happen)
* toggle-able guest user authorization.
* remember me and single sign on authentication.
* forced admin account creation (through use of interceptor)
* key based authentication (remember me, single sign on, new user
validation emails, and password resets).
* http auth filters (basic and digest).
* aggressive plexus utilization.
* aggressive xwork / webwork integration.
* xwork interceptors for force admin, auto login (remember me),
secured action, and environment checks.
* secured actions for all of the /security namespace and at least one
continuum secured action (these are enforced by the
* all the password validation, user management stuff (again maven-user origins)
* continuum-security artifact containing the actual static and dynamic
roles, and a continuum role manager that merges permissions to the
core system, user, and guest users
* ifAuthorized, ifAnyAuthorized, elseAuthorized jsp tags.
* placeholders for ldap authentication, authorization and user details
retrieval using plexus ldap components
* ability to re-use Acegi for authentication

+1 from me


jesse mcconnell

View raw message