Return-Path: Delivered-To: apmail-maven-continuum-dev-archive@www.apache.org Received: (qmail 20361 invoked from network); 3 Oct 2006 15:06:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 3 Oct 2006 15:06:48 -0000 Received: (qmail 76285 invoked by uid 500); 3 Oct 2006 15:06:48 -0000 Delivered-To: apmail-maven-continuum-dev-archive@maven.apache.org Received: (qmail 76148 invoked by uid 500); 3 Oct 2006 15:06:48 -0000 Mailing-List: contact continuum-dev-help@maven.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: continuum-dev@maven.apache.org Delivered-To: mailing list continuum-dev@maven.apache.org Received: (qmail 76137 invoked by uid 99); 3 Oct 2006 15:06:47 -0000 Received: from idunn.apache.osuosl.org (HELO idunn.apache.osuosl.org) (140.211.166.84) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Oct 2006 08:06:47 -0700 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests= Received: from [131.174.93.58] ([131.174.93.58:59781] helo=hermes.uci.kun.nl) by idunn.apache.osuosl.org (ecelerity 2.1.1.8 r(12930)) with ESMTP id AA/C1-08153-18C72254 for ; Tue, 03 Oct 2006 08:06:43 -0700 Received: from fire.homenet.neonics.com (vhe-400042.sshn.net [195.169.216.194]) by hermes.uci.kun.nl (PMDF V6.2-X17 #30689) with ESMTP id <0J6K00M2VFAW53@hermes.uci.kun.nl> for continuum-dev@maven.apache.org; Tue, 03 Oct 2006 17:06:32 +0200 (MEST) Received: from [10.0.2.2] (forge@magma.homenet.neonics.com [10.0.2.2]) by fire.homenet.neonics.com (8.13.7/8.13.7/Debian-1) with ESMTP id k93F6WkX026766 for ; Tue, 03 Oct 2006 17:06:32 +0200 Date: Tue, 03 Oct 2006 17:06:32 +0200 From: Kenney Westerhof Subject: Re: [vote] rbac-integration branch merge to trunk In-reply-to: To: continuum-dev@maven.apache.org Message-id: <45227C78.3050804@apache.org> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=UTF-8 Content-transfer-encoding: 7bit User-Agent: Thunderbird 1.5.0.7 (X11/20060928) X-Spam-Status: No, score=-1.4 required=4.0 tests=ALL_TRUSTED autolearn=unavailable version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on fire.homenet.neonics.com X-Virus-Scanned: ClamAV 0.88.2/1984/Tue Oct 3 12:01:28 2006 on fire.homenet.neonics.com X-Virus-Status: Clean References: X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N +1 Jesse McConnell wrote: > Brett suggested we do a vote for this today so I figured I would just > do that now. > > [-1/0/+1] vote will be open for 72 hours > > Pulling from the other mail, this branch was pulled a bit over a week > ago to test out the plexus-security integration with continuum. Some > of the added features are > > * full separation between application webapp and security (lightweight > integration). > * proper modularization for security components (authentication, > authorization, policy, system, web, etc...) > * rbac (role based access control) authorization provider. > * full user management war overlay (using healthy chunk of maven-user > to make it happen) > * toggle-able guest user authorization. > * remember me and single sign on authentication. > * forced admin account creation (through use of interceptor) > * key based authentication (remember me, single sign on, new user > validation emails, and password resets). > * http auth filters (basic and digest). > * aggressive plexus utilization. > * aggressive xwork / webwork integration. > * xwork interceptors for force admin, auto login (remember me), > secured action, and environment checks. > * secured actions for all of the /security namespace and at least one > continuum secured action (these are enforced by the > pssSecureActionInterceptor) > * all the password validation, user management stuff (again maven-user > origins) > * continuum-security artifact containing the actual static and dynamic > roles, and a continuum role manager that merges permissions to the > core system, user, and guest users > * ifAuthorized, ifAnyAuthorized, elseAuthorized jsp tags. > * placeholders for ldap authentication, authorization and user details > retrieval using plexus ldap components > * ability to re-use Acegi for authentication > > > +1 from me > > cheers, > jesse > >