deltaspike-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r922514 [10/11] - in /websites/staging/deltaspike/trunk/content: ./ documentation/ retired/
Date Wed, 17 Sep 2014 12:22:53 GMT
Added: websites/staging/deltaspike/trunk/content/retired/security.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/retired/security.html (added)
+++ websites/staging/deltaspike/trunk/content/retired/security.html Wed Sep 17 12:22:52 2014
@@ -0,0 +1,537 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="deltaspike-generate-pages">
+    <meta name="author" content="chm">
+
+    <title>Apache DeltaSpike - DeltaSpike Security Module</title>
+
+    
+
+    
+    <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file to you under the Apache License, Version 2.0 (the &quot;License&quot;); you may not use this file except in compliance with the License.  You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the specific language governing permissions and limitations under the License. -->
+
+    <!-- Styles -->
+    
+    <link href="./../resources/css/bootstrap.css" rel="stylesheet">    
+    <!--<link href="./../resources/css/prettify.css" rel="stylesheet" /> -->
+    <link href="./../resources/css/codehilite.css" rel="stylesheet" />
+    <link href="./../resources/css/bootstrap-responsive.css" rel="stylesheet">
+    <style type="text/css">
+        body {
+            padding-top: 60px;
+            padding-bottom: 40px;
+        }
+    </style>
+	<script type="text/javascript">
+
+	  var _gaq = _gaq || [];
+	  _gaq.push(['_setAccount', 'UA-36103647-1']);
+	  _gaq.push(['_trackPageview']);
+	
+	  (function() {
+		var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+		ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+		var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+	  })();
+	
+	</script>
+</head>
+
+<body>
+    <div class="navbar navbar-fixed-top">
+        <div class="navbar-inner">
+            <div class="container">
+                <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </a>
+                <a class="brand logocolor" href="/index.html">Apache DeltaSpike</a>
+                <div class="nav-collapse">
+                    <ul class="nav">
+                        <li class="active"><a href="./../index.html">Home</a></li>
+                        <li><a href="./../documentation.html">Documentation</a></li>
+                        <li><a href="./../source.html">Source</a></li>
+                        <li><a href="./../download.html">Download</a></li>
+                        <li><a href="./../community.html">Community</a></li>
+                        <!-- <li><a href="./../support.html">Support</a></li>  -->
+                        <li><a href="./../news.html">News</a></li>
+                        <li><a href="./../migration-guide.html">Migration</a></li>
+                    </ul>
+                </div><!--/.nav-collapse -->
+                <form id="search-form" action="http://www.google.com/search" method="get"  class="navbar-search pull-right" >
+                    <input value="deltaspike.apache.org" name="sitesearch" type="hidden"/>
+                    <input class="search-query" name="q" id="query" type="text" />
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <div class="container">
+      <div class="row">
+          <div class="span12">
+              <div class="page-title">
+                <h1>DeltaSpike Security Module</h1>
+              </div>
+              <p>Title: DeltaSpike Security Module
+Notice:    Licensed to the Apache Software Foundation (ASF) under one
+           or more contributor license agreements.  See the NOTICE file
+           distributed with this work for additional information
+           regarding copyright ownership.  The ASF licenses this file
+           to you under the Apache License, Version 2.0 (the
+           "License"); you may not use this file except in compliance
+           with the License.  You may obtain a copy of the License at
+           .
+             http://www.apache.org/licenses/LICENSE-2.0
+           .
+           Unless required by applicable law or agreed to in writing,
+           software distributed under the License is distributed on an
+           "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+           KIND, either express or implied.  See the License for the
+           specific language governing permissions and limitations
+           under the License.</p>
+<div class="toc">
+<ul>
+<li><a href="#securitybinding-for-class-and-method-invocations">SecurityBinding for class and method invocations</a></li>
+<li><a href="#integrating-3rd-party-security-frameworks">Integrating 3rd party security frameworks</a><ul>
+<li><a href="#secured">@Secured</a></li>
+<li><a href="#accessdecisionvoter">AccessDecisionVoter</a></li>
+<li><a href="#securityviolation">SecurityViolation</a></li>
+<li><a href="#abstractaccessdecisionvoter">AbstractAccessDecisionVoter</a></li>
+<li><a href="#secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</a></li>
+</ul>
+</li>
+<li><a href="#making-intitially-requested-and-secured-page-available-for-redirect-after-login">Making intitially requested and secured page available for redirect after login</a><ul>
+<li><a href="#cdi-implementation-to-redirect-the-login-to-the-first-denied-page">CDI Implementation to redirect the login to the first denied page</a></li>
+<li><a href="#picketlink-implementation-to-redirect-the-login-to-the-first-denied-page">PicketLink Implementation to redirect the login to the first denied page</a></li>
+</ul>
+</li>
+<li><a href="#accessdecisionvotercontext">AccessDecisionVoterContext</a><ul>
+<li><a href="#securitystrategy-spi">SecurityStrategy SPI</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<hr />
+<p><strong>Hint:</strong>
+If you are using features described by this page and the CDI container you are using is Weld (or OpenWebBeans in BDA mode), you have to enable the security interceptor in your beans.xml file:</p>
+<div class="codehilite"><pre><span class="nt">&lt;beans&gt;</span>
+    <span class="nt">&lt;interceptors&gt;</span>
+        <span class="nt">&lt;class&gt;</span>org.apache.deltaspike.security.impl.extension.SecurityInterceptor<span class="nt">&lt;/class&gt;</span>
+    <span class="nt">&lt;/interceptors&gt;</span>
+<span class="nt">&lt;/beans&gt;</span>
+</pre></div>
+
+
+<h1 id="securitybinding-for-class-and-method-invocations">SecurityBinding for class and method invocations</h1>
+<p>This feature of the security module functions by intercepting method calls, and performing a security check before invocation is allowed to proceed.</p>
+<p>In order to use the DeltaSpike security module, you must first have installed the proper dependencies into your POM file. Once this is complete, you may proceed to create a security parameter binding annotation. This is what we will use to add security behavior to our business classes and methods.</p>
+<p>Create the SecurityBinding:</p>
+<div class="codehilite"><pre><span class="nd">@Retention</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="n">RUNTIME</span><span class="o">)</span>
+<span class="nd">@Target</span><span class="o">({</span><span class="n">TYPE</span><span class="o">,</span> <span class="n">METHOD</span><span class="o">})</span>
+<span class="nd">@Documented</span>
+<span class="nd">@SecurityBindingType</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">CustomSecurityBinding</span> <span class="o">{</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Next, we must define an Authorizer class to implement behavior for our custom SecurityBindingType. This class is simply a CDI bean which declares a @Secures method, qualified with the security binding annotation we created in the first step.</p>
+<p>This method has access to the InvocationContext of the method call, so if we need to access parameter arguments, we can do so using the given context. Note that we may also inject other beans into the parameter list of our @Secures method.</p>
+<p>Create the Authorizer:</p>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAuthorizer</span>
+<span class="o">{</span>
+    <span class="nd">@Secures</span>
+    <span class="nd">@CustomSecurityBinding</span>
+    <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">doSecuredCheck</span><span class="o">(</span><span class="n">InvocationContext</span> <span class="n">invocationContext</span><span class="o">,</span> <span class="n">BeanManager</span> <span class="n">manager</span><span class="o">,</span> <span class="nd">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="o">)</span> <span class="kd">throws</span> <span class="n">Exception</span>
+    <span class="o">{</span>
+        <span class="k">return</span> <span class="n">user</span><span class="o">.</span><span class="na">isLoggedIn</span><span class="o">();</span> <span class="c1">// perform security check</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>We can then use our new annotation to secure business or bean methods. This binding annotation may be placed on the entire class (securing all methods,) or on individual methods that you wish to secure.</p>
+<p>Secure a bean method:</p>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+    <span class="nd">@CustomSecurityBinding</span>
+    <span class="kd">public</span> <span class="kt">void</span> <span class="nf">doSomething</span><span class="o">(</span><span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span>
+    <span class="o">{</span>
+        <span class="n">thing</span><span class="o">.</span><span class="na">doSomething</span><span class="o">();</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Next, we may access parameter values from the method invocation directly in our authorizer bean by creating custom @SecurityParameterBinding types; this is a simple step once we have completed the work above:</p>
+<p>Create a parameter binding annotation:</p>
+<div class="codehilite"><pre><span class="nd">@Retention</span><span class="o">(</span><span class="n">value</span> <span class="o">=</span> <span class="n">RUNTIME</span><span class="o">)</span>
+<span class="nd">@Target</span><span class="o">({</span><span class="n">PARAMETER</span><span class="o">})</span>
+<span class="nd">@Documented</span>
+<span class="nd">@SecurityParameterBinding</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">CurrentThing</span> <span class="o">{</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Now, when a secured method is invoked, we can inject actual parameter values as arguments into our authorizer method, providing domain-level security in our applications:</p>
+<p>Update the Authorizer to use parameter binding:</p>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAuthorizer</span>
+<span class="o">{</span>
+    <span class="nd">@Secures</span>
+    <span class="nd">@CustomSecurityBinding</span>
+    <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">doSecuredCheck</span><span class="o">(</span><span class="n">InvocationContext</span> <span class="n">invocationContext</span><span class="o">,</span> <span class="n">BeanManager</span> <span class="n">manager</span><span class="o">,</span> <span class="nd">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="o">,</span> <span class="nd">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span> <span class="kd">throws</span> <span class="n">Exception</span>
+    <span class="o">{</span>
+        <span class="k">return</span> <span class="n">thing</span><span class="o">.</span><span class="na">hasMember</span><span class="o">(</span><span class="n">user</span><span class="o">);</span> <span class="c1">// perform security check against our method parameter</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Note that our business method must also be annotated.</p>
+<p>Complete the parameter binding:</p>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+    <span class="nd">@CustomSecurityBinding</span>
+    <span class="kd">public</span> <span class="kt">void</span> <span class="nf">doSomething</span><span class="o">(</span><span class="nd">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span>
+    <span class="o">{</span>
+        <span class="n">thing</span><span class="o">.</span><span class="na">doSomething</span><span class="o">();</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Our method is now secured, and we are able to use given parameter values as part of our security authorizer!</p>
+<p>There may be cases where you may want to base your authorization logic on the result of the secured method and do the security check after the method invocation.
+Just use the same security binding type for that case:</p>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+    <span class="nd">@CustomSecurityBinding</span>
+    <span class="kd">public</span> <span class="n">Thing</span> <span class="nf">loadSomething</span><span class="o">()</span>
+    <span class="o">{</span>
+        <span class="k">return</span> <span class="n">thingLoader</span><span class="o">.</span><span class="na">load</span><span class="o">();</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Now you need to access the return value in the authorizer method. You can inject it using the @SecuredReturn annotation.
+Update the Authorizer to use a secured return value:</p>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAuthorizer</span>
+<span class="o">{</span>
+    <span class="nd">@Secures</span>
+    <span class="nd">@CustomSecurityBinding</span>
+    <span class="kd">public</span> <span class="kt">boolean</span> <span class="nf">doSecuredCheck</span><span class="o">(</span><span class="nd">@SecuredReturn</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">,</span> <span class="nd">@LoggedIn</span> <span class="n">User</span> <span class="n">user</span><span class="o">)</span> <span class="kd">throws</span> <span class="n">Exception</span>
+    <span class="o">{</span>
+        <span class="k">return</span> <span class="n">thing</span><span class="o">.</span><span class="na">hasMember</span><span class="o">(</span><span class="n">user</span><span class="o">);</span> <span class="c1">// perform security check against the return value</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Now the authorization will take place after the method invocation using the return value of the business method.</p>
+<p>Complete the parameter binding:</p>
+<div class="codehilite"><pre><span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean1</span>
+<span class="o">{</span>
+    <span class="nd">@CustomSecurityBinding</span>
+    <span class="kd">public</span> <span class="kt">void</span> <span class="nf">doSomething</span><span class="o">(</span><span class="nd">@CurrentThing</span> <span class="n">Thing</span> <span class="n">thing</span><span class="o">)</span>
+    <span class="o">{</span>
+        <span class="n">thing</span><span class="o">.</span><span class="na">doSomething</span><span class="o">();</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Our method is now secured, and we are able to use given parameter values as part of our security authorizer!</p>
+<h1 id="integrating-3rd-party-security-frameworks">Integrating 3rd party security frameworks</h1>
+<h2 id="secured">@Secured</h2>
+<p><code>@Secured</code> is build on <code>@SecurityBindingType</code> and a very simple alternative to the rest of the security module.
+It's a basic hook to integrate a custom security concept, 3rd party frameworks,... . It doesn't provide a full blown security concept like the rest of the security module, but other DeltaSpike modules ensure that the security concepts are integrated properly (e.g. correct behaviour within custom scope implementations,...). It just allows to integrate other security frameworks easily.</p>
+<p>(In MyFaces CODI it was originally a CDI interceptor. This part changed a bit, because between the interceptor and <code>@Secured</code> is the <code>@SecurityBindingType</code> concept which triggers <code>@Secured</code> as on possible approach. Therefore the basic behaviour remains the same and you can think about it like an interceptor.)</p>
+<p>Securing all intercepted methods of a CDI bean:</p>
+<div class="codehilite"><pre><span class="c1">//...</span>
+<span class="nd">@Secured</span><span class="o">(</span><span class="n">CustomAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean</span>
+<span class="o">{</span>
+    <span class="c1">//...</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>or</p>
+<p>Securing specific methods:</p>
+<div class="codehilite"><pre><span class="c1">//...</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">SecuredBean</span>
+<span class="o">{</span>
+    <span class="nd">@Secured</span><span class="o">(</span><span class="n">CustomAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+    <span class="kd">public</span> <span class="n">String</span> <span class="nf">getResult</span><span class="o">()</span>
+    <span class="o">{</span>
+        <span class="c1">//...</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<h2 id="accessdecisionvoter">AccessDecisionVoter</h2>
+<p>This interface is (besides the <code>Secured</code> annotation) the most important part of the concept. Both artifact types are also the only required parts:</p>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">CustomAccessDecisionVoter</span> <span class="kd">implements</span> <span class="n">AccessDecisionVoter</span>
+<span class="o">{</span>
+    <span class="nd">@Override</span>
+    <span class="kd">public</span> <span class="n">Set</span><span class="o">&lt;</span><span class="n">SecurityViolation</span><span class="o">&gt;</span> <span class="n">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">accessDecisionVoterContext</span><span class="o">)</span>
+    <span class="o">{</span>
+        <span class="n">Method</span> <span class="n">method</span> <span class="o">=</span> <span class="n">accessDecisionVoterContext</span><span class="o">.&lt;</span><span class="n">InvocationContext</span><span class="o">&gt;</span><span class="n">getSource</span><span class="o">().</span><span class="na">getMethod</span><span class="o">();</span>
+
+        <span class="c1">//...</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>[TODO] hint about the changed parameter/s</p>
+<h2 id="securityviolation">SecurityViolation</h2>
+<p>In case of a detected violation a <code>SecurityViolation</code> has to be added to the result returned by the <code>AccessDecisionVoter</code>.</p>
+<h2 id="abstractaccessdecisionvoter">AbstractAccessDecisionVoter</h2>
+<p>You can also implement the abstract class <code>AbstractAccessDecisionVoter</code>. This is a convenience class which allows an easier usage:</p>
+<p>Example:
+    :::java
+    public class CustomAccessDecisionVoter extends AbstractAccessDecisionVoter
+    {</p>
+<div class="codehilite"><pre>    <span class="p">@</span><span class="n">Override</span>
+    <span class="n">protected</span> <span class="n">void</span> <span class="n">checkPermission</span><span class="p">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">accessDecisionVoterContext</span><span class="p">,</span>
+            <span class="n">Set</span><span class="o">&lt;</span><span class="n">SecurityViolation</span><span class="o">&gt;</span> <span class="n">violations</span><span class="p">)</span>
+    <span class="p">{</span>
+        <span class="o">//</span> <span class="n">check</span> <span class="k">for</span> <span class="n">violations</span>
+        <span class="n">violations</span><span class="p">.</span><span class="n">add</span><span class="p">(</span><span class="n">newSecurityViolation</span><span class="p">(</span>&quot;<span class="n">access</span> <span class="n">not</span> <span class="n">allowed</span> <span class="n">due</span> <span class="n">to</span> <span class="p">...</span>&quot;<span class="p">));</span>
+    <span class="p">}</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<h2 id="secured-and-stereotypes-with-custom-meta-data">@Secured and Stereotypes with custom Meta-data</h2>
+<p>If there are multiple <code>AccessDecisionVoter</code> and maybe in different constellations, it's easier to provide an expressive CDI stereotypes for it. Later on that also allows to change the behaviour in a central place.</p>
+<p>Stereotype support of @Secured:</p>
+<div class="codehilite"><pre><span class="nd">@Named</span>
+<span class="nd">@Admin</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">MyBean</span> <span class="kd">implements</span> <span class="n">Serializable</span>
+<span class="o">{</span>
+  <span class="c1">//...</span>
+<span class="o">}</span>
+
+<span class="c1">//...</span>
+<span class="nd">@Stereotype</span>
+<span class="nd">@Secured</span><span class="o">(</span><span class="n">RoleAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">Admin</span>
+<span class="o">{</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Furthermore, it's possible to provide custom meta-data easily.</p>
+<p>Stereotype of @Secured with custom meta-data:</p>
+<div class="codehilite"><pre><span class="nd">@Named</span>
+<span class="nd">@Admin</span><span class="o">(</span><span class="n">securityLevel</span><span class="o">=</span><span class="mi">3</span><span class="o">)</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">MyBean</span> <span class="kd">implements</span> <span class="n">Serializable</span>
+<span class="o">{</span>
+  <span class="c1">//...</span>
+<span class="o">}</span>
+
+<span class="c1">//...</span>
+<span class="nd">@Stereotype</span>
+<span class="nd">@Secured</span><span class="o">(</span><span class="n">RoleAccessDecisionVoter</span><span class="o">.</span><span class="na">class</span><span class="o">)</span>
+<span class="kd">public</span> <span class="nd">@interface</span> <span class="n">Admin</span>
+<span class="o">{</span>
+  <span class="kt">int</span> <span class="nf">securityLevel</span><span class="o">();</span>
+<span class="o">}</span>
+
+<span class="nd">@ApplicationScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">RoleAccessDecisionVoter</span> <span class="kd">implements</span> <span class="n">AccessDecisionVoter</span>
+<span class="o">{</span>
+    <span class="kd">private</span> <span class="kd">static</span> <span class="kd">final</span> <span class="kt">long</span> <span class="n">serialVersionUID</span> <span class="o">=</span> <span class="o">-</span><span class="mi">8007511215776345835L</span><span class="o">;</span>
+
+    <span class="kd">public</span> <span class="n">Set</span><span class="o">&lt;</span><span class="n">SecurityViolation</span><span class="o">&gt;</span> <span class="n">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">voterContext</span><span class="o">)</span>
+    <span class="o">{</span>
+        <span class="n">Admin</span> <span class="n">admin</span> <span class="o">=</span> <span class="n">voterContext</span><span class="o">.</span><span class="na">getMetaDataFor</span><span class="o">(</span><span class="n">Admin</span><span class="o">.</span><span class="na">class</span><span class="o">.</span><span class="na">getName</span><span class="o">(),</span> <span class="n">Admin</span><span class="o">.</span><span class="na">class</span><span class="o">);</span>
+        <span class="kt">int</span> <span class="n">level</span> <span class="o">=</span> <span class="n">admin</span><span class="o">.</span><span class="na">securityLevel</span><span class="o">();</span>
+        <span class="c1">//...</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<h1 id="making-intitially-requested-and-secured-page-available-for-redirect-after-login">Making intitially requested and secured page available for redirect after login</h1>
+<p>DeltaSpike can be combined with pure CDI or with any other security frameworks (like PicketLink) to track the denied page and make it available after user logs in.</p>
+<h2 id="cdi-implementation-to-redirect-the-login-to-the-first-denied-page">CDI Implementation to redirect the login to the first denied page</h2>
+<p>Your LoginService will fire a custom <code>UserLoggedInEvent</code></p>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">LoginService</span> <span class="kd">implements</span> <span class="n">Serializable</span> <span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">Event</span><span class="o">&lt;</span><span class="n">UserLoggedInEvent</span><span class="o">&gt;</span> <span class="n">userLoggedInEvent</span><span class="o">;</span>
+
+    <span class="kd">public</span> <span class="n">Usuario</span> <span class="nf">login</span><span class="o">(</span><span class="n">String</span> <span class="n">username</span><span class="o">,</span> <span class="kt">char</span><span class="o">[]</span> <span class="n">password</span><span class="o">)</span> <span class="o">{</span>
+        <span class="c1">//do the loggin process</span>
+        <span class="n">userLoggedInEvent</span><span class="o">.</span><span class="na">fire</span><span class="o">(</span><span class="k">new</span> <span class="n">UserLoggedInEvent</span><span class="o">());</span>
+    <span class="o">}</span>
+
+<span class="o">}</span>
+</pre></div>
+
+
+<p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.</p>
+<div class="codehilite"><pre><span class="nd">@SessionScoped</span> <span class="c1">//or @WindowScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">AdminAccessDecisionVoter</span> <span class="kd">extends</span> <span class="n">AbstractAccessDecisionVoter</span> <span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewConfigResolver</span> <span class="n">viewConfigResolver</span><span class="o">;</span>
+
+    <span class="kd">private</span> <span class="n">Class</span><span class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">&gt;</span> <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+
+    <span class="nd">@Override</span>
+    <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">context</span><span class="o">,</span> <span class="n">Set</span><span class="o">&lt;</span><span class="n">SecurityViolation</span><span class="o">&gt;</span> <span class="n">violations</span><span class="o">)</span> <span class="o">{</span>
+        <span class="k">if</span><span class="o">(</span><span class="n">loggedIn</span><span class="o">)</span> <span class="o">{</span>
+            <span class="c1">//...</span>
+        <span class="o">}</span> <span class="k">else</span> <span class="o">{</span>
+            <span class="n">violations</span><span class="o">.</span><span class="na">add</span><span class="o">(</span><span class="cm">/*...*/</span><span class="o">);</span>
+            <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">viewConfigResolver</span><span class="o">.</span><span class="na">getViewConfigDescriptor</span><span class="o">(</span><span class="n">FacesContext</span><span class="o">.</span><span class="na">getCurrentInstance</span><span class="o">().</span><span class="na">getViewRoot</span><span class="o">().</span><span class="na">getViewId</span><span class="o">()).</span><span class="na">getConfigClass</span><span class="o">();</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+
+    <span class="kd">public</span> <span class="n">Class</span><span class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">&gt;</span> <span class="n">getDeniedPage</span><span class="o">()</span> <span class="o">{</span>
+        <span class="k">try</span> <span class="o">{</span>
+            <span class="k">return</span> <span class="n">deniedPage</span><span class="o">;</span>
+        <span class="o">}</span> <span class="k">finally</span> <span class="o">{</span>
+            <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>And in AuthenticationListener you inject AdminAccessDecisionVoter</p>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthenticationListener</span> <span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="o">;</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="o">;</span>
+
+    <span class="kd">public</span> <span class="kt">void</span> <span class="nf">handleLoggedIn</span><span class="o">(</span><span class="nd">@Observes</span> <span class="n">UserLoggedInEvent</span> <span class="n">event</span><span class="o">)</span> <span class="o">{</span>
+        <span class="k">this</span><span class="o">.</span><span class="na">viewNavigationHandler</span><span class="o">.</span><span class="na">navigateTo</span><span class="o">(</span><span class="n">adminAccessDecisionVoter</span><span class="o">.</span><span class="na">getDeniedPage</span><span class="o">());</span>
+    <span class="o">}</span>
+
+<span class="o">}</span>
+</pre></div>
+
+
+<h2 id="picketlink-implementation-to-redirect-the-login-to-the-first-denied-page">PicketLink Implementation to redirect the login to the first denied page</h2>
+<p>Once that PicketLink handles the authentication for you, you only need to store the denied page and observe PicketLink <code>LoggedInEvent</code> to redirect you back to the denied page.</p>
+<p>Use @SessionScoped or @WindowScoped for AdminAccessDecisionVoter and store the denied page on your own.</p>
+<div class="codehilite"><pre><span class="nd">@SessionScoped</span> <span class="c1">//or @WindowScoped</span>
+<span class="kd">public</span> <span class="kd">class</span> <span class="nc">AdminAccessDecisionVoter</span> <span class="kd">extends</span> <span class="n">AbstractAccessDecisionVoter</span> <span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewConfigResolver</span> <span class="n">viewConfigResolver</span><span class="o">;</span>
+
+    <span class="kd">private</span> <span class="n">Class</span><span class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">&gt;</span> <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+
+    <span class="nd">@Override</span>
+    <span class="kd">protected</span> <span class="kt">void</span> <span class="nf">checkPermission</span><span class="o">(</span><span class="n">AccessDecisionVoterContext</span> <span class="n">context</span><span class="o">,</span> <span class="n">Set</span><span class="o">&lt;</span><span class="n">SecurityViolation</span><span class="o">&gt;</span> <span class="n">violations</span><span class="o">)</span> <span class="o">{</span>
+
+        <span class="n">AuthorizationChecker</span> <span class="n">authorizationChecker</span> <span class="o">=</span> <span class="n">BeanProvider</span><span class="o">.</span><span class="na">getContextualReference</span><span class="o">(</span><span class="n">AuthorizationChecker</span><span class="o">.</span><span class="na">class</span><span class="o">);</span>
+        <span class="kt">boolean</span> <span class="n">loggedIn</span> <span class="o">=</span> <span class="n">authorizationChecker</span><span class="o">.</span><span class="na">isLoggedIn</span><span class="o">();</span>
+
+        <span class="k">if</span><span class="o">(</span><span class="n">loggedIn</span><span class="o">)</span> <span class="o">{</span>
+            <span class="c1">//...</span>
+        <span class="o">}</span> <span class="k">else</span> <span class="o">{</span>
+            <span class="n">violations</span><span class="o">.</span><span class="na">add</span><span class="o">(</span><span class="cm">/*...*/</span><span class="o">);</span>
+            <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">viewConfigResolver</span><span class="o">.</span><span class="na">getViewConfigDescriptor</span><span class="o">(</span><span class="n">FacesContext</span><span class="o">.</span><span class="na">getCurrentInstance</span><span class="o">().</span><span class="na">getViewRoot</span><span class="o">().</span><span class="na">getViewId</span><span class="o">()).</span><span class="na">getConfigClass</span><span class="o">();</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+
+    <span class="kd">public</span> <span class="n">Class</span><span class="o">&lt;?</span> <span class="kd">extends</span> <span class="n">ViewConfig</span><span class="o">&gt;</span> <span class="n">getDeniedPage</span><span class="o">()</span> <span class="o">{</span>
+        <span class="k">try</span> <span class="o">{</span>
+            <span class="k">return</span> <span class="n">deniedPage</span><span class="o">;</span>
+        <span class="o">}</span> <span class="k">finally</span> <span class="o">{</span>
+            <span class="n">deniedPage</span> <span class="o">=</span> <span class="n">Pages</span><span class="o">.</span><span class="na">Home</span><span class="o">.</span><span class="na">class</span><span class="o">;</span>
+        <span class="o">}</span>
+    <span class="o">}</span>
+<span class="o">}</span>
+</pre></div>
+
+
+<p>And in AuthenticationListener you inject AdminAccessDecisionVoter</p>
+<div class="codehilite"><pre><span class="kd">public</span> <span class="kd">class</span> <span class="nc">AuthenticationListener</span> <span class="o">{</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">ViewNavigationHandler</span> <span class="n">viewNavigationHandler</span><span class="o">;</span>
+
+    <span class="nd">@Inject</span>
+    <span class="kd">private</span> <span class="n">AdminAccessDecisionVoter</span> <span class="n">adminAccessDecisionVoter</span><span class="o">;</span>
+
+    <span class="kd">public</span> <span class="kt">void</span> <span class="nf">handleLoggedIn</span><span class="o">(</span><span class="nd">@Observes</span> <span class="n">LoggedInEvent</span> <span class="n">event</span><span class="o">)</span> <span class="o">{</span>
+        <span class="k">this</span><span class="o">.</span><span class="na">viewNavigationHandler</span><span class="o">.</span><span class="na">navigateTo</span><span class="o">(</span><span class="n">adminAccessDecisionVoter</span><span class="o">.</span><span class="na">getDeniedPage</span><span class="o">());</span>
+    <span class="o">}</span>
+
+<span class="o">}</span>
+</pre></div>
+
+
+<h1 id="accessdecisionvotercontext">AccessDecisionVoterContext</h1>
+<p>Because the <code>AccessDecisionVoter</code> can be chained, <code>AccessDecisionVoterContext</code> allows to get the current state as well as the results of the security check.</p>
+<p>There are several methods that can be useful</p>
+<ul>
+<li><code>getState()</code> - Exposes the current state : INITIAL, VOTE_IN_PROGRESS, VIOLATION_FOUND, NO_VIOLATION_FOUND</li>
+<li><code>getViolations()</code> - Exposes the found violations</li>
+<li><code>getSource()</code> - Exposes e.g. the current instance of <code>javax.interceptor.InvocationContext</code> in combination with <code>@Secured</code> used as interceptor.</li>
+<li><code>getMetaData()</code> - Exposes the found meta-data e.g. the view-config-class if <code>@Secured</code> is used in combination with type-safe view-configs</li>
+<li><code>getMetaDataFor(String, Class&lt;T&gt;)</code> - Exposes meta-data for the given key</li>
+</ul>
+<h2 id="securitystrategy-spi">SecurityStrategy SPI</h2>
+<p>The <code>SecurityStrategy</code> interface allows to provide a custom implementation which should be used for <code>@Secured</code>.
+Provide a custom implementation as bean-class in combination with <code>@Alternative</code> or <code>@Specializes</code> (or as global-alternative).</p>
+<p>In case of global-alternatives an additional config needs to be added to <code>/META-INF/apache-deltaspike.properties</code> - e.g.:</p>
+<p><code>globalAlternatives.org.apache.deltaspike.security.spi.authorization.SecurityStrategy=mypackage.CustomSecurityStrategy</code></p>
+<p><strong>Note</strong>: The config for global-alternatives is following the pattern: globalAlternatives.<code>&lt;interface-name&gt;</code>=<code>&lt;implementation-class-name&gt;</code></p>
+          </div>
+      </div>
+
+      <hr>
+
+      <footer>
+        <p>Copyright © 2011-2014 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.</p>
+        <p>Apache and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
+      </footer>
+
+    </div> <!-- /.container -->
+
+    <!-- Javascript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    <!--<script src="./../resources/js/prettyfy.js"></script> -->
+    <script src="./../resources/js/prettyprint.js"></script>
+    <script src="./../resources/js/jquery.js"></script>
+    <script src="./../resources/js/bootstrap-transition.js"></script>
+    <script src="./../resources/js/bootstrap-alert.js"></script>
+    <script src="./../resources/js/bootstrap-modal.js"></script>
+    <script src="./../resources/js/bootstrap-dropdown.js"></script>
+    <script src="./../resources/js/bootstrap-scrollspy.js"></script>
+    <script src="./../resources/js/bootstrap-tab.js"></script>
+    <script src="./../resources/js/bootstrap-tooltip.js"></script>
+    <script src="./../resources/js/bootstrap-popover.js"></script>
+    <script src="./../resources/js/bootstrap-button.js"></script>
+    <script src="./../resources/js/bootstrap-collapse.js"></script>
+    <script src="./../resources/js/bootstrap-carousel.js"></script>
+    <script src="./../resources/js/bootstrap-typeahead.js"></script>
+</body>
+</html>

Added: websites/staging/deltaspike/trunk/content/retired/servlet.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/retired/servlet.html (added)
+++ websites/staging/deltaspike/trunk/content/retired/servlet.html Wed Sep 17 12:22:52 2014
@@ -0,0 +1,337 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="deltaspike-generate-pages">
+    <meta name="author" content="chm">
+
+    <title>Apache DeltaSpike - Servlet module</title>
+
+    
+
+    
+    <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file to you under the Apache License, Version 2.0 (the &quot;License&quot;); you may not use this file except in compliance with the License.  You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the specific language governing permissions and limitations under the License. -->
+
+    <!-- Styles -->
+    
+    <link href="./../resources/css/bootstrap.css" rel="stylesheet">    
+    <!--<link href="./../resources/css/prettify.css" rel="stylesheet" /> -->
+    <link href="./../resources/css/codehilite.css" rel="stylesheet" />
+    <link href="./../resources/css/bootstrap-responsive.css" rel="stylesheet">
+    <style type="text/css">
+        body {
+            padding-top: 60px;
+            padding-bottom: 40px;
+        }
+    </style>
+	<script type="text/javascript">
+
+	  var _gaq = _gaq || [];
+	  _gaq.push(['_setAccount', 'UA-36103647-1']);
+	  _gaq.push(['_trackPageview']);
+	
+	  (function() {
+		var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+		ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+		var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+	  })();
+	
+	</script>
+</head>
+
+<body>
+    <div class="navbar navbar-fixed-top">
+        <div class="navbar-inner">
+            <div class="container">
+                <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </a>
+                <a class="brand logocolor" href="/index.html">Apache DeltaSpike</a>
+                <div class="nav-collapse">
+                    <ul class="nav">
+                        <li class="active"><a href="./../index.html">Home</a></li>
+                        <li><a href="./../documentation.html">Documentation</a></li>
+                        <li><a href="./../source.html">Source</a></li>
+                        <li><a href="./../download.html">Download</a></li>
+                        <li><a href="./../community.html">Community</a></li>
+                        <!-- <li><a href="./../support.html">Support</a></li>  -->
+                        <li><a href="./../news.html">News</a></li>
+                        <li><a href="./../migration-guide.html">Migration</a></li>
+                    </ul>
+                </div><!--/.nav-collapse -->
+                <form id="search-form" action="http://www.google.com/search" method="get"  class="navbar-search pull-right" >
+                    <input value="deltaspike.apache.org" name="sitesearch" type="hidden"/>
+                    <input class="search-query" name="q" id="query" type="text" />
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <div class="container">
+      <div class="row">
+          <div class="span12">
+              <div class="page-title">
+                <h1>Servlet module</h1>
+              </div>
+              <div class="toc">
+<ul>
+<li><a href="#configuration">Configuration</a></li>
+<li><a href="#injectable-servlet-objects">Injectable Servlet objects</a><ul>
+<li><a href="#servletcontext">ServletContext</a></li>
+<li><a href="#servletrequest-httpservletrequest">ServletRequest / HttpServletRequest</a></li>
+<li><a href="#servletresponse-httpservletresponse">ServletResponse / HttpServletResponse</a></li>
+<li><a href="#httpsession">HttpSession</a></li>
+<li><a href="#principal">Principal</a></li>
+</ul>
+</li>
+<li><a href="#servlet-event-propagation">Servlet event propagation</a><ul>
+<li><a href="#servlet-context-lifecycle-events">Servlet context lifecycle events</a></li>
+<li><a href="#request-and-response-lifecycle-events">Request and response lifecycle events</a></li>
+<li><a href="#session-lifecycle-events">Session lifecycle events</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<hr />
+<h1 id="configuration">Configuration</h1>
+<p>In most cases there is no need for any additional configuration beside adding the required 
+dependencies to your project, because all required listeners and filters are automatically 
+registered in the container.</p>
+<p>However there are certain situations in which you will have to manually register the 
+listeners and filters in your <code>web.xml</code>:</p>
+<ul>
+<li>Your container doesn't support Servlet 3.0 or newer.</li>
+<li>You have set <code>metadata-complete=true</code> in your <code>web.xml</code>.</li>
+<li>You packaged the servlet module in the <code>lib</code> directory of an EAR archive.</li>
+</ul>
+<p>In these cases you will have to add the following section manually to your <code>web.xml</code>:</p>
+<div class="codehilite"><pre><span class="nt">&lt;listener&gt;</span>
+    <span class="nt">&lt;display-name&gt;</span>EventBridgeContextListener<span class="nt">&lt;/display-name&gt;</span>
+    <span class="nt">&lt;listener-class&gt;</span>org.apache.deltaspike.servlet.impl.event.EventBridgeContextListener<span class="nt">&lt;/listener-class&gt;</span>
+<span class="nt">&lt;/listener&gt;</span>
+
+<span class="nt">&lt;listener&gt;</span>
+    <span class="nt">&lt;display-name&gt;</span>EventBridgeSessionListener<span class="nt">&lt;/display-name&gt;</span>
+    <span class="nt">&lt;listener-class&gt;</span>org.apache.deltaspike.servlet.impl.event.EventBridgeSessionListener<span class="nt">&lt;/listener-class&gt;</span>
+<span class="nt">&lt;/listener&gt;</span>
+
+<span class="nt">&lt;listener&gt;</span>
+    <span class="nt">&lt;display-name&gt;</span>ServletContextHolderListener<span class="nt">&lt;/display-name&gt;</span>
+    <span class="nt">&lt;listener-class&gt;</span>org.apache.deltaspike.servlet.impl.produce.ServletContextHolderListener<span class="nt">&lt;/listener-class&gt;</span>
+<span class="nt">&lt;/listener&gt;</span>
+
+<span class="nt">&lt;listener&gt;</span>
+    <span class="nt">&lt;display-name&gt;</span>RequestResponseHolderListener<span class="nt">&lt;/display-name&gt;</span>
+    <span class="nt">&lt;listener-class&gt;</span>org.apache.deltaspike.servlet.impl.produce.RequestResponseHolderListener<span class="nt">&lt;/listener-class&gt;</span>
+<span class="nt">&lt;/listener&gt;</span>
+
+<span class="nt">&lt;filter&gt;</span>
+    <span class="nt">&lt;display-name&gt;</span>RequestResponseHolderFilter<span class="nt">&lt;/display-name&gt;</span>
+    <span class="nt">&lt;filter-name&gt;</span>RequestResponseHolderFilter<span class="nt">&lt;/filter-name&gt;</span>
+    <span class="nt">&lt;filter-class&gt;</span>org.apache.deltaspike.servlet.impl.produce.RequestResponseHolderFilter<span class="nt">&lt;/filter-class&gt;</span>
+<span class="nt">&lt;/filter&gt;</span>
+<span class="nt">&lt;filter-mapping&gt;</span>
+    <span class="nt">&lt;filter-name&gt;</span>RequestResponseHolderFilter<span class="nt">&lt;/filter-name&gt;</span>
+    <span class="nt">&lt;url-pattern&gt;</span>/*<span class="nt">&lt;/url-pattern&gt;</span>
+<span class="nt">&lt;/filter-mapping&gt;</span>
+
+<span class="nt">&lt;filter&gt;</span>
+    <span class="nt">&lt;display-name&gt;</span>EventBridgeFilter<span class="nt">&lt;/display-name&gt;</span>
+    <span class="nt">&lt;filter-name&gt;</span>EventBridgeFilter<span class="nt">&lt;/filter-name&gt;</span>
+    <span class="nt">&lt;filter-class&gt;</span>org.apache.deltaspike.servlet.impl.event.EventBridgeFilter<span class="nt">&lt;/filter-class&gt;</span>
+<span class="nt">&lt;/filter&gt;</span>
+<span class="nt">&lt;filter-mapping&gt;</span>
+    <span class="nt">&lt;filter-name&gt;</span>EventBridgeFilter<span class="nt">&lt;/filter-name&gt;</span>
+    <span class="nt">&lt;url-pattern&gt;</span>/*<span class="nt">&lt;/url-pattern&gt;</span>
+<span class="nt">&lt;/filter-mapping&gt;</span>
+</pre></div>
+
+
+<h1 id="injectable-servlet-objects">Injectable Servlet objects</h1>
+<p>The DeltaSpike Servlet module contains producers for many objects of a Servlet environment. 
+All produces are using the special qualifier <code>@DeltaSpike</code> for compatibility with CDI 1.1, 
+which supports the injection of some Servlet objects out of the box.</p>
+<p>The following code shows the general injection pattern to use for all objects.</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">ServletObject</span> <span class="n">servletObject</span><span class="p">;</span>
+</pre></div>
+
+
+<h2 id="servletcontext">ServletContext</h2>
+<p>The <code>ServletContext</code> is made available in the application scope. It can be injected into any CDI bean 
+like this:</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">ServletContext</span> <span class="n">servletContext</span><span class="p">;</span>
+</pre></div>
+
+
+<h2 id="servletrequest-httpservletrequest">ServletRequest / HttpServletRequest</h2>
+<p>The <code>ServletRequest</code> is made available in the request scope. The current request can be injected 
+into a CDI bean like this:</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">ServletRequest</span> <span class="n">request</span><span class="p">;</span>
+</pre></div>
+
+
+<p>In case of HTTP requests you can also inject the <code>HttpServletRequest</code>:</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">HttpServletRequest</span> <span class="n">request</span><span class="p">;</span>
+</pre></div>
+
+
+<h2 id="servletresponse-httpservletresponse">ServletResponse / HttpServletResponse</h2>
+<p>The <code>ServletResponse</code> is made available in the request scope. The current response can be 
+injected into a CDI bean like this:</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">ServletResponse</span> <span class="n">response</span><span class="p">;</span>
+</pre></div>
+
+
+<p>In case of HTTP requests you can also inject the <code>HttpServletResponse</code>:</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">HttpServletResponse</span> <span class="n">response</span><span class="p">;</span>
+</pre></div>
+
+
+<h2 id="httpsession">HttpSession</h2>
+<p>The <code>HttpSession</code> is made available in the session scope. You can inject the current session 
+of a user into a CDI bean like this:</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">HttpSession</span> <span class="n">session</span><span class="p">;</span>
+</pre></div>
+
+
+<p>Please note that injecting the session this way will force the creation of a session. </p>
+<h2 id="principal">Principal</h2>
+<p>The <code>Principal</code> is made available in the request scope. The current principal can be 
+injected into a CDI bean like this:</p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">Inject</span> <span class="p">@</span><span class="n">DeltaSpike</span>
+<span class="n">private</span> <span class="n">Principal</span> <span class="n">principal</span><span class="p">;</span>
+</pre></div>
+
+
+<p>The <code>Principal</code> is obtained by calling <code>getUserPrincipal()</code> on the <code>HttpServletRequest</code>.</p>
+<h1 id="servlet-event-propagation">Servlet event propagation</h1>
+<p>The DeltaSpike Servlet module will propagate a number of Servlet object lifecycle events to 
+the CDI event bus. This allows regular CDI beans to observe these events and react accordingly.</p>
+<p>In most cases the event type is the object whose lifecycle is observed. To distinguish 
+between construction and destruction of the corresponding object, DeltaSpike uses the 
+qualifiers <code>@Initialized</code> and <code>@Destroyed</code>.</p>
+<p>The following sections will show which concrete Servlet objects are supported and how their 
+lifecycle can be observed.</p>
+<h2 id="servlet-context-lifecycle-events">Servlet context lifecycle events</h2>
+<p>The Servlet module supports initialization and destruction events for the <code>ServletContext</code>. These events
+can for example be used to detect application startup or shutdown. The following code shows
+how these events can be observed:</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">void</span> <span class="n">onCreate</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Initialized</span> <span class="n">ServletContext</span> <span class="n">context</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">Initialized</span> <span class="n">ServletContext</span><span class="p">:</span> &quot; <span class="o">+</span> <span class="n">context</span><span class="p">.</span><span class="n">getServletContextName</span><span class="p">());</span>
+<span class="p">}</span>
+
+<span class="n">public</span> <span class="n">void</span> <span class="n">onDestroy</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Destroyed</span> <span class="n">ServletContext</span> <span class="n">context</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">Destroyed</span> <span class="n">ServletContext</span><span class="p">:</span> &quot; <span class="o">+</span> <span class="n">context</span><span class="p">.</span><span class="n">getServletContextName</span><span class="p">());</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>The events are emitted from a <code>ServletContextListener</code> called <code>EventBridgeContextListener</code>. You can
+disable lifecycle events for the <code>ServletContext</code> by deactivating the following class:</p>
+<div class="codehilite"><pre><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">deltaspike</span><span class="p">.</span><span class="n">servlet</span><span class="p">.</span><span class="n">impl</span><span class="p">.</span><span class="n">event</span><span class="p">.</span><span class="n">EventBridgeContextListener</span>
+</pre></div>
+
+
+<p>If you manually registered the required filters and listeners, you can also simply remove the
+entry for the <code>EventBridgeContextListener</code> from your <code>web.xml</code> to disable the events.</p>
+<h2 id="request-and-response-lifecycle-events">Request and response lifecycle events</h2>
+<p>The Servlet module also supports initialization and destruction events for the <code>HttpServletRequest</code>
+and <code>HttpServletResponse</code>. These events can for example be used for initialization work like invoking
+<code>setCharacterEncoding</code> on the request.</p>
+<p>The following example shows how to observe lifecycle events for the request:</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">void</span> <span class="n">onCreate</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Initialized</span> <span class="n">HttpServletRequest</span> <span class="n">request</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">Starting</span> <span class="n">to</span> <span class="n">process</span> <span class="n">request</span> <span class="k">for</span><span class="p">:</span> &quot; <span class="o">+</span> <span class="n">request</span><span class="p">.</span><span class="n">getRequestURI</span><span class="p">());</span>
+<span class="p">}</span>
+
+<span class="n">public</span> <span class="n">void</span> <span class="n">onDestroy</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Destroyed</span> <span class="n">HttpServletRequest</span> <span class="n">request</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">Finished</span> <span class="n">processing</span> <span class="n">request</span> <span class="k">for</span><span class="p">:</span> &quot; <span class="o">+</span> <span class="n">request</span><span class="p">.</span><span class="n">getRequestURI</span><span class="p">());</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>Observing lifecycle events for the response works the same way:</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">void</span> <span class="n">onCreate</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Initialized</span> <span class="n">HttpServletResponse</span> <span class="n">response</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">HttpServletResponse</span> <span class="n">created</span>&quot;<span class="p">);</span>
+<span class="p">}</span>
+
+<span class="n">public</span> <span class="n">void</span> <span class="n">onDestroy</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Destroyed</span> <span class="n">HttpServletResponse</span> <span class="n">response</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">HttpServletResponse</span> <span class="n">destroyed</span>&quot;<span class="p">);</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>All events of this category are emitted from a servlet filter called <code>EventBridgeFilter</code>.
+If you want to disable events for this category, just use DeltaSpike's deactivation mechanism
+to deactivate the following class:</p>
+<div class="codehilite"><pre><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">deltaspike</span><span class="p">.</span><span class="n">servlet</span><span class="p">.</span><span class="n">impl</span><span class="p">.</span><span class="n">event</span><span class="p">.</span><span class="n">EventBridgeFilter</span>
+</pre></div>
+
+
+<p>If you manually registered the required filters and listeners you can also simply remove the
+entry for the <code>EventBridgeFilter</code> from your <code>web.xml</code> to disable the events.</p>
+<h2 id="session-lifecycle-events">Session lifecycle events</h2>
+<p>The last category of events supported by the DeltaSpike Servlet module are the lifecycle events
+for the user's HTTP session. The following example shows how these events can be observed from
+a regular CDI bean.</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">void</span> <span class="n">onCreate</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Initialized</span> <span class="n">HttpSession</span> <span class="n">session</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">Session</span> <span class="n">created</span><span class="p">:</span> &quot; <span class="o">+</span> <span class="n">session</span><span class="p">.</span><span class="n">getId</span><span class="p">());</span>
+<span class="p">}</span>
+
+<span class="n">public</span> <span class="n">void</span> <span class="n">onDestroy</span><span class="p">(@</span><span class="n">Observes</span> <span class="p">@</span><span class="n">Destroyed</span> <span class="n">HttpSession</span> <span class="n">session</span><span class="p">)</span> <span class="p">{</span>
+    <span class="n">System</span><span class="p">.</span><span class="n">out</span><span class="p">.</span><span class="n">println</span><span class="p">(</span>&quot;<span class="n">Session</span> <span class="n">destroyed</span><span class="p">:</span> &quot; <span class="o">+</span> <span class="n">session</span><span class="p">.</span><span class="n">getId</span><span class="p">());</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>The lifecycle events for the HTTP session are sent from a <code>HttpSessionListener</code> called
+<code>EventBridgeSessionListener</code>. To disable this event category, deactivate the following
+class:</p>
+<div class="codehilite"><pre><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">deltaspike</span><span class="p">.</span><span class="n">servlet</span><span class="p">.</span><span class="n">impl</span><span class="p">.</span><span class="n">event</span><span class="p">.</span><span class="n">EventBridgeSessionListener</span>
+</pre></div>
+
+
+<p>If you manually registered the required filters and listeners you can also simply remove the
+entry for the <code>EventBridgeSessionListener</code> from your <code>web.xml</code> to disable the events.</p>
+          </div>
+      </div>
+
+      <hr>
+
+      <footer>
+        <p>Copyright © 2011-2014 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.</p>
+        <p>Apache and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
+      </footer>
+
+    </div> <!-- /.container -->
+
+    <!-- Javascript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    <!--<script src="./../resources/js/prettyfy.js"></script> -->
+    <script src="./../resources/js/prettyprint.js"></script>
+    <script src="./../resources/js/jquery.js"></script>
+    <script src="./../resources/js/bootstrap-transition.js"></script>
+    <script src="./../resources/js/bootstrap-alert.js"></script>
+    <script src="./../resources/js/bootstrap-modal.js"></script>
+    <script src="./../resources/js/bootstrap-dropdown.js"></script>
+    <script src="./../resources/js/bootstrap-scrollspy.js"></script>
+    <script src="./../resources/js/bootstrap-tab.js"></script>
+    <script src="./../resources/js/bootstrap-tooltip.js"></script>
+    <script src="./../resources/js/bootstrap-popover.js"></script>
+    <script src="./../resources/js/bootstrap-button.js"></script>
+    <script src="./../resources/js/bootstrap-collapse.js"></script>
+    <script src="./../resources/js/bootstrap-carousel.js"></script>
+    <script src="./../resources/js/bootstrap-typeahead.js"></script>
+</body>
+</html>

Added: websites/staging/deltaspike/trunk/content/retired/source.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/retired/source.html (added)
+++ websites/staging/deltaspike/trunk/content/retired/source.html Wed Sep 17 12:22:52 2014
@@ -0,0 +1,167 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="deltaspike-generate-pages">
+    <meta name="author" content="chm">
+
+    <title>Apache DeltaSpike - Get Source and compile it</title>
+
+    
+
+    
+    <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file to you under the Apache License, Version 2.0 (the &quot;License&quot;); you may not use this file except in compliance with the License.  You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the specific language governing permissions and limitations under the License. -->
+
+    <!-- Styles -->
+    
+    <link href="./../resources/css/bootstrap.css" rel="stylesheet">    
+    <!--<link href="./../resources/css/prettify.css" rel="stylesheet" /> -->
+    <link href="./../resources/css/codehilite.css" rel="stylesheet" />
+    <link href="./../resources/css/bootstrap-responsive.css" rel="stylesheet">
+    <style type="text/css">
+        body {
+            padding-top: 60px;
+            padding-bottom: 40px;
+        }
+    </style>
+	<script type="text/javascript">
+
+	  var _gaq = _gaq || [];
+	  _gaq.push(['_setAccount', 'UA-36103647-1']);
+	  _gaq.push(['_trackPageview']);
+	
+	  (function() {
+		var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+		ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+		var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+	  })();
+	
+	</script>
+</head>
+
+<body>
+    <div class="navbar navbar-fixed-top">
+        <div class="navbar-inner">
+            <div class="container">
+                <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </a>
+                <a class="brand logocolor" href="/index.html">Apache DeltaSpike</a>
+                <div class="nav-collapse">
+                    <ul class="nav">
+                        <li class="active"><a href="./../index.html">Home</a></li>
+                        <li><a href="./../documentation.html">Documentation</a></li>
+                        <li><a href="./../source.html">Source</a></li>
+                        <li><a href="./../download.html">Download</a></li>
+                        <li><a href="./../community.html">Community</a></li>
+                        <!-- <li><a href="./../support.html">Support</a></li>  -->
+                        <li><a href="./../news.html">News</a></li>
+                        <li><a href="./../migration-guide.html">Migration</a></li>
+                    </ul>
+                </div><!--/.nav-collapse -->
+                <form id="search-form" action="http://www.google.com/search" method="get"  class="navbar-search pull-right" >
+                    <input value="deltaspike.apache.org" name="sitesearch" type="hidden"/>
+                    <input class="search-query" name="q" id="query" type="text" />
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <div class="container">
+      <div class="row">
+          <div class="span12">
+              <div class="page-title">
+                <h1>Get Source and compile it</h1>
+              </div>
+              <div class="toc">
+<ul>
+<li><a href="#introduction">Introduction</a></li>
+<li><a href="#scm-repository">SCM / Repository</a><ul>
+<li><a href="#initial-checkout">Initial 'checkout'</a></li>
+<li><a href="#update-existing-clone">Update existing clone</a></li>
+<li><a href="#read-only-mirrors">Read-only Mirrors</a><ul>
+<li><a href="#github-mirror">GitHub-Mirror</a></li>
+</ul>
+</li>
+<li><a href="#git-workflow">GIT Workflow</a></li>
+</ul>
+</li>
+<li><a href="#build">Build</a></li>
+<li><a href="#tools-ide">Tools / IDE</a><ul>
+<li><a href="#intellij">IntelliJ</a></li>
+<li><a href="#eclipse">Eclipse</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<hr />
+<h1 id="introduction">Introduction</h1>
+<h1 id="scm-repository">SCM / Repository</h1>
+<p>We are using GIT as a Version Control System. The official GIT repository of the project is available <a href="https://git-wip-us.apache.org/repos/asf/deltaspike.git">here</a>.</p>
+<h3 id="initial-checkout">Initial 'checkout'</h3>
+<div class="codehilite"><pre><span class="n">git</span> <span class="n">clone</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">git</span><span class="o">-</span><span class="n">wip</span><span class="o">-</span><span class="n">us</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">repos</span><span class="o">/</span><span class="n">asf</span><span class="o">/</span><span class="n">deltaspike</span><span class="p">.</span><span class="n">git</span>
+</pre></div>
+
+
+<h3 id="update-existing-clone">Update existing clone</h3>
+<div class="codehilite"><pre><span class="n">git</span> <span class="n">pull</span> <span class="o">--</span><span class="n">rebase</span>
+</pre></div>
+
+
+<h2 id="read-only-mirrors">Read-only Mirrors</h2>
+<h3 id="github-mirror">GitHub-Mirror</h3>
+<div class="codehilite"><pre><span class="n">git</span> <span class="n">clone</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">github</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">apache</span><span class="o">/</span><span class="n">deltaspike</span>
+</pre></div>
+
+
+<p>More information can be found <a href="https://help.github.com/articles/which-remote-url-should-i-use">here</a>.</p>
+<h2 id="git-workflow">GIT Workflow</h2>
+<p>We follow an <a href="suggested-git-workflows.html">unified GIT workflow</a> to keep the commit history straight and therefore simple and clean.
+General details about GIT at Apache are available <a href="http://wiki.apache.org/couchdb/Git_At_Apache_Guide">here</a> and at <a href="http://git-wip-us.apache.org">http://git-wip-us.apache.org</a>.</p>
+<p><strong>Hint:</strong></p>
+<p>If you are new to Git you might like to try the <a href="http://git.or.cz/course/svn.html">Git guide for subversion users</a> or have a look at the <a href="http://git-scm.com/book">Git community book</a>.</p>
+<h1 id="build">Build</h1>
+<p>So now you probably want to <strong><code>build the code</code></strong>. So follow the instructions <a href="build.html">here</a></p>
+<h1 id="tools-ide">Tools / IDE</h1>
+<p>Commits (and in the best case also patches), have to follow our "formatting rules".
+The following section provides settings for IDEs used by us.</p>
+<h2 id="intellij">IntelliJ</h2>
+<p><a href="resources/files/settings.jar">Attached</a> you can find the settings for formatting the source code. Import them via File | Import Settings...</p>
+<h2 id="eclipse">Eclipse</h2>
+<p>For Eclipse you can use this <a href="resources/files/deltaspike-code-conventions.xml">Code Formatter Profile</a>. Import it via Window | Preferences | Java | Code Style | Formatter</p>
+          </div>
+      </div>
+
+      <hr>
+
+      <footer>
+        <p>Copyright © 2011-2014 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.</p>
+        <p>Apache and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
+      </footer>
+
+    </div> <!-- /.container -->
+
+    <!-- Javascript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    <!--<script src="./../resources/js/prettyfy.js"></script> -->
+    <script src="./../resources/js/prettyprint.js"></script>
+    <script src="./../resources/js/jquery.js"></script>
+    <script src="./../resources/js/bootstrap-transition.js"></script>
+    <script src="./../resources/js/bootstrap-alert.js"></script>
+    <script src="./../resources/js/bootstrap-modal.js"></script>
+    <script src="./../resources/js/bootstrap-dropdown.js"></script>
+    <script src="./../resources/js/bootstrap-scrollspy.js"></script>
+    <script src="./../resources/js/bootstrap-tab.js"></script>
+    <script src="./../resources/js/bootstrap-tooltip.js"></script>
+    <script src="./../resources/js/bootstrap-popover.js"></script>
+    <script src="./../resources/js/bootstrap-button.js"></script>
+    <script src="./../resources/js/bootstrap-collapse.js"></script>
+    <script src="./../resources/js/bootstrap-carousel.js"></script>
+    <script src="./../resources/js/bootstrap-typeahead.js"></script>
+</body>
+</html>

Added: websites/staging/deltaspike/trunk/content/retired/spi.html
==============================================================================
--- websites/staging/deltaspike/trunk/content/retired/spi.html (added)
+++ websites/staging/deltaspike/trunk/content/retired/spi.html Wed Sep 17 12:22:52 2014
@@ -0,0 +1,184 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="deltaspike-generate-pages">
+    <meta name="author" content="chm">
+
+    <title>Apache DeltaSpike - DeltaSpike Service Provider Interface (SPI)</title>
+
+    
+
+    
+    <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.  See the NOTICE file distributed with this work for additional information regarding copyright ownership.  The ASF licenses this file to you under the Apache License, Version 2.0 (the &quot;License&quot;); you may not use this file except in compliance with the License.  You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the License for the specific language governing permissions and limitations under the License. -->
+
+    <!-- Styles -->
+    
+    <link href="./../resources/css/bootstrap.css" rel="stylesheet">    
+    <!--<link href="./../resources/css/prettify.css" rel="stylesheet" /> -->
+    <link href="./../resources/css/codehilite.css" rel="stylesheet" />
+    <link href="./../resources/css/bootstrap-responsive.css" rel="stylesheet">
+    <style type="text/css">
+        body {
+            padding-top: 60px;
+            padding-bottom: 40px;
+        }
+    </style>
+	<script type="text/javascript">
+
+	  var _gaq = _gaq || [];
+	  _gaq.push(['_setAccount', 'UA-36103647-1']);
+	  _gaq.push(['_trackPageview']);
+	
+	  (function() {
+		var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+		ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+		var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+	  })();
+	
+	</script>
+</head>
+
+<body>
+    <div class="navbar navbar-fixed-top">
+        <div class="navbar-inner">
+            <div class="container">
+                <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </a>
+                <a class="brand logocolor" href="/index.html">Apache DeltaSpike</a>
+                <div class="nav-collapse">
+                    <ul class="nav">
+                        <li class="active"><a href="./../index.html">Home</a></li>
+                        <li><a href="./../documentation.html">Documentation</a></li>
+                        <li><a href="./../source.html">Source</a></li>
+                        <li><a href="./../download.html">Download</a></li>
+                        <li><a href="./../community.html">Community</a></li>
+                        <!-- <li><a href="./../support.html">Support</a></li>  -->
+                        <li><a href="./../news.html">News</a></li>
+                        <li><a href="./../migration-guide.html">Migration</a></li>
+                    </ul>
+                </div><!--/.nav-collapse -->
+                <form id="search-form" action="http://www.google.com/search" method="get"  class="navbar-search pull-right" >
+                    <input value="deltaspike.apache.org" name="sitesearch" type="hidden"/>
+                    <input class="search-query" name="q" id="query" type="text" />
+                </form>
+            </div>
+        </div>
+    </div>
+
+    <div class="container">
+      <div class="row">
+          <div class="span12">
+              <div class="page-title">
+                <h1>DeltaSpike Service Provider Interface (SPI)</h1>
+              </div>
+              <div class="toc">
+<ul>
+<li><a href="#introduction">Introduction</a></li>
+<li><a href="#deactivatable">Deactivatable</a><ul>
+<li><a href="#classdeactivator">ClassDeactivator</a></li>
+</ul>
+</li>
+<li><a href="#configsource">ConfigSource</a><ul>
+<li><a href="#configsourceprovider">ConfigSourceProvider</a></li>
+<li><a href="#baseconfigpropertyproducer">BaseConfigPropertyProducer</a></li>
+</ul>
+</li>
+<li><a href="#interceptorstrategy">InterceptorStrategy</a></li>
+<li><a href="#global-alternative">Global Alternative</a></li>
+</ul>
+</div>
+<hr />
+<h1 id="introduction">Introduction</h1>
+<h1 id="deactivatable">Deactivatable</h1>
+<p>This mechanism is only used for artifacts <strong>like</strong> implementations of (<code>javax.enterprise.inject.spi.Extension</code>) which <strong>can't</strong> be deactivated with std. CDI mechanisms.</p>
+<p>This interface is just a marker interface which is implemented by all pre-configured DeltaSpike artifacts which can be deactivated manually (e.g. to improve the performance if a part isn't needed, to provide a custom implementation if the default implementation isn't pluggable by default or to bypass an implementation which causes an issue (in this case please also <strong>contact us</strong> and we will fix it)).</p>
+<p>To deactivate a class it's required to implement <code>ClassDeactivator</code>. Returning 'false' or 'true' allows to de-/activate the class in question.
+Retuning null means that the current class-deactivator doesn't have information about the class in question and can't provide a result.
+Since <code>ClassDeactivator</code> implementations are configured with the low-level config of DeltaSpike, the class-deactivator with the highest ordinal has the final decision.
+DeltaSpike itself doesn't deactivate an implementation, however, an add-on or a 3rd party portable CDI extension based on DeltaSpike (Core+) can use the concept to deactivate a default implementation of DeltaSpike in favour of its own implementation.</p>
+<p><strong>Attention</strong>: due to the ordinal feature of the low-level config approach it's possible that a class-deactivator with a higher ordinal, e.g. used in a concrete project, can re-activate a deactivated implementation.<br />
+<strong>Please note</strong> that you might have to deactivate the parts of the add-on or 3rd party CDI extension which relies on its own implementation. Therefore, you should <strong>be really careful with re-activation</strong>.) The implementation should be stateless because the result will be cached and as soon as everything is initialized the class-deactivators won't be used any longer.</p>
+<h2 id="classdeactivator">ClassDeactivator</h2>
+<p>A class-deactivator allows to specify deactivated classes.</p>
+<div class="codehilite"><pre><span class="c1">//This class needs to be configured via one of the supported config sources!</span>
+<span class="n">public</span> <span class="k">class</span> <span class="n">CustomClassDeactivator</span> <span class="n">implements</span> <span class="n">ClassDeactivator</span>
+<span class="p">{</span>
+    <span class="p">@</span><span class="n">Override</span>
+    <span class="n">public</span> <span class="n">Boolean</span> <span class="n">isActivated</span><span class="p">(</span><span class="n">Class</span><span class="o">&lt;?</span> <span class="k">extends</span> <span class="n">Deactivatable</span><span class="o">&gt;</span> <span class="n">targetClass</span><span class="p">)</span>
+    <span class="p">{</span>
+        <span class="k">if</span> <span class="p">(</span><span class="n">targetClass</span><span class="p">.</span><span class="n">equals</span><span class="p">(</span><span class="n">MyClass</span><span class="p">.</span><span class="k">class</span><span class="p">))</span>
+        <span class="p">{</span>
+            <span class="k">return</span> <span class="n">Boolean</span><span class="p">.</span><span class="no">FALSE</span><span class="p">;</span>
+        <span class="p">}</span>
+        <span class="k">return</span> <span class="k">null</span><span class="p">;</span> <span class="c1">//no result for the given class</span>
+    <span class="p">}</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>A class-deactivator will be resolved from the environment via the default resolvers or via a custom resolver which allows to use any type of configuration-format.
+(see <code>org.apache.deltaspike.core.api.config.ConfigResolver</code>). The key is the fully qualified name of the interface (<code>org.apache.deltaspike.core.spi.activation.ClassDeactivator</code>).</p>
+<h1 id="configsource">ConfigSource</h1>
+<p>[TODO]</p>
+<h2 id="configsourceprovider">ConfigSourceProvider</h2>
+<p>[TODO]</p>
+<h2 id="baseconfigpropertyproducer">BaseConfigPropertyProducer</h2>
+<p>[TODO]</p>
+<h1 id="interceptorstrategy">InterceptorStrategy</h1>
+<p>[TODO]</p>
+<h1 id="global-alternative">Global Alternative</h1>
+<p>There are several application servers (using CDI 1.0) which can't handle alternative CDI beans correctly (e.g. due to a too strict interpretation or a broken implementation). Therefore, DeltaSpike allows to use the std. <code>@Alternative</code> annotation and an additional config entry for DeltaSpike which allows to use the alternative implementation as a global alternative.</p>
+<p><strong>Std. CDI alternative implementation (without the required XML config)</strong></p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">class</span> <span class="n">CustomBean</span>
+<span class="p">{</span>
+<span class="p">}</span>
+
+<span class="p">@</span><span class="n">Alternative</span>
+<span class="o">//</span><span class="p">...</span>
+<span class="n">public</span> <span class="n">class</span> <span class="n">AlternativeCustomBean</span> <span class="n">extends</span> <span class="n">CustomBean</span>
+<span class="p">{</span>
+<span class="p">}</span>
+</pre></div>
+
+
+<p>Instead of configuring the alternative in the beans.xml, a global alternative needs to be configured in /META-INF/apache-deltaspike.properties. CDI 1.1 should fix this issue and migrating to it means to remove the config entry for DeltaSpike again and move to the std. CDI config approach.</p>
+<div class="codehilite"><pre><span class="n">custom</span><span class="p">.</span><span class="n">CustomBean</span><span class="p">=</span><span class="n">custom</span><span class="p">.</span><span class="n">AlternativeCustomBean</span>
+</pre></div>
+          </div>
+      </div>
+
+      <hr>
+
+      <footer>
+        <p>Copyright © 2011-2014 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.</p>
+        <p>Apache and the Apache feather logo are trademarks of The Apache Software Foundation.</p>
+      </footer>
+
+    </div> <!-- /.container -->
+
+    <!-- Javascript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    <!--<script src="./../resources/js/prettyfy.js"></script> -->
+    <script src="./../resources/js/prettyprint.js"></script>
+    <script src="./../resources/js/jquery.js"></script>
+    <script src="./../resources/js/bootstrap-transition.js"></script>
+    <script src="./../resources/js/bootstrap-alert.js"></script>
+    <script src="./../resources/js/bootstrap-modal.js"></script>
+    <script src="./../resources/js/bootstrap-dropdown.js"></script>
+    <script src="./../resources/js/bootstrap-scrollspy.js"></script>
+    <script src="./../resources/js/bootstrap-tab.js"></script>
+    <script src="./../resources/js/bootstrap-tooltip.js"></script>
+    <script src="./../resources/js/bootstrap-popover.js"></script>
+    <script src="./../resources/js/bootstrap-button.js"></script>
+    <script src="./../resources/js/bootstrap-collapse.js"></script>
+    <script src="./../resources/js/bootstrap-carousel.js"></script>
+    <script src="./../resources/js/bootstrap-typeahead.js"></script>
+</body>
+</html>



Mime
View raw message