portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From woon...@apache.org
Subject svn commit: r722405 [3/17] - in /portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade: ./ src/ src/site/ src/site/resources/ src/site/resources/css/ src/site/resources/images/ src/site/resources/images/layouts/ src/site/resources/images/portlet...
Date Tue, 02 Dec 2008 08:53:28 GMT
Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atn.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atn.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atn.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,78 @@
+<?xml version="1.0"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - Login Module</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Authentication Architecture Overview">
+            <p>
+                For authentication, Jetspeed 2 leverages Java 
+                <a href="http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/spi/LoginModule.html">LoginModule</a> 
+                architecture.  It provides a <a href="login-module.html">DefaultLoginModule</a> implementation and a
+                flexible architecture to be able to authenticate user against multiple user repositories and provide user
+                management capabilities across those repository.  A <code>UserManager</code> provides a set of coarsed
+                services for authenticating and managing users.  The class diagram below illustrates how the 
+                <code>UserManager</code> provides authentication to the <code>DefaultLoginModule</code> and leverages 
+                the <a href="atn-spi.html">Authentication SPI</a> to interact with various implementation and user stores.
+            </p>
+            <p>
+                <img src="images/atn-arch-c.gif" border="0" />
+            </p>
+            <p>
+                The various components described above fulfill the following functions:
+                <table>
+                    <tr>
+                        <th>Component</th>
+                        <th>Description</th>
+                    </tr>
+                    <tr>
+                        <td><code>DefaultLoginModule</code></td>
+                        <td>Jetspeed 2 default <a href="login-module.html">LoginModule</a> implementation which
+                        leverages the <code>authenticate()</code> method of the <code>UserManager</code> to provide
+                        authentication against the various <code>AuthenticationProvider</code> implementation currently
+                        configured.</td>
+                    </tr>
+                    <tr>
+                        <td><code>UserManager</code></td>
+                        <td>Coarsed service providing authentication and user management.  The <code>UserManager</code>code>
+                        leverages the various <code>AuthenticationProvider</code> implementations exposed to it through
+                        the <code>AuthenticationProviderProxy</code> through the <code>SecurityProvider</code>.
+                        </td>
+                    </tr>
+                    <tr>
+                        <td><code>SecurityProvider</code></td>
+                        <td>Provides access to the security providers exposing SPI implementation to the coarsed security
+                        services.
+                        </td>
+                    </tr>
+                    <tr>
+                        <td><code>AuthenticationProviderProxy</code></td>
+                        <td>A proxy to the various <code>AuthenticationProvider</code> implementations.  The <code>AuthenticationProviderProxy</code>
+                        is responsible of invoking the correct <code>AuthenticationProvider</code> to authenticate or manage
+                        a specific user against a specific data store.</td>
+                    </tr>
+                </table>
+            </p>
+        </section>
+
+    </body>
+</document>
\ No newline at end of file

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atn.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atn.xml
------------------------------------------------------------------------------
    svn:keywords = Id

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-jaas.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-jaas.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-jaas.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-jaas.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,177 @@
+<?xml version="1.0"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - Login Module</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Overview of JAAS Authorization">
+            <p>
+                A good overview of JAAS authorization is provided on
+                <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/spec/security-spec.doc2.html">Sun's web site</a>
+                . At a high level, JAAS authorization leverages:
+                <ul>
+                    <li>
+                        <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/Permission.html">Permission</a>
+                        that associates actions to resources.
+                    </li>
+                    <li>
+                        <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/Principal.html">Principal</a>
+                        that represents an entity in the system. In Jetspeed 2, 3 principals are used to represent users, roles and groups.
+                    </li>
+                    <li>
+                        <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/Policy.html">Policy</a>
+                        that associates principals to permissions.
+                    </li>
+                </ul>
+            </p>
+            <p>
+                Jetspeed 2 provides a custom policy implemention that allow the portal to secure resources as follow:
+                <source>
+                    <![CDATA[
+grant principal o.a.j.security.UserPrincipal "theUserPrincipal" {
+  permission o.a.j.security.PagePermission "mypage", "view";
+  permission o.a.j.security.PortletPermission "myportlet", "view,edit,minimize,maximize";
+  permission o.a.j.security.TabPermission "mytab", "view";
+};
+
+grant principal o.a.j.security.RolePrincipal "theRolePrincipal" {
+  permission o.a.j.security.PagePermission "mypage", "view";
+  permission o.a.j.security.PortletPermission "myportlet", "view,edit,minimize,maximize";
+  permission o.a.j.security.TabPermission "mytab", "view";
+};   
+
+grant principal o.a.j.security.GroupPrincipal "theGroupPrincipal" {
+  permission o.a.j.security.PagePermission "mypage", "view";
+  permission o.a.j.security.PortletPermission "myportlet", "view,edit,minimize,maximize";
+  permission o.a.j.security.TabPermission "mytab", "view";
+};]]>
+                </source>
+            </p>
+            <p>
+                The custom security policy provides a
+                <code>java.security.Policy</code>
+                implementation that stores the association between principals and permissions in a relational database as opposed to leveraging the default JDK
+                policy. In the case of Sun's JDK, the default policy is
+                <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html#DefaultImpl">sun.security.provider.PolicyFile</a>
+                a file based policy.
+            </p>
+            <p>
+                In the code sample above, the
+                <code>UserPrincipal</code>
+                identify with the
+                <code>Principal.getName()</code>
+                &quot;theUserPrincipal&quot; has permission to &quot;view&quot; the page called &quot;mypage&quot;, to &quot;view,edit,minimize,maximize&quot;
+                the portlet portlet called &quot;myportlet&quot;
+            </p>
+            <p>
+                The
+                <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/AccessController.html">AccessController</a>
+                validates a
+                <code>Subject</code>
+                permissions. For instance, a page permission check would perform the following check:
+                <source>
+                    <![CDATA[
+PagePermission permission = new PagePermission(path, actions);
+AccessController.checkPermission(permission);                
+                ]]>
+                </source>
+            </p>
+        </section>
+        <section name="Jetspeed JAAS Policy">
+            <p>
+                The
+                <code>RdbmsPolicy</code>
+                implements
+                <code>java.security.Policy</code>
+                . It leverages the
+                <code>PermissionManager</code>
+                to get the permissions associated with a given
+                <code>Subject</code>
+                principals.
+                <source>
+                    <![CDATA[
+pms.getPermissions(user.getPrincipals());
+                ]]>
+                </source>
+                The class diagram below illustrate the association between the
+                <code>RdbmsPolicy</code>
+                and the
+                <code>PermissionManager</code>
+                .
+            </p>
+            <p>
+                A good article on custom policies implementation is available on
+                <a href="http://www-106.ibm.com/developerworks/library/j-jaas/?n-j-442">IBM web site</a>
+                .
+            </p>
+            <p>
+                <img src="images/rdbms-policy-c.gif" border="0" />
+            </p>
+            <p>
+                To get more detail about the implementation of the
+                <code>PermissionManager</code>
+                , see
+                <a href="permission.html">PermissionManager Overview</a>
+                .
+            </p>
+            <p>
+                <u>Note:</u>
+                The current
+                <code>RdbmsPolicy</code>
+                manages the policies to apply. It applies
+                <code>RdbmsPolicy</code>
+                in conjunction with the default policy configured in the runtime environment. Jetspeed 2 should explore providing
+                <a href="http://java.sun.com/j2ee/javaacc/index.html">JACC</a>
+                adapters for its custom policy for specific application servers.
+            </p>
+        </section>
+        <section name="Authorization Provider and Policy Configuration">
+            <p>
+                The
+                <code>AuthorizationProvider</code>
+                configures the authorization policies to be used by Jetspeed 2 and keeps the list of such policies in the
+                <code>SecurityPolicies</code>
+                singleton. The
+                <code>RdbmsPolicy</code>
+                when getting the permissions for access control will execute its policy as well as all the policies configured in
+                <code>SecurityPolicies</code>
+                . If the
+                <code>AuthorizationProvider</code>
+                was constructed with
+                <code>useDefaultPolicy</code>
+                set to true, the default JDK or application server policy will be applied when getting the permissions.
+            </p>
+            <p>
+                <u>Note:</u>
+                The
+                <code>RbmsPolicy</code>
+                permission check is concerned about the principals associated to the
+                <code>Subject</code>, therefore where performing an access control check, 
+                the check should be performed with the following call:
+                <code>doAsPrivileged(theSubject, anAction, null)</code>.  By passing a null
+                <code>AccessContolContext</code>, the caller is essentially saying: 
+                "I don't care who called me, the only important thing is whether I have permission when associated with the
+                given subject".
+            </p>
+        </section>
+    </body>
+</document>
\ No newline at end of file

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-jaas.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-jaas.xml
------------------------------------------------------------------------------
    svn:keywords = Id

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-spi.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-spi.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-spi.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-spi.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,88 @@
+<?xml version="1.0"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - Authorization/Security Mapping SPI</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Authorization/Security Mapping SPI Overview">
+            <p>
+                The authorization SPI provides the implementation to support Jetspeed 2 users, roles and groups associations and the roles/groups hierarchy
+                policy. It provides the underlying mechanism to support the implementation of the
+                <code>RoleManager</code>
+                and
+                <code>GroupManager</code>
+                .
+            </p>
+            <p>
+                As described in the
+                <a href="index.html">security overview</a>
+                , Jetspeed support hierarchical role based access control with configurable hierarchy policies.
+            </p>
+            <p>First, let's have a look at a class diagram of the authorization SPI:</p>
+            <p>
+                <img src="images/security-mapping-c.gif" border="0" />
+                <br />
+                <br />
+                <img src="images/role-security-handler-c.gif" border="0" />
+                <br />
+                <br />
+                <img src="images/group-security-handler-c.gif" border="0" />
+                <br />
+                <br />
+            </p>
+        </section>
+        <section name="Authorization SPI Components">
+            <p>The authorization SPI implements the following components:</p>
+            <table>
+                <tr>
+                    <th>Component</th>
+                    <th>Description</th>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.security.spi.SecurityMappingHandler</td>
+                    <td>
+                        See <a href="config.html#security-spi-atz_xml">security-spi-atz.xml</a> configuration.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.security.HierarchyResolver</td>
+                    <td>
+                        See <a href="hierarchy.html">hierarchy management</a>.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.security.spi.RoleSecurityHandler</td>
+                    <td>
+                        See <a href="config.html#security-spi-atz_xml">security-spi-atz.xml</a> configuration.
+                    </td>
+                </tr>
+                <tr>
+                    <td>org.apache.jetspeed.security.spi.GroupSecurityHandler</td>
+                    <td>
+                        See <a href="config.html#security-spi-atz_xml">security-spi-atz.xml</a> configuration.
+                    </td>
+                </tr>
+
+            </table>
+        </section>
+    </body>
+</document>
\ No newline at end of file

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-spi.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz-spi.xml
------------------------------------------------------------------------------
    svn:keywords = Id

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,47 @@
+<?xml version="1.0"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - Login Module</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Authorization Overview">
+            <p>
+                For auhorization, Jetspeed 2 implements its own 
+                <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/Policy.html">java.security.Policy</a> using
+                a relation database store to manage associations between principals and permissions.
+            </p>
+            <p align="center">
+                <img src="images/rdbms-policy-overview-c.gif" border="0" />
+            </p>
+            <p>
+                The <code>PermissionManager</code> provides access to the permissions associated to given principals.
+            </p>
+            <p>
+                <ul>
+                    <li>The <a href="atz-jaas.html">JAAS Authorization</a> provides an overview of the authorization aspect of JAAS.</li>
+                    <li>The <a href="permission.html">PermissionManager Overview</a> documents the <code>PermissionManager</code> implementation.</li>
+                </ul>
+            </p>
+        </section>
+
+    </body>
+</document>
\ No newline at end of file

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/atz.xml
------------------------------------------------------------------------------
    svn:keywords = Id

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/config.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/config.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/config.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/config.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,366 @@
+<?xml version="1.0"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security Services Configuration</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+            <person name="Ate Douma" email="ate@douma.nu" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Default configuration">
+            <p>
+                Jetspeed 2 default security services configuration leverages a relational database as its default persitent datastore for security information.
+                Jetspeed 2 security service provider interface provides a mechanism to replace the default datastore configured.
+            </p>
+            <p>
+                3 files are involved when configuring Jetspeed 2 security SPI. All the SPI configuration files are located under
+                <i>${jetspeed-source-home}/portal/src/webapp/WEB-INF/assembly/</i>
+                .
+            </p>
+            <subsection name="security-atn.xml">
+                <p>
+                    This configuration file provides the login module configuration. Not everyone needs this, as some application may decide to use another
+                    login module other than the one provided.
+                </p>
+            </subsection>
+            <subsection name="security-atz.xml">
+                <p>
+                    This configuration file configures the authorization policy, in J2's case
+                    <a href="atz-jaas.html">RdbmsPolicy</a>
+                    .
+                </p>
+            </subsection>
+            <subsection name="security-managers.xml">
+                <p>This configuration file configures all the managers for security purpose.</p>
+            </subsection>
+            <subsection name="security-providers.xml">
+                <p>This configuration file configures the various providers and weaves the SPI together.</p>
+                <ul>
+                    <li>
+                        <code>AuthenticationProviderProxy</code>
+                        : Configures the list of
+                        <code>AuthenticationProvider</code>
+                        and the default authenticator.
+                        <source>
+                            <![CDATA[
+<bean id="org.apache.jetspeed.security.AuthenticationProviderProxy" 
+   class="org.apache.jetspeed.security.impl.AuthenticationProviderProxyImpl">  	   
+   <constructor-arg >
+      <list>
+         <ref bean="org.apache.jetspeed.security.AuthenticationProvider"/>
+      </list>
+   </constructor-arg>
+  <constructor-arg><value>DefaultAuthenticator</value></constructor-arg>
+</bean>]]>
+                        </source>
+                    </li>
+                    <li>
+                        <code>AuthenticationProvider</code>
+                        : Configures the authentication providers for the current portal implementation. The example below configures the default authenticator
+                        that uses the RDBMS to manage/store user information.
+                        <source>
+                            <![CDATA[
+<bean id="org.apache.jetspeed.security.AuthenticationProvider" 
+  	   class="org.apache.jetspeed.security.impl.AuthenticationProviderImpl">  	   
+   <constructor-arg index="0"><value>DefaultAuthenticator</value></constructor-arg>
+   <constructor-arg index="1"><value>The default authenticator</value></constructor-arg>
+   <constructor-arg index="2"><value>login.conf</value></constructor-arg>
+   <constructor-arg index="3">
+      <ref bean="org.apache.jetspeed.security.spi.CredentialHandler"/>
+   </constructor-arg>
+   <constructor-arg index="4">
+      <ref bean="org.apache.jetspeed.security.spi.UserSecurityHandler"/>
+   </constructor-arg>
+</bean>]]>
+                        </source>
+                    </li>
+                    <li>
+                        <code>AuthorizationProvider</code>
+                        : Configures the policies and instantiates the
+                        <code>SecurityPolicies</code>
+                        that are used for enforcing permissions.  By default, Jetspeed 2 does not load any other 
+                        security policies that may have been configured.  In order to use default policies, set
+                        <code>useDefaultPolicy</code> to <code>true</code>
+                        <source>
+                            <![CDATA[
+<bean id="org.apache.jetspeed.security.AuthorizationProvider" 
+  	  class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl">  	   
+    <constructor-arg index="0">
+        <ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/>
+    </constructor-arg>
+    <!-- Does not use the default policy as a default behavior -->
+    <constructor-arg index="1"><value>false</value></constructor-arg>   
+</bean>]]>
+                        </source>
+                    </li>
+                </ul>
+            </subsection>
+            <subsection name="security-spi.xml">
+                <p>This configuration file contains configuration that are common to the authentication and authorization SPIs.</p>
+                <table>
+                    <tr>
+                        <th>Bean</th>
+                        <th>Description</th>
+                    </tr>
+                    <tr>
+                        <td>org.apache.jetspeed.security.spi.SecurityAccess</td>
+                        <td>
+                            Used internally by the default OJB based SPI. Provide access to common action/methods for the various SPI implementations. The
+                            <i>SecurityAccess</i>
+                            bean is used by both the Authentication and Authorization SPIs.
+                        </td>
+                    </tr>
+                </table>
+            </subsection>
+            <subsection name="security-spi-atn.xml">
+                <p>This configuration file contains all the configurations for configuring the authentication SPI.</p>
+                <table>
+                    <tr>
+                        <th>Bean</th>
+                        <th>Description</th>
+                    </tr>
+                    <tr>
+                        <td>org.apache.jetspeed.security.spi.CredentialHandler</td>
+                        <td>
+                            The
+                            <i>CredentialHandler</i>
+                            encapsulates the operations involving manipulation of credentials. The default implementation provides support for password
+                            protection as defined by the
+                            <i>PasswordCredentialProvider</i>
+                            ; as well as lifecycle management of credentials through
+                            <i>InternalPasswordCredentialInterceptor</i>
+                            which can be configured to manages parameters such as maximum number of authentication
+                            failures, maximum life span of a credential in days and how much history to retain for a
+                            given credential.
+                        </td>
+                    </tr>
+                    <tr>
+                        <td>org.apache.jetspeed.security.spi.UserSecurityHandler</td>
+                        <td>
+                            The
+                            <i>UserSecurityHandler</i>
+                            encapuslated all the operations around the user principals.
+                        </td>
+                    </tr>
+                </table>
+                <p>
+                    The following simple <code>CredentialHandler</code> configuration is currently provided
+                    by default with Jetspeed:</p>
+                    <source><![CDATA[
+<!-- require a non-empty password -->
+<bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
+     class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
+
+<!-- MessageDigest encode passwords using SHA-1 -->
+<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 
+     class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
+     <constructor-arg index="0"><value>SHA-1</value></constructor-arg>       
+</bean>       
+
+<!-- allow multiple InternalPasswordCredentialInterceptors to be used for DefaultCredentialHandler --> 
+<bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
+     class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy">
+     <constructor-arg index="0">
+       <list>
+         <!-- enforce an invalid preset password value in the persisent store is required to be changed -->
+         <bean class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"/>
+
+         <!-- ensure preset cleartext passwords in the persistent store  will be encoded on first use -->
+         <bean class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"/>
+       </list>
+     </constructor-arg>
+</bean>
+
+<bean id="org.apache.jetspeed.security.spi.PasswordCredentialProvider" 
+     class="org.apache.jetspeed.security.spi.impl.DefaultPasswordCredentialProvider">
+     <constructor-arg index="0">
+       <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordValidator"/>
+     </constructor-arg>       
+     <constructor-arg index="1">
+       <ref bean="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"/>
+     </constructor-arg>       
+</bean>       
+
+<bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
+     class="org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler">       
+     <constructor-arg index="0">
+       <ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/>
+     </constructor-arg>       
+     <constructor-arg index="1">
+       <ref bean="org.apache.jetspeed.security.spi.PasswordCredentialProvider"/>
+     </constructor-arg>       
+     <constructor-arg index="2">
+       <ref bean="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"/>
+     </constructor-arg>
+</bean>]]>
+                  </source>
+                <p>
+                The above configuration requires not much more than that a password should not be
+                empty and MessageDigest encode it using SHA-1.</p>
+                <p>
+                Before the 2.0-M4 release, Jetspeed came configured with a much stricter configuration, but for
+                first time users of the Portal this was a bit overwelming and also quite difficult to configure
+                differently.</p>
+                <p>
+                With the 2.0-M4 release, the previously provided, and rather complex, 
+                <code>InternalPasswordCredentialInterceptor</code> implementations are split up in single atomic
+                interceptors which can much easier be configured indepedently.</p>
+                <p>
+                An overview of the new interceptors and how related request processing pipeline valves can be
+                configured to provide feedback to the user is provided in the <a href="credentials.html">
+                Credentials Management</a> document.</p>
+                <p>
+                Since the "old" (pre 2.0-M4) interceptors are no longer provided with Jetspeed, the example below
+                shows how to "restore" the old setup using the new interceptors:</p>
+                  <source><![CDATA[
+<!-- require a password of minimum length 6 and at least two numeric characters -->
+<bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
+     class="org.apache.jetspeed.security.spi.impl.SimpleCredentialPasswordValidator">
+     <constructor-arg index="0"><value>6</value></constructor-arg>       
+     <constructor-arg index="1"><value>2</value></constructor-arg>       
+</bean>
+
+<!-- allow multiple InternalPasswordCredentialInterceptors to be used for DefaultCredentialHandler --> 
+<bean id="org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor"
+     class="org.apache.jetspeed.security.spi.impl.InternalPasswordCredentialInterceptorsProxy">
+     <constructor-arg index="0">
+       <list>
+         <!-- enforce an invalid preset password value in the persisent store is required to be changed -->
+         <bean class="org.apache.jetspeed.security.spi.impl.ValidatePasswordOnLoadInterceptor"/>
+
+         <!-- ensure preset cleartext passwords in the persistent store  will be encoded on first use -->
+         <bean class="org.apache.jetspeed.security.spi.impl.EncodePasswordOnFirstLoadInterceptor"/>
+
+         <!-- remember the last 3 passwords used and require a new password to be different from those -->
+         <bean class="org.apache.jetspeed.security.spi.impl.PasswordHistoryInterceptor">
+           <constructor-arg index="0"><value>3</value></constructor-arg>       
+         </bean>
+
+         <!-- Automatically expire a password after 60 days -->
+         <bean class="org.apache.jetspeed.security.spi.impl.PasswordExpirationInterceptor">
+           <constructor-arg index="0"><value>60</value></constructor-arg>       
+         </bean>
+
+         <!-- Automatically disable a password after 3 invalid authentication attempts in a row --> 
+         <bean class="org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor">
+           <constructor-arg index="0"><value>3</value></constructor-arg>       
+         </bean>
+       </list>
+     </constructor-arg>
+</bean>]]>
+                  </source>
+                <p>
+                And, make sure something like the following configuration is set for the security related valves in
+                pipelines.xml:</p>
+                  <source><![CDATA[
+<bean id="passwordCredentialValve"
+      class="org.apache.jetspeed.security.impl.PasswordCredentialValveImpl"
+      init-method="initialize">
+ <constructor-arg>
+   <!-- expirationWarningDays -->
+   <list>
+     <value>2</value>
+     <value>3</value>
+     <value>7</value>
+   </list>
+ </constructor-arg>
+</bean> 
+
+<bean id="loginValidationValve"
+      class="org.apache.jetspeed.security.impl.LoginValidationValveImpl"
+      init-method="initialize">
+  <!-- maxNumberOfAuthenticationFailures
+       This value should be in sync with the value for
+       org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor
+       (if used) to make sense.
+       Any value < 2 will suppress the LoginConststants.ERROR_FINAL_LOGIN_ATTEMPT
+       error code when only one last attempt is possible before the credential
+       will be disabled after the next authentication failure.
+  -->
+  <constructor-arg index="0"><value>3</value></constructor-arg>  
+</bean>]]>
+                  </source>
+                <p>
+                Also, make sure the above valves are configured in the <code>jetspeed-pipeline</code> bean.</p>
+                <p>
+                See the <a href="credentials.html#User_interaction">User Interaction</a> section in the
+                Credentials Management document for a description of these valves and their relation to the
+                interceptors configuration.</p>
+            </subsection>
+            <subsection name="security-spi-atz.xml">
+                <p>This configuration file contains all the configurations for configuring the authorization SPI.</p>
+                <table>
+                    <tr>
+                        <th>Bean</th>
+                        <th>Description</th>
+                    </tr>
+                    <tr>
+                        <td>org.apache.jetspeed.security.spi.RoleSecurityHandler</td>
+                        <td>
+                            The
+                            <i>RoleSecurityHandler</i>
+                            encapsulates all the operations around the role principals.
+                        </td>
+                    </tr>
+                    <tr>
+                        <td>org.apache.jetspeed.security.spi.GroupSecurityHandler</td>
+                        <td>
+                            The
+                            <i>GroupSecurityHandler</i>
+                            encapsulates all the operations around the group principals.
+                        </td>
+                    </tr>
+                    <tr>
+                        <td>org.apache.jetspeed.security.spi.SecurityMappingHandler</td>
+                        <td>
+                            The
+                            <i>SecurityMappingHandler</i>
+                            encapsulates all the operations involving mapping between principals. It contains the logic managing hierarchy resolution for
+                            hierarchical principals (roles or groups). The default hierarchy resolution provided is a hierarchy by generalization (see overview
+                            for definitions). A
+                            <i>contructor-arg</i>
+                            can be added to the
+                            <i>SecurityMappingHandler</i>
+                            to change the hierarchy resolution strategy. Jetspeed 2 also support a hierarchy resolution by aggregation.
+                        </td>
+                    </tr>
+                </table>
+                <p>
+                    A sample
+                    <code>SecurityMappingHandler</code>
+                    configuration could be:
+                    <source><![CDATA[
+<!-- Security SPI: SecurityMappingHandler -->
+<bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
+      class="org.apache.jetspeed.security.spi.impl.DefaultSecurityMappingHandler">  	   
+   <constructor-arg >
+      <ref bean="org.apache.jetspeed.security.spi.SecurityAccess"/>
+   </constructor-arg>
+   <!-- Default role hierarchy strategy is by generalization.  
+        Add contructor-arg to change the strategy. -->
+   <!-- Default group hierarchy strategy is by generalization.  
+        Add contructor-arg to change the strategy. -->
+</bean>]]>
+                    </source>
+                </p>
+            </subsection>
+        </section>
+    </body>
+</document>

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/config.xml
------------------------------------------------------------------------------
    svn:keywords = Id

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/credentials.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/credentials.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/credentials.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/credentials.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,339 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - Credentials Management</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+            <person name="Ate Douma" email="ate@douma.nu" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Credentials Management Overview">
+          <subsection name="DefaultCredentialHandler Features">
+            <p>
+                With the Jetspeed <a href="apidocs/org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.html">
+                <code>DefaultCredentialHandler</code></a> special management of password credentials can
+                easily be configured. Through the provided 
+                <a href="apidocs/org/apache/jetspeed/security/spi/PasswordCredentialProvider.html">
+                <code>PasswordCredentialProvider</code></a> and 
+                <a href="apidocs/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.html">
+                <code>InternalPasswordCredentialInterceptor</code></a> components custom logic can be plugged in for:</p>
+            <ul>
+                <li>providing a custom 
+                    <a href="../jetspeed-api/apidocs/org/apache/jetspeed/security/PasswordCredential.html">
+                    <code>PasswordCredential</code></a> implementation</li>
+                <li>password encoding<br/>
+                    If an 
+                    <a href="apidocs/org/apache/jetspeed/security/spi/CredentialPasswordEncoder.html">
+                    <code>CredentialPasswordEncoder</code></a> is available from the 
+                    <code>PasswordCredentialProvider</code> passwords will be encoded with it before they are persisted.
+                    The provided 
+                    <a href="apidocs/org/apache/jetspeed/security/spi/impl/MessageDigestCredentialPasswordEncoder.html">
+                    <code>MessageDigestCredentialPasswordEncoder</code></a> uses 
+                    <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/MessageDigest.html">
+                    <code>MessageDigest</code></a> hash algorithms for the password encryption, and can for example be
+                    configured to use <code>SHA-1</code> and <code>Base64</code>.
+                </li>
+                <li>enforcing password value rules<br/>
+                    If an
+                    <a href="apidocs/org/apache/jetspeed/security/spi/CredentialPasswordValidator.html">
+                    <code>CredentialPasswordValidator</code></a> is available from the
+                    <code>PasswordCredentialProvider</code>, passwords will be validated with it before they are persisted.
+                    The 
+                    <a href="apidocs/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.html">
+                    <code>DefaultCredentialPasswordValidator</code></a> for example enforces non-emtpy password. And
+                    with the 
+                    <a href="apidocs/org/apache/jetspeed/security/spi/impl/SimpleCredentialPasswordValidator.html">
+                    <code>SimpleCredentialPasswordValidator</code></a> a minimum length and a minum number of numeric
+                    characters can be enforced.
+                </li>
+                <li>intercepting 
+                    <a href="../jetspeed-api/apidocs/org/apache/jetspeed/security/om/InternalCredential.html">
+                    <code>InternalCredential</code></a> lifecycle events<br/>
+                    If the <code>DefaultCredentialHandler</code> is provided with an
+                    <code>InternalPasswordCredentialInterceptor</code>, it will invoke this interceptor (or an arbirary
+                    set if
+                    <a href="apidocs/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialInterceptorsProxy.html">
+                    <code>InternalPasswordCredentialInterceptorsProxy</code></a> is used) on:
+                    <ul>
+                      <li>after loading a credential from the persistent store</li>
+                      <li>after authenticating a user</li>
+                      <li>before a new credential is saved to the persistent store</li>
+                      <li>before a new password is save for the credential</li>                      
+                    </ul>
+                    Jetspeed already provides a basic set of interceptors, ready to be used:
+                    <ul>
+                      <li>
+                          <a href="apidocs/org/apache/jetspeed/security/spi/impl/ValidatePasswordOnLoadInterceptor.html">
+                          <code>ValidatePasswordOnLoadInterceptor</code></a><br/>
+                          This interceptor can be used to validate (pre)set passwords in the persistent store and force
+                          a required change by the user if invalid. It uses the configured <code>CredentialPasswordValidator</code>
+                          of the <code>PasswordCredentialProvider</code>, the same as used when a password is changed.
+                      </li>
+                      <li>
+                          <a href="apidocs/org/apache/jetspeed/security/spi/impl/EncodePasswordOnFirstLoadInterceptor.html">
+                          <code>EncodePasswordOnFirstLoadInterceptor</code></a><br/>
+                          This interceptor can be used if passwords needs to be preset in the persistent store or
+                          migrated unencoded from a different store. With this interceptor, these cleartext password
+                          will automatically be encoded the first time they are loaded from the database, using the 
+                          <code>CredentialPasswordEncoder</code> from the <code>PasswordCredentialProvider</code>
+                      </li>
+                      <li>
+                          <a href="apidocs/org/apache/jetspeed/security/spi/impl/PasswordExpirationInterceptor.html">
+                          <code>PasswordExpirationInterceptor</code></a><br/>
+                          This interceptor can be used to enforce a maximum lifespan for passwords.
+                          It manages the <code>expiration_date</code> and <code>is_expired</code> members of the
+                          <code>InternalCredential</code> and sets the expired flag when on authentication of a user
+                          its (valid) password is expired. The authentication will then fail.<br/>
+                          Note: A Jetspeed pipeline Valve, the <code>PasswordCredentialValveImpl</code> can be
+                          used to request or even enforce users to change their password in time to prevent a password
+                          expiration (described further below). 
+                      </li>
+                      <li>
+                          <a href="apidocs/org/apache/jetspeed/security/spi/impl/MaxPasswordAuthenticationFailuresInterceptor.html">
+                          <code>MaxPasswordAuthenticationFailuresInterceptor</code></a><br/>
+                          This interceptor can be used to prevent password hacking by enforcing a maximum number of
+                          invalid password attempts in a row. Once this number of authentication failures is reached,
+                          the credential will be disabled. On a successful authentication though, this count
+                          will automatically be reset to zero again by the <code>DefaultCredentialHandler</code>.
+                      </li>                          
+                      <li>
+                          <a href="apidocs/org/apache/jetspeed/security/spi/impl/PasswordHistoryInterceptor.html">
+                          <code>PasswordHistoryInterceptor</code></a><br/>
+                          This interceptor can be used to enforce usage of unique new passwords in respect to a certain
+                          number of previous used passwords. When a new password is set, the current password is saved
+                          in a FIFO stack of used passwords. When a user itself changes its password, it must be different
+                          from all the onces thus saved, otherwise a 
+                          <a href="../jetspeed-api/apidocs/org/apache/jetspeed/security/PasswordAlreadyUsedException.html">
+                          <code>PasswordAlreadyUsedException</code></a> will be
+                          thrown. But setting a new password through the administrative interface still allows any
+                          password (when otherwise valid) to be set.
+                      </li>
+                    </ul>
+                    <p>
+                    The <code>DefaultCredentialHandler</code> only supports one interceptor to be configured.
+                    But, with the 
+                    <a href="apidocs/org/apache/jetspeed/security/spi/impl/InternalPasswordCredentialInterceptorsProxy.html">
+                    <code>InternalPasswordCredentialInterceptorsProxy</code></a>, a list of interceptors can
+                    be configured which then will be invoked sequentially.</p>
+                    <p>
+                    Jetspeed comes out of the box with several of these interceptors configured, and its very easy to
+                    change and extend.See the <a href="config.html#security-spi-atn_xml">security-spi-atn.xml</a>
+                    section in the <a href="config.html">Security Services Configuration</a> document for a description
+                    of the default configuration. Also provided there is an example how to setup the interceptors to 
+                    restore the "old" (and much more restrict) configuration provided with the 2.0-M3 release and
+                    earlier.</p>
+                </li>
+            </ul>
+          </subsection>
+          <subsection name="Credentials Management Implementation">
+            <p>
+                The class diagram below describes the components used for the
+                <code>DefaultCredentialHandler</code>
+                implementation.
+            </p>
+            <p align="center">
+                <img src="images/credential-handler-c.gif" border="0" />
+            </p>
+            <p>
+                The OJB mappings for the default credentials implementation are described in 
+                <code>security_repository.xml</code>:
+                <ul>
+                    <li><code>InternalCredential</code>: Maps to the SECURITY_CREDENTIAL table.</li>
+                </ul>
+                The following database schema is used to stored credentials and their associations to principals.
+            </p>
+            <p align="center">
+                <img src="images/principals-credentials-schema.gif" border="0" />
+            </p>
+          </subsection>
+        </section>
+        <section name="User interaction">
+            <p>
+            Although the <code>DefaultCredentialHandler</code> provides fine-grained management of credentials, it cannot
+            provide direct feedback to the user like presenting a warning that the current password is soon to be expired.
+            But, special request processing pipeline valves provided with jetspeed allow to do just that.</p>
+            <p>
+            The configuration for these valves can be found and set in the <code>pipelines.xml</code> spring
+            configuration file.</p>
+            <subsection name="LoginValidationValveImpl">
+              <p>
+              The <a href="../jetspeed-portal/apidocs/org/apache/jetspeed/security/impl/LoginValidationValveImpl.html">
+              <code>LoginValidationValveImpl</code></a> provides feedback to the user about the cause of an failed login
+              attempt.</p>
+              <p>
+              It retrieves the <code>UserPrincipal</code> and its current <code>PasswordCredential</code> for the 
+              specified user name, and (if found) determines an specific error code based on its state. 
+              This error code is communicated back to through the session so an appropriate error message can be
+              presented to the user.</p>
+              <p>
+              The following possible error codes can be returned (all defined in the
+              <a href="../jetspeed-api/apidocs/org/apache/jetspeed/login/LoginConstants.html">
+              <code>LoginConstants</code></a> interface):</p>
+              <ol>
+                <li>ERROR_UNKNOWN_USER</li>
+                <li>ERROR_INVALID_PASSWORD</li>
+                <li>ERROR_USER_DISABLED</li>
+                <li>ERROR_FINAL_LOGIN_ATTEMPT</li>
+                <li>ERROR_CREDENTIAL_DISABLED</li>
+                <li>ERROR_CREDENTIAL_EXPIRED</li>
+              </ol>
+              <p>
+              Of the above error codes, the <code>ERROR_FINAL_LOGIN_ATTEMPT</code> will only be reported if the valve
+              is configured with the same <code>maxNumberOfAuthenticationFailures</code> value as used for the
+              related <code>MaxPasswordAuthenticationFailuresInterceptor</code> described above:
+              <source><![CDATA[
+  <bean id="loginValidationValve"
+        class="org.apache.jetspeed.security.impl.LoginValidationValveImpl"
+        init-method="initialize">
+    <!-- maxNumberOfAuthenticationFailures
+         This value should be in sync with the value for
+         org.apache.jetspeed.security.spi.impl.MaxPasswordAuthenticationFailuresInterceptor
+         (if used) to make sense.
+         Any value < 2 will suppress the LoginConststants.ERROR_FINAL_LOGIN_ATTEMPT
+         error code when only one last attempt is possible before the credential
+         will be disabled after the next authentication failure.
+    -->
+    <constructor-arg index="0"><value>3</value></constructor-arg>  
+</bean>]]>
+                </source>
+              </p>
+            </subsection>
+            <subsection name="PasswordCredentialValveImpl">
+              <p>
+              The <a href="../jetspeed-portal/apidocs/org/apache/jetspeed/security/impl/PasswordCredentialValveImpl.html">
+              <code>PasswordCredentialValveImpl</code></a> is meant to be used together with a special Portlet on a
+              special Portal Page (PSML) to automatically request or even require a user to change its password.</p>
+              <p>
+              This valve evaluates <code>PasswordCredential.isUpdateRequired()</code> and optionally the 
+              <code>expirationDate</code>, <code>lastAuthenticationDate</code> and <code>previousAuthenticationDate</code>
+              fields to determine if a user is required or just be asked to change its password.</p>
+              <p>
+              This valve can optionally be configured with a list of  <code>expirationWarningDays</code> numbers in
+              its constructor:
+              <source><![CDATA[
+<bean id="passwordCredentialValve"
+      class="org.apache.jetspeed.security.impl.PasswordCredentialValveImpl"
+      init-method="initialize">
+ <constructor-arg>
+   <!-- expirationWarningDays -->
+   <list>
+     <value>2</value>
+     <value>3</value>
+     <value>7</value>
+   </list>
+ </constructor-arg>
+</bean>]]>
+                </source>
+              These numbers each represent a day before the current <code>expirationDate</code> of the password credential
+              when a user should be warned its password is soon to expire and be asked to change it. The
+              <code>lastAuthenticationDate</code> and the <code>previousAuthenticationDate</code> are used to determine
+              when this should happen. It will be done only once for each configured <code>expirationWarningDay</code>.
+              If a user logs on for the first time (after several days) with the above example configuration, 6 days
+              before the password expires, he or she will be warned about it. And again when 3 or 2 days are left.</p>
+              <p>
+              When a user logs on the last day before the password expires <em>or</em> when <code>updateRequired</code>
+              is <code>true</code>, the user will be required to change the password, regardless if expirationWarningDays
+              are configured or not.</p>
+              <p>
+              To be able to automatically provide the user with this information and allow or require the password to
+              be changed directly after login, a special <code>ProfileLocator</code> 
+              <a href="../jetspeed-api/apidocs/org/apache/jetspeed/profiler/ProfileLocator.html#SECURITY_LOCATOR">
+              <code>SECURITY_LOCATOR</code></a> is used. The <code>PageProfilerValve</code> (which should be configed
+              <em>after</em> this valve in the pipeline) will then use this enforced locator to be used to find the
+              related portal page to present to the user.</p>
+              <p>
+              For this to work, a <code>"security"</code> Profiler rule must have been setup like the default one 
+              provided by Jetspeed:</p>
+              <p align="center">
+                <img src="images/security-locator.jpg" border="0"/>
+              </p>
+              <p>
+              As can seen from the above image, the default page which will be presented to the user is the
+              <code>/my-account.psml</code> located in the root.</p>
+              <p>
+              This default page contains only one portlet, the <code>ChangePasswordPortlet</code> from the security
+              Portlet Application.</p>
+              <p>
+              The <code>ChangePasswordPortlet</code> works together with the <code>PasswordCredentialValveImpl</code>
+              as it checks for the 
+              <a href="../jetspeed-api/apidocs/org/apache/jetspeed/security/PasswordCredential.html#PASSWORD_CREDENTIAL_DAYS_VALID_REQUEST_ATTR_KEY">
+              <code>PASSWORD_CREDENTIAL_DAYS_VALID_REQUEST_ATTR_KEY</code></a> request parameter which will be set by
+              this valve with the number of days the password is still valid. For a required password change this will
+              be set to Integer(0).</p>
+              <p>
+              The default <code>my-account.psml</code> page contains <em>only</em> the <code>ChangePasswordPortlet</code>
+              to make sure a user which is <em>required</em> to change the password cannot interact with the portal any
+              other way then after the password is changed.</p>
+              <p>
+              Although the user might be attempted to select a link to a different page (from a portal menu for exampl),
+              this valve will make sure only the configured "security" locator page is returned if it is required.
+              But, once the password is changed the then targeted page in the url will be navigated to automatically.
+              </p>
+            </subsection>
+            <subsection name="Managing Password Expiration">
+              <p>
+              If the <code>PasswordExpirationInterceptor</code> is used, password expiration for a certain user can be
+              directly managed through the <code>UserDetailPortlet</code> provided with the <code>security</code>
+              portlet application.</p>
+              <p>
+              If enabled, this portlet can display the current expiration date of a password and also allows to change
+              its value:</p>
+              <p align="center">
+                <img src="images/password-expiration.jpg" border="0"/>
+              </p>              
+              <p>
+              As you can see, through the radio group, the password expiration date can be changed to:</p>
+              <table>
+                <tr><th>Action</th><th>Expires</th></tr>
+                <tr><td>Expired</td><td>today</td></tr>
+                <tr>
+                  <td>Extend</td>
+                  <td>today + <code>maxLifeSpanInDays</code> as configured for the PasswordExpirationInterceptor</td>
+                </tr>
+                <tr><td>Extend Unlimited</td><td>January 1, 8099 (the maximum value allowed for java.sql.Date)</td></tr>
+              </table>
+              <p>
+              This feature can be enabled through the edit/preferences page of the <code>UserDetailsPortlet</code>:</p>
+              <p align="center">
+                <img src="images/user-detail-prefs.jpg" border="0"/>
+              </p>
+              <p>
+              Note: when a new password value is specified selected password expiration action <code>Expired</code>
+              will be ignored!</p>
+            </subsection>
+            <subsection name="Setting default 'Change Password required on First Login'">
+              <p>
+              Through the same <code>UserDetailsPortlet</code> preferences as show above, the default
+              <code>updateRequired</code> property of a password credential for a new user can be configured too.</p>
+              <p>
+              And, if you always need the same setting for all users, you can even suppress the selection box normally 
+              displayed on the <code>Add User</code> dialog.</p>
+              <p>
+              With the preferences set as in the example shown above, the <code>Add User</code> dialog will look like this:</p>
+              <p align="center">
+                <img src="images/add-user.jpg" border="0"/>
+              </p>
+              <p>
+              A user added with the example preferences set, will have the <code>updateRequired</code> property set to
+              true, the <code>User</code> role assigned and use the <code>role-fallback</code> profiling rule.</p>
+            </subsection> 
+        </section>
+    </body>
+</document>

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/hierarchy.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/hierarchy.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/hierarchy.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/hierarchy.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,172 @@
+<?xml version="1.0"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - Hierarchy Management</title>
+        <authors>
+            <person name="David Le Strat" email="dlestrat@apache.org" />
+        </authors>
+    </properties>
+    <body>
+        <section name="Hierarchy Management Overview">
+            <p>
+                Two hierarchy resolution strategies are supported for authorization decisions:
+                <ul>
+                    <li>
+                        Hierarchy resolution by Generalization: This is the default hierarchy resolution in Jetspeed. If a hierarchy uses a generalization
+                        strategy, each role is more general than the previous one. For instance, if a user has the role [roleA.roleB.roleC] then
+                        <code>user.getSubject().getPrincipals()</code>
+                        returns:
+                        <ul>
+                            <li>/role/roleA</li>
+                            <li>/role/roleA/roleB</li>
+                            <li>/role/roleA/roleB/roleC</li>
+                        </ul>
+                    </li>
+                    <li>
+                        Hierarchy resolution by Aggregation: If a hierarchy uses a aggregation strategy, the higher role is responsible for a superset of the
+                        activities of the lower role. For instance, if the following roles are available:
+                        <ul>
+                            <li>roleA</li>
+                            <li>roleA.roleB</li>
+                            <li>roleA.roleB.roleC</li>
+                        </ul>
+                        If a user has the role [roleA] then,
+                        <code>user.getSubject().getPrincipals()</code>
+                        returns:
+                        <ul>
+                            <li>/role/roleA</li>
+                            <li>/role/roleA/roleB</li>
+                            <li>/role/roleA/roleB/roleC</li>
+                        </ul>
+                    </li>
+                </ul>
+            </p>
+            <p>
+                As described in the
+                <a href="atz-spi.html">authorization SPI section</a>
+                , the
+                <code>SecurityMappingHandler</code>
+                is configured with a specific hierarchy strategy for group and role hierarchy management. See the
+                <a href="config.html#security-spi-atz_xml">authorization SPI configuration</a>
+                for a configuration example.
+            </p>
+        </section>
+        <section name="Leveraging Preferences to Manage Hierarchies">
+            <p>
+                The default hierarchy management implementation resolves the hierarchy strategy by leveraging Jetspeed 2's
+                <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/util/prefs/Preferences.html">java.util.prefs.Preferences</a>
+                implementation. The
+                <code>Preferences</code>
+                implementation provides the underlying structure in Jetspeed to store user attributes, and roles and groups definitions. The
+                <code>Preferences</code>
+                model provides a hierarchy model that is leveraged to store the base roles and groups hierarchy upon which various resolving strategies can be
+                applied (resolution by generalization or aggregation).
+            </p>
+            <p>
+                See Jetspeed 2
+                <a href="../../multiproject/jetspeed-prefs/index.html">Preferences implementation section</a>
+                for more information.
+            </p>
+            <subsection name="How does this work?">
+                <p>
+                    The
+                    <code>SecurityMappingHandler</code>
+                    implementation resolves the mappings between roles and groups. Let's say that we want to find out the roles mapping to a specific group
+                    name. To do so, the
+                    <code>SecurityMappingHandler</code>
+                    implements a
+                    <code>getRolePrincipalsInGroup(String groupFullPathName)</code>
+                    method. In this method, the group name is mapped to a specific
+                    <code>Preferences</code>
+                    node. According to a given hierarchy resolution strategy (see
+                    <a href="#Hierarchy_Management_Overview">overview section</a>
+                    ), being in [group A] may mean belonging to a set of groups; the HierarchyResolver is used to do so as illustrated below:
+                    <source>
+                        <![CDATA[
+public Set getRolePrincipalsInGroup(String groupFullPathName)
+{
+   ...
+   Preferences preferences = Preferences.userRoot().node(
+       GroupPrincipalImpl.getFullPathFromPrincipalName(groupFullPathName));
+   String[] fullPaths = groupHierarchyResolver.resolve(preferences);
+   ...
+}]]>
+                    </source>
+                    The resulting groups are then used to find all associated roles.
+                </p>
+                <p>
+                    As a result of this implementation, the name of a role principal (<code>Principal</code> 
+                    <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/Principal.html#getName()">getName()</a>) 
+                    in the security layer should match the full path of that user preferences
+                    root in the preferences layer (<code>Preference</code> 
+                    <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/util/prefs/Preferences.html#absolutePath()">absolutePath()</a>; e.g:
+                    <code>/role/theRolePrincipal</code>
+                    ).
+                </p>
+                <p>
+                    Group and roles hierarchy are stored in the
+                    <code>Preferences</code>
+                    layer as follow (the output of <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/util/prefs/Preferences.html#exportNode(java.io.OutputStream)">
+                    exportNode()</a> for <a href="../../multiproject/jetspeed-prefs/index.html">Jetspeed's RBMS Preferences</a> implementation):
+                    <source>
+                        <![CDATA[
+<preferences EXTERNAL_XML_VERSION="1.0">
+<root type="user">
+<map />
+    <node name="group1">
+    <map />
+        <node name="groupid1.1">
+        <map />
+	    <node name="groupid1.1.1">
+            <map />
+            </node>
+        </node>
+    </node>
+
+    <node name="role1">
+    <map />
+        <node name="roleid1.1">
+        <map />
+	    <node name="roleid1.1.1">
+            <map />
+            </node>
+        </node>
+    </node>
+</root>]]>
+                    </source>
+                    This structure would define the following group and role hierarchy:
+                    <ul>
+                        <li>
+                            <code>/group1/groupid1.1/groupid1.1.1</code>
+                        </li>
+                        <li>
+                            <code>/role1/roleid1.1/roleid1.1.1</code>
+                        </li>
+                    </ul>
+                    Additionally, in this model, the
+                    <code>map</code>
+                    element can define groups or roles custom properties. For instance, a role could have a rule custom property (or a pointer to a rule) that
+                    allow rule based role definition tied to some rule engine (Drools for instance) and is validated when the isInRole method is invoked. For
+                    groups, a portal could use group to describe organization and have custom property such as address, city, etc. associated with the
+                    organization/group.
+                </p>
+            </subsection>
+        </section>
+    </body>
+</document>

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/high-level-services.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/high-level-services.xml?rev=722405&view=auto
==============================================================================
--- portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/high-level-services.xml (added)
+++ portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/high-level-services.xml Tue Dec  2 00:53:22 2008
@@ -0,0 +1,98 @@
+<?xml version="1.0" ?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<document>
+    <properties>
+        <title>Jetspeed 2 Security - High Level Security Services</title>
+    </properties>
+    <body>
+        <section name="High Level Security Services Overview">
+            <p>
+                Jetspeed 2 provides the four following high level security services:
+                <ul>
+                    <li>
+                        <code>UserManager</code>
+                        : Service providing user management capabilities.
+                    </li>
+                    <li>
+                        <code>GroupManager</code>
+                        : Service providing group management capabilities.
+                    </li>
+                    <li>
+                        <code>RoleManager</code>
+                        : Service providing role management capabilities.
+                    </li>
+                    <li>
+                        <code>PermissionManager</code>
+                        : Service providing permission management capabilities.
+                    </li>
+                </ul>
+            </p>
+        </section>
+        <section name="Using High Level Security Services in Portlets">
+            <p>
+                In order to access Jetspeed high level security services in your portlets, Jetspeed provide a custom
+                extension to the <code>portlet.xml</code> metadata.  All Jetspeed custom metadata is located in the 
+                <code>jetspeed-portlet.xml</code> configuration file in the <code>WEB-INF</code> folder of the portlet
+                application.  The custom <code>js:services</code> tag provides the ability to expose portal services
+                to a portlet through the <code>javax.portlet.PortletContext</code>.
+            </p>
+            <p>
+                Jetspeed portal services are configured in the spring assembly file located in the portal 
+                <code>WEB-INF/assembly/jetspeed-services</code> configuration file.  The UserManager for instance
+                is configured as follow:
+                <source><![CDATA[
+<!-- Portlet Services  -->
+<bean id="PortalServices" 
+  	 class="org.apache.jetspeed.services.JetspeedPortletServices" >
+   <constructor-arg>
+      <map>
+  	     ...
+  	     <entry key="UserManager">
+  	   	    <ref bean="org.apache.jetspeed.security.UserManager"/>
+  	   	 </entry>
+  	   	 ...
+      </map>
+   </constructor-arg>
+</bean>]]>
+                </source>
+            </p>
+            <p>
+                The <code>UserManager</code> services is then available to be loaded in a specific portlet
+                <code>PortletContext</code>.  Portlet developers need to specify the portal services they
+                would like to use.  The following example shows how to expose the portal <code>UserManager</code> 
+                to a portlet application:
+                <source><![CDATA[
+<js:services>
+   <js:service name='UserManager'/>
+</js:services>]]>
+                </source>   
+            </p>
+            <p>
+                Once a portal service is loaded in the portlet context, the portlet implementation (which typically
+                extends <code>javax.portlet.GenericPortlet</code>) can access the service as follow:
+                <source><![CDATA[
+PortletContext context = getPortletContext();
+userManager = (UserManager) context.getAttribute(CommonPortletServices.CPS_USER_MANAGER_COMPONENT);
+]]>
+                </source>
+                where <code>CommonPortletServices.CPS_USER_MANAGER_COMPONENT = "cps:UserManager"</code>
+            </p>
+        </section>
+    </body>
+</document>
+

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/add-user.jpg
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/add-user.jpg?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/add-user.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/arch-overview.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/arch-overview.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/arch-overview.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-arch-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-arch-c.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-arch-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-provider-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-provider-c.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-provider-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-spi-arch-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-spi-arch-c.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atn-spi-arch-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atz-provider-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atz-provider-c.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/atz-provider-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/components.jpg
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/components.jpg?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/components.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/credential-handler-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/credential-handler-c.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/credential-handler-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/default-login-module-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/default-login-module-c.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/default-login-module-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/group-security-handler-c.gif
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/group-security-handler-c.gif?rev=722405&view=auto
==============================================================================
Binary file - no diff available.

Propchange: portals/jetspeed-2/portal/branches/JS2-871-pluto-2.0-upgrade/src/site/xdoc/components/jetspeed-security/images/group-security-handler-c.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message