+1
-john
Jesse McConnell wrote:
Brett suggested we do a vote for this today so I figured I would just
do that now.
[-1/0/+1] vote will be open for 72 hours
Pulling from the other mail, this branch was pulled a bit over a week
ago to test out the plexus-security integration with continuum. Some
of the added features are
* full separation between application webapp and security (lightweight
integration).
* proper modularization for security components (authentication,
authorization, policy, system, web, etc...)
* rbac (role based access control) authorization provider.
* full user management war overlay (using healthy chunk of maven-user
to make it happen)
* toggle-able guest user authorization.
* remember me and single sign on authentication.
* forced admin account creation (through use of interceptor)
* key based authentication (remember me, single sign on, new user
validation emails, and password resets).
* http auth filters (basic and digest).
* aggressive plexus utilization.
* aggressive xwork / webwork integration.
* xwork interceptors for force admin, auto login (remember me),
secured action, and environment checks.
* secured actions for all of the /security namespace and at least one
continuum secured action (these are enforced by the
pssSecureActionInterceptor)
* all the password validation, user management stuff (again maven-user
origins)
* continuum-security artifact containing the actual static and dynamic
roles, and a continuum role manager that merges permissions to the
core system, user, and guest users
* ifAuthorized, ifAnyAuthorized, elseAuthorized jsp tags.
* placeholders for ldap authentication, authorization and user details
retrieval using plexus ldap components
* ability to re-use Acegi for authentication
+1 from me
cheers,
jesse
--
John Casey
---
Maven Developer (http://maven.apache.org)
---
Website: http://www.commonjava.org
Blog: http://www.ejlife.net/blogs/john
