ok, after a couple of hectic days working on plexus-security and archiva in tandem joakim and I ironed out the remaining issue that we know of dealing with login issues and a host of other weird strangeness that was cropping up.
The root cause was plexus security ui actions were not getting set as per-lookup. Now the pom.xml's were setup right for this behavior but we were not specifically setting the version of the plexus-maven-plugin in the plexus-security pom so we were getting a version of it that blissfully (and silently) ignored the settings in the pom.xml and was merrily creating our components without setting the instantiation strategy, which of course was a 'bad thing' (tm). Getting that going right appears to have resolved the issues that patrick of webwork fame referred to as 'funky' in our irc conversations on the matter. kudos to joakim and patrick on this btw for helping get it resolved. :) Barring a few issues in the user management pages which I am taking care of now (which btw are being purposefully kept simple atm for eventual plexus-user-management action integration) I think we are in relatively decent shape in regards to UI lvl authorization checking. Joakim is working on webdav security on archiva right now and should that go well I think I would like to nominate him for commit access to archiva since he is already a committer on continuum, maven-share, and maven-plugins and has been quite active in this endeavor. I know I am a relatively new committer to archiva myself so not sure about the protocol for that...but that's mostly a separate mail :P anyway, give the trunk of archiva a whirl and file security issues on it for me. I am going to focus on cleaning up some annoyances that I left in from the last little bit and then work on the next phase of security integration. cheers! jesse On 9/11/06, Jesse McConnell <[EMAIL PROTECTED]> wrote:
well, committing my latest on the plexus-security integration and archiva trunk in a little bit and thought I would write a bit about it. it works! mostly... I have deployed the latest snapshots for plexus security so all of that should be fine, if there are problems ping me and I'll make sure all the snapshots are up. The user management pages need some work, but the basics are all in place. When you start it up I would recommend you go to the login/register link in the upper left corner. From here register for an account and then login right after that (need a success message there) and then click on the Settings link in the upper left corner near your name. This takes you to the user page where you can for a limited time only promote yourself to System Administrator! :) This will enable many of the links that I have wrapped up to show they are done. The Edit User link on the users page is a good one to look at, as well as the administration page (index.jsp) couple of things that need to get wrapped up asap logging out isn't working test the adding of repositories and the autogeneration of the Maintainer and Observer repository roles For the time being you can look in the DefaultRoleManager component in the webapp for the breakdown of operations, permissions and role creation. The operations in the initialize there are what would be placed in the permission="" of the pss:ifAuthorized jsp tags. It is using Rahul's user manager authenticator, a jdo user manager and a jdo rbac store. jesse -- jesse mcconnell [EMAIL PROTECTED]
-- jesse mcconnell [EMAIL PROTECTED]
