plexus-security and archiva trunk

[Jesse McConnell <je...@gmail.com>]

well, committing my latest on the plexus-security integration and
archiva trunk in a little bit and thought I would write a bit about
it.

it works! mostly...

I have deployed the latest snapshots for plexus security so all of
that should be fine, if there are problems ping me and I'll make sure
all the snapshots are up.

The user management pages need some work, but the basics are all in
place.  When you start it up I would recommend you go to the
login/register link in the upper left corner.  From here register for
an account and then login right after that (need a success message
there) and then click on the Settings link in the upper left corner
near your name.

This takes you to the user page where you can for a limited time only
promote yourself to System Administrator! :)

This will enable many of the links that I have wrapped up to show they are done.

The Edit User link on the users page is a good one to look at, as well
as the administration page (index.jsp)

couple of things that need to get wrapped up asap

logging out isn't working
test the adding of repositories and the autogeneration of the
Maintainer and Observer repository roles

For the time being you can look in the DefaultRoleManager component in
the webapp for the breakdown of operations, permissions and role
creation.  The operations in the initialize there are what would be
placed in the permission="" of the pss:ifAuthorized jsp tags.

It is using Rahul's user manager authenticator, a jdo user manager and
a jdo rbac store.

jesse






-- 
jesse mcconnell
jesse.mcconnell@gmail.com

Re: plexus-security and archiva trunk

[Jesse McConnell <je...@gmail.com>]

ok, after a couple of hectic days working on plexus-security and
archiva in tandem joakim and I ironed out the remaining issue that we
know of dealing with login issues and a host of other weird
strangeness that was cropping up.

The root cause was plexus security ui actions were not getting set as
per-lookup.  Now the pom.xml's were setup right for this behavior but
we were not specifically setting the version of the
plexus-maven-plugin in the plexus-security pom so we were getting a
version of it that blissfully (and silently) ignored the settings in
the pom.xml and was merrily creating our components without setting
the instantiation strategy, which of course was a 'bad thing' (tm).

Getting that going right appears to have resolved the issues that
patrick of webwork fame referred to as 'funky' in our irc
conversations on the matter.

kudos to joakim and patrick on this btw for helping get it resolved. :)

Barring a few issues in the user management pages which I am taking
care of now (which btw are being purposefully kept simple atm for
eventual plexus-user-management action integration) I think we are in
relatively decent shape in regards to UI lvl authorization checking.
Joakim is working on webdav security on archiva right now and should
that go well I think I would like to nominate him for commit access to
archiva since he is already a committer on continuum, maven-share, and
maven-plugins and has been quite active in this endeavor.  I know I am
a relatively new committer to archiva myself so not sure about the
protocol for that...but that's mostly a separate mail :P

anyway, give the trunk of archiva a whirl and file security issues on
it for me.  I am going to focus on cleaning up some annoyances that I
left in from the last little bit and then work on the next phase of
security integration.

cheers!

jesse

On 9/11/06, Jesse McConnell <je...@gmail.com> wrote:
> well, committing my latest on the plexus-security integration and
> archiva trunk in a little bit and thought I would write a bit about
> it.
>
> it works! mostly...
>
> I have deployed the latest snapshots for plexus security so all of
> that should be fine, if there are problems ping me and I'll make sure
> all the snapshots are up.
>
> The user management pages need some work, but the basics are all in
> place.  When you start it up I would recommend you go to the
> login/register link in the upper left corner.  From here register for
> an account and then login right after that (need a success message
> there) and then click on the Settings link in the upper left corner
> near your name.
>
> This takes you to the user page where you can for a limited time only
> promote yourself to System Administrator! :)
>
> This will enable many of the links that I have wrapped up to show they are done.
>
> The Edit User link on the users page is a good one to look at, as well
> as the administration page (index.jsp)
>
> couple of things that need to get wrapped up asap
>
> logging out isn't working
> test the adding of repositories and the autogeneration of the
> Maintainer and Observer repository roles
>
> For the time being you can look in the DefaultRoleManager component in
> the webapp for the breakdown of operations, permissions and role
> creation.  The operations in the initialize there are what would be
> placed in the permission="" of the pss:ifAuthorized jsp tags.
>
> It is using Rahul's user manager authenticator, a jdo user manager and
> a jdo rbac store.
>
> jesse
>
>
>
>
>
>
> --
> jesse mcconnell
> jesse.mcconnell@gmail.com
>


-- 
jesse mcconnell
jesse.mcconnell@gmail.com