Overview
Integration
Role Based Access Control
Development
Project Documentation
NOTE: This has changed dramatically and may not be correct.
The Webwork integration comes as a war overlay that will integration smoothly with your web application through some minor configuration in the xwork.xml file and the weaving of the relavent components in the application.xml or other component declaration file.
To get started using the war overlay, you'll need to add some dependencies into your project's pom. The examples below were pulled from plexus-security-example-webapp. Choosing the right set of dependencies will be one of the harder tasks involved here so this should be broken up by dependency followed by its associated component configuration. Many of these are brought in transitively by the integration dependency, but we'll list thos and their associated configuration as well.
Configuring a couple of maven plugins with the information here can significantly make working with the war overlay easier. (insert link to plugins.html here)
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-system</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
</dependency>
<component>
<role>org.codehaus.plexus.security.system.SecuritySystem</role>
<implementation>org.codehaus.plexus.security.system.DefaultSecuritySystem</implementation>
<role-hint>default</role-hint>
<requirements>
<requirement>
<role>org.codehaus.plexus.security.authentication.AuthenticationManager</role>
<role-hint>default</role-hint>
<field-name>authnManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.authorization.Authorizer</role>
<role-hint>rbac</role-hint>
<field-name>authorizer</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.user.UserManager</role>
<role-hint>jdo</role-hint>
<field-name>userManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.keys.KeyManager</role>
<role-hint>jdo</role-hint>
<field-name>keyManager</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.policy.UserSecurityPolicy</role>
<role-hint>default</role-hint>
<field-name>policy</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.system.ApplicationDetails</role>
<field-name>applicationDetails</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.system.EmailSettings</role>
<field-name>emailSettings</field-name>
</requirement>
</requirements>
</component>
This is the actual war that will be overlaid into your webapp.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-ui-web</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
<type>war</type>
</dependency>This dependency brings in the user manager authenticator, so Username/Password authentication served from the internal user management jdo store.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-authentication-provider-user-manager</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
</dependency>
This dependency brings in the support for the Single Sign On and Remember Me type authentications.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-authentication-provider-keystore</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
</dependency>The jdo provider for the user management components.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-user-management-provider-jdo</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
</dependency>The store for all RBAC related object relationships.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-authorization-rbac-store-jdo</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
</dependency>The JDO store that the keys for SSO and Remember Me functionalities are stored.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-keys-jdo</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
</dependency>The RBAC authorization and permission evaluator components.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-authorization-rbac-authorizer</artifactId>
<version>1.0-alpha-6-SNAPSHOT</version>
</dependency>This is definitely the most extensive component in terms of configuration as it allows for a large degree of the flexibility of plexus-security. You can configure the password rules to be used, the options for Single Sign On and Remember Me functionalities, emailing account verification keys and welcome emails to new accounts.
<dependency>
<groupId>org.codehaus.plexus.security</groupId>
<artifactId>plexus-security-policy</artifactId>
</dependency>
<component>
<role>org.codehaus.plexus.security.policy.PasswordRule</role>
<role-hint>character-length</role-hint>
<implementation>org.codehaus.plexus.security.policy.rules.CharacterLengthPasswordRule</implementation>
<description>Basic Password Rule, Checks for non-empty passwords that have between {@link #setMinimumCharacters(int)} and {@link #setMaximumCharacters(int)} characters in length.</description>
<configuration>
<enabled>true</enabled>
<minimum-characters>1</minimum-characters>
<maximum-characters>8</maximum-characters>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.PasswordRule</role>
<role-hint>reuse</role-hint>
<implementation>org.codehaus.plexus.security.policy.rules.ReusePasswordRule</implementation>
<description>Password Rule, Checks supplied password found at {@link User#getPassword()} against the {@link User#getPreviousEncodedPasswords()} to ensure that a password is not reused.</description>
<configuration>
<enabled>true</enabled>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.PasswordRule</role>
<role-hint>numerical-count</role-hint>
<implementation>org.codehaus.plexus.security.policy.rules.NumericalPasswordRule</implementation>
<description>Basic Password Rule, Checks for non-empty passwords that have at least {@link #setMinimumCount(int)} of numerical characters contained within.</description>
<configuration>
<enabled>true</enabled>
<minimum-count>1</minimum-count>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.PasswordRule</role>
<role-hint>must-have</role-hint>
<implementation>org.codehaus.plexus.security.policy.rules.MustHavePasswordRule</implementation>
<description>Basic Password Rule, Checks for non-empty Passwords in non guest users.</description>
<configuration>
<enabled>true</enabled>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.PasswordRule</role>
<role-hint>alpha-count</role-hint>
<implementation>org.codehaus.plexus.security.policy.rules.AlphaPasswordRule</implementation>
<description>Basic Password Rule, Checks for non-empty passwords that have at least {@link #setMinimumCount(int)} of alpha characters contained within.</description>
<configuration>
<enabled>true</enabled>
<minimum-count>1</minimum-count>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.UserSecurityPolicy</role>
<role-hint>default</role-hint>
<implementation>org.codehaus.plexus.security.policy.DefaultUserSecurityPolicy</implementation>
<description>User Security Policy.</description>
<requirements>
<requirement>
<role>org.codehaus.plexus.security.policy.PasswordEncoder</role>
<role-hint>sha256</role-hint>
<field-name>passwordEncoder</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.policy.UserValidationSettings</role>
<field-name>userValidationSettings</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.policy.CookieSettings</role>
<role-hint>rememberMe</role-hint>
<field-name>rememberMeSettings</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.policy.CookieSettings</role>
<role-hint>signon</role-hint>
<field-name>signonCookieSettings</field-name>
</requirement>
<requirement>
<role>org.codehaus.plexus.security.policy.PasswordRule</role>
<field-name>rules</field-name>
</requirement>
</requirements>
<configuration>
<previous-passwords-count>6</previous-passwords-count>
<login-attempt-count>3</login-attempt-count>
<password-expiration-days>90</password-expiration-days>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.UserValidationSettings</role>
<implementation>org.codehaus.plexus.security.policy.DefaultUserValidationSettings</implementation>
<description>DefaultUserValidationSettings</description>
<configuration>
<email-validation-required>true</email-validation-required>
<!-- This is a timeout for the validation url (in minutes) - 2880 = 48 hours -->
<email-validation-timeout>2880</email-validation-timeout>
<email-login-path>/security/login!login.action</email-login-path>
<email-subject>Unconfigured Subject Line</email-subject>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.CookieSettings</role>
<role-hint>rememberMe</role-hint>
<implementation>org.codehaus.plexus.security.policy.RememberMeCookieSettings</implementation>
<description>DefaultRememberMeSettings</description>
<configuration>
<enabled>true</enabled>
<cookie-timeout>525600</cookie-timeout>
</configuration>
</component>
<component>
<role>org.codehaus.plexus.security.policy.CookieSettings</role>
<role-hint>signon</role-hint>
<implementation>org.codehaus.plexus.security.policy.SignonCookieSettings</implementation>
<description>DefaultSingleSignOnSettings</description>
<configuration>
<enabled>true</enabled>
<cookie-timeout>30</cookie-timeout>
</configuration>
</component>