plexus-security integration part deux, we have access control working using user manager based authentication, jdo user manager store and jdo rbac authz stores. sample authz is included in several of the jsp files. notes, the jsp/admin/rbac jsp files are temporary, useful for debugging potential role issues for the moment only, they are not meant to be a lasting part of archiva. derby is the db being used, and its located in src/main/webapp/WEB-INF/database if you are using jetty locally

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@442119 13f79535-47bb-0310-9956-ffa450edef68

archiva-webapp/pom.xml

@@ -127,17 +127,22 @@
     </dependency>
     <dependency>
       <groupId>org.codehaus.plexus.security</groupId>
-      <artifactId>plexus-security-authentication-provider-memory</artifactId>
+      <artifactId>plexus-security-authentication-provider-user-manager</artifactId>
       <version>1.0-SNAPSHOT</version>
     </dependency>
     <dependency>
       <groupId>org.codehaus.plexus.security</groupId>
-      <artifactId>plexus-security-user-management-provider-memory</artifactId>
+      <artifactId>plexus-security-user-management-api</artifactId>
       <version>1.0-SNAPSHOT</version>
     </dependency>
     <dependency>
       <groupId>org.codehaus.plexus.security</groupId>
-      <artifactId>plexus-security-authorization-rbac-store-memory</artifactId>
+      <artifactId>plexus-security-user-management-provider-jdo</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus.security</groupId>
+      <artifactId>plexus-security-authorization-rbac-store-jdo</artifactId>
       <version>1.0-SNAPSHOT</version>
     </dependency>
     <dependency>
@@ -149,6 +154,43 @@
       <groupId>org.codehaus.plexus.security</groupId>
       <artifactId>plexus-security-authorization-rbac-authorizer</artifactId>
       <version>1.0-SNAPSHOT</version>
+    </dependency>
+        <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-jdo2</artifactId>
+      <version>1.0-alpha-7-SNAPSHOT</version>
+      <exclusions>
+        <exclusion>
+          <groupId>xerces</groupId>
+          <artifactId>xercesImpl</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>xerces</groupId>
+          <artifactId>xmlParserAPIs</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-utils</artifactId>
+      <version>1.2</version>
+    </dependency>
+     <dependency>
+      <groupId>org.apache.derby</groupId>
+      <artifactId>derby</artifactId>
+       <version>10.1.2.1</version>
+    </dependency>
+    <dependency>
+      <groupId>jpox</groupId>
+      <artifactId>jpox</artifactId>
+      <version>1.1.1</version>
+      <exclusions>
+        <!-- targeting JDK 1.4 we don't need this -->
+        <exclusion>
+          <groupId>javax.sql</groupId>
+          <artifactId>jdbc-stdext</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
   </dependencies>
   <build>

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ProxyAction.java

@@ -16,10 +16,10 @@
  * limitations under the License.
  */
 
-import com.opensymphony.xwork.ActionSupport;
 import org.apache.maven.archiva.proxy.ProxyException;
 import org.apache.maven.archiva.proxy.ProxyManager;
 import org.apache.maven.wagon.ResourceDoesNotExistException;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -32,7 +32,7 @@
  * @plexus.component role="com.opensymphony.xwork.Action" role-hint="proxyAction"
  */
 public class ProxyAction
-    extends ActionSupport
+    extends PlexusActionSupport
 {
     /**
      * @plexus.requirement

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java

@@ -31,6 +31,7 @@
 import org.apache.maven.archiva.reporting.ReportingStoreException;
 import org.apache.maven.artifact.repository.ArtifactRepository;
 import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -43,7 +44,7 @@
  * @plexus.component role="com.opensymphony.xwork.Action" role-hint="reportsAction"
  */
 public class ReportsAction
-    extends ActionSupport
+    extends PlexusActionSupport
     implements Preparable
 {
     /**

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/SearchAction.java

@@ -16,7 +16,6 @@
  * limitations under the License.
  */
 
-import com.opensymphony.xwork.ActionSupport;
 import org.apache.lucene.index.Term;
 import org.apache.lucene.queryParser.MultiFieldQueryParser;
 import org.apache.lucene.queryParser.ParseException;
@@ -32,6 +31,7 @@
 import org.apache.maven.archiva.indexer.lucene.LuceneQuery;
 import org.apache.maven.archiva.indexer.lucene.LuceneRepositoryArtifactIndex;
 import org.apache.maven.archiva.indexer.record.StandardIndexRecordFields;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 import java.io.File;
 import java.net.MalformedURLException;
@@ -43,7 +43,7 @@
  * @plexus.component role="com.opensymphony.xwork.Action" role-hint="searchAction"
  */
 public class SearchAction
-    extends ActionSupport
+    extends PlexusActionSupport
 {
     /**
      * Query string.

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ShowArtifactAction.java

@@ -16,7 +16,6 @@
  * limitations under the License.
  */
 
-import com.opensymphony.xwork.ActionSupport;
 import org.apache.lucene.index.Term;
 import org.apache.lucene.search.TermQuery;
 import org.apache.maven.archiva.configuration.Configuration;
@@ -40,6 +39,7 @@
 import org.apache.maven.project.ProjectBuildingException;
 import org.codehaus.plexus.util.StringUtils;
 import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 import java.io.File;
 import java.io.IOException;
@@ -59,7 +59,7 @@
  * @plexus.component role="com.opensymphony.xwork.Action" role-hint="showArtifactAction"
  */
 public class ShowArtifactAction
-    extends ActionSupport
+    extends PlexusActionSupport
 {
     /**
      * @plexus.requirement

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java

@@ -16,7 +16,6 @@
  * limitations under the License.
  */
 
-import com.opensymphony.xwork.ActionSupport;
 import com.opensymphony.xwork.ModelDriven;
 import com.opensymphony.xwork.Preparable;
 import org.apache.maven.archiva.configuration.AbstractRepositoryConfiguration;
@@ -25,6 +24,8 @@
 import org.apache.maven.archiva.configuration.ConfigurationStore;
 import org.apache.maven.archiva.configuration.ConfigurationStoreException;
 import org.apache.maven.archiva.configuration.InvalidConfigurationException;
+import org.apache.maven.archiva.web.util.RoleManager;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 import java.io.IOException;
 
@@ -34,7 +35,7 @@
  * @author <a href="mailto:brett@apache.org">Brett Porter</a>
  */
 public abstract class AbstractConfigureRepositoryAction
-    extends ActionSupport
+    extends PlexusActionSupport
     implements ModelDriven, Preparable
 {
     /**
@@ -42,6 +43,11 @@ public abstract class AbstractConfigureRepositoryAction
      */
     private ConfigurationStore configurationStore;
 
+    /**
+     * @plexus.requirement
+     */
+    protected RoleManager roleManager;
+
     /**
      * The repository.
      */
@@ -92,6 +98,8 @@ private String saveConfiguration()
     {
         addRepository();
 
+        roleManager.addRepository( getRepoId() );
+
         configurationStore.storeConfiguration( configuration );
 
         // TODO: do we need to check if indexing is needed?

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureAction.java

@@ -16,7 +16,6 @@
  * limitations under the License.
  */
 
-import com.opensymphony.xwork.ActionSupport;
 import com.opensymphony.xwork.ModelDriven;
 import com.opensymphony.xwork.Preparable;
 import org.apache.maven.archiva.configuration.Configuration;
@@ -26,6 +25,7 @@
 import org.apache.maven.archiva.configuration.InvalidConfigurationException;
 import org.apache.maven.archiva.indexer.RepositoryIndexException;
 import org.apache.maven.archiva.indexer.RepositoryIndexSearchException;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 import java.io.File;
 import java.io.IOException;
@@ -36,7 +36,7 @@
  * @plexus.component role="com.opensymphony.xwork.Action" role-hint="configureAction"
  */
 public class ConfigureAction
-    extends ActionSupport
+    extends PlexusActionSupport
     implements ModelDriven, Preparable
 {
     /**

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/NewUserAction.java

@@ -0,0 +1,171 @@
+package org.apache.maven.archiva.web.action.admin;
+
+
+/*
+ * Copyright 2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.security.system.SecuritySystem;
+import org.codehaus.plexus.security.user.User;
+import org.codehaus.plexus.security.user.UserManager;
+import org.codehaus.plexus.security.user.policy.PasswordRuleViolationException;
+import org.codehaus.plexus.security.user.policy.PasswordRuleViolations;
+import org.codehaus.plexus.util.StringUtils;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+import org.apache.maven.archiva.web.util.RoleManager;
+
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * LoginAction:
+ *
+ * @author Jesse McConnell <jmcconnell@apache.org>
+ * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
+ * @version $Id:$
+ * @plexus.component role="com.opensymphony.xwork.Action"
+ * role-hint="newUser"
+ */
+public class NewUserAction
+    extends PlexusActionSupport
+{
+
+    /**
+     * @plexus.requirement
+     */
+    private SecuritySystem securitySystem;
+
+    /**
+     * @plexus.requirement
+     */
+    private RoleManager roleManager;
+
+    private String username;
+
+    private String password;
+
+    private String passwordConfirm;
+
+    private String email;
+
+    private String fullName;
+
+    public String createUser()
+    {
+        // TODO: use commons-validator for these fields.
+
+        if ( StringUtils.isEmpty( username ) )
+        {
+            addActionError( "User Name is required." );
+        }
+
+        if ( StringUtils.isEmpty( fullName ) )
+        {
+            addActionError( "Full Name is required." );
+        }
+
+        if ( StringUtils.isEmpty( email ) )
+        {
+            addActionError( "Email Address is required." );
+        }
+
+        // TODO: Validate Email Address (use commons-validator)
+
+        if ( StringUtils.equals( password, passwordConfirm ) )
+        {
+            addActionError( "Passwords do not match." );
+        }
+
+        UserManager um = securitySystem.getUserManager();
+
+        User user = um.createUser( username, fullName, email );
+
+        user.setPassword( password );
+
+        try
+        {
+            um.addUser( user );
+        }
+        catch ( PasswordRuleViolationException e )
+        {
+            PasswordRuleViolations violations = e.getViolations();
+            List violationList = violations.getLocalizedViolations();
+            Iterator it = violationList.iterator();
+            while ( it.hasNext() )
+            {
+                addActionError( (String) it.next() );
+            }
+        }
+
+        if ( hasActionErrors() )
+        {
+            return ERROR;
+        }
+
+        roleManager.addUser( user.getPrincipal().toString() );
+
+        return SUCCESS;
+    }
+
+    public String getUsername()
+    {
+        return username;
+    }
+
+    public void setUsername( String username )
+    {
+        this.username = username;
+    }
+
+    public String getPassword()
+    {
+        return password;
+    }
+
+    public void setPassword( String password )
+    {
+        this.password = password;
+    }
+
+    public String getEmail()
+    {
+        return email;
+    }
+
+    public void setEmail( String email )
+    {
+        this.email = email;
+    }
+
+    public String getFullName()
+    {
+        return fullName;
+    }
+
+    public void setFullName( String fullName )
+    {
+        this.fullName = fullName;
+    }
+
+    public String getPasswordConfirm()
+    {
+        return passwordConfirm;
+    }
+
+    public void setPasswordConfirm( String passwordConfirm )
+    {
+        this.passwordConfirm = passwordConfirm;
+    }
+}

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/RunRepositoryTaskAction.java

@@ -16,9 +16,9 @@
  * limitations under the License.
  */
 
-import com.opensymphony.xwork.ActionSupport;
 import org.apache.maven.archiva.scheduler.RepositoryTaskScheduler;
 import org.apache.maven.archiva.scheduler.TaskExecutionException;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 /**
  * Configures the application.
@@ -26,7 +26,7 @@
  * @plexus.component role="com.opensymphony.xwork.Action" role-hint="runRepositoryTaskAction"
  */
 public class RunRepositoryTaskAction
-    extends ActionSupport
+    extends PlexusActionSupport
 {
     /**
      * @plexus.requirement

archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java

@@ -0,0 +1,187 @@
+package org.apache.maven.archiva.web.action.admin;
+
+
+/*
+ * Copyright 2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import com.opensymphony.xwork.ModelDriven;
+import com.opensymphony.xwork.Preparable;
+import org.codehaus.plexus.security.rbac.RBACManager;
+import org.codehaus.plexus.security.user.User;
+import org.codehaus.plexus.security.user.UserManager;
+import org.codehaus.plexus.xwork.action.PlexusActionSupport;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * LoginAction:
+ *
+ * @author Jesse McConnell <jmcconnell@apache.org>
+ * @version $Id:$
+ * @plexus.component role="com.opensymphony.xwork.Action"
+ * role-hint="userManagement"
+ */
+public class UserManagementAction
+    extends PlexusActionSupport
+    implements ModelDriven, Preparable
+{
+
+    /**
+     * @plexus.requirement
+     */
+    private UserManager userManager;
+
+    /**
+     * @plexus.requirement
+     */
+    private RBACManager rbacManager;
+
+    private User user;
+
+    private String username;
+
+    private String principal;
+
+    private List availableRoles;
+
+    private List assignedRoles;
+
+    private List resources;
+
+    private String resourceName;
+
+    public void prepare()
+        throws Exception
+    {
+        if ( username == null )
+        {
+            username = ( (User) session.get( "user" ) ).getUsername();
+            user = userManager.findUser( username );
+        }
+        else
+        {
+            user = userManager.findUser( username );
+        }
+
+        resources = rbacManager.getAllResources();
+
+        availableRoles = rbacManager.getAllAssignableRoles();
+
+        principal = ( (User) session.get( "user" ) ).getPrincipal().toString();
+
+        if ( principal != null && rbacManager.userAssignmentExists( principal ) )
+        {
+            getLogger().info( "recovering assigned roles" );
+            assignedRoles = new ArrayList( rbacManager.getAssignedRoles( principal ) );
+            availableRoles = new ArrayList( rbacManager.getUnassignedRoles( principal ) );
+        }
+        else
+        {
+            getLogger().info( "new assigned roles" );
+            assignedRoles = new ArrayList();
+            availableRoles = rbacManager.getAllAssignableRoles();
+
+        }
+
+        getLogger().info( "assigned roles: " + assignedRoles.size() );
+        getLogger().info( "available roles: " + availableRoles.size() );
+    }
+
+    public String save()
+        throws Exception
+    {
+        User temp = userManager.findUser( username );
+
+        temp.setEmail( user.getEmail() );
+        temp.setFullName( user.getFullName() );
+        temp.setLocked( user.isLocked() );
+
+        userManager.updateUser( temp );
+
+        return SUCCESS;
+    }
+
+    public Object getModel()
+    {
+        return user;
+    }
+
+    public String getUsername()
+    {
+        return username;
+    }
+
+    public void setUsername( String username )
+    {
+        this.username = username;
+    }
+
+    public User getUser()
+    {
+        return user;
+    }
+
+    public String getPrincipal()
+    {
+        return principal;
+    }
+
+    public void setPrincipal( String principal )
+    {
+        this.principal = principal;
+    }
+
+    public List getAvailableRoles()
+    {
+        return availableRoles;
+    }
+
+    public void setAvailableRoles( List availableRoles )
+    {
+        this.availableRoles = availableRoles;
+    }
+
+    public List getAssignedRoles()
+    {
+        return assignedRoles;
+    }
+
+    public void setAssignedRoles( List assignedRoles )
+    {
+        this.assignedRoles = assignedRoles;
+    }
+
+    public List getResources()
+    {
+        return resources;
+    }
+
+    public void setResources( List resources )
+    {
+        this.resources = resources;
+    }
+
+    public String getResourceName()
+    {
+        return resourceName;
+    }
+
+    public void setResourceName( String resourceName )
+    {
+        this.resourceName = resourceName;
+    }
+}

archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java

@@ -20,6 +20,7 @@
 import com.opensymphony.xwork.interceptor.Interceptor;
 import org.apache.maven.archiva.configuration.Configuration;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
+import org.apache.maven.archiva.web.util.RoleManager;
 import org.codehaus.plexus.logging.AbstractLogEnabled;
 
 /**
@@ -37,6 +38,17 @@ public class ConfigurationInterceptor
      */
     private ConfigurationStore configurationStore;
 
+    /**
+     * @plexus.requirement
+     */
+    private RoleManager roleManager;
+
+    /**
+     *
+     * @param actionInvocation
+     * @return
+     * @throws Exception
+     */
     public String intercept( ActionInvocation actionInvocation )
         throws Exception
     {

archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java

@@ -0,0 +1,288 @@
+package org.apache.maven.archiva.web.util;
+
+/*
+* Copyright 2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
+import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
+import org.codehaus.plexus.security.rbac.Operation;
+import org.codehaus.plexus.security.rbac.Permission;
+import org.codehaus.plexus.security.rbac.RBACManager;
+import org.codehaus.plexus.security.rbac.RbacObjectNotFoundException;
+import org.codehaus.plexus.security.rbac.RbacStoreException;
+import org.codehaus.plexus.security.rbac.Resource;
+import org.codehaus.plexus.security.rbac.Role;
+import org.codehaus.plexus.security.rbac.UserAssignment;
+
+/**
+ * DefaultRoleManager:
+ *
+ * @author Jesse McConnell <jmcconnell@apache.org>
+ * @version $Id:$
+ * @plexus.component role="org.apache.maven.archiva.web.util.RoleManager"
+ * role-hint="default"
+ */
+public class DefaultRoleManager
+    implements RoleManager, Initializable
+{
+
+    /**
+     * @plexus.requirement
+     */
+    private RBACManager manager;
+
+    private boolean initialized;
+
+    public void initialize()
+        throws InitializationException
+    {
+
+        // initialize the operations
+
+        if ( !manager.operationExists( "add-repository" ) )
+        {
+            Operation operation = manager.createOperation( "add-repository" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "edit-repository" ) )
+        {
+            Operation operation = manager.createOperation( "edit-repository" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "delete-repository" ) )
+        {
+            Operation operation = manager.createOperation( "delete-repository" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "edit-configuration" ) )
+        {
+            Operation operation = manager.createOperation( "edit-configuration" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "run-indexer" ) )
+        {
+            Operation operation = manager.createOperation( "run-indexer" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "regenerate-index" ) )
+        {
+            Operation operation = manager.createOperation( "regenerate-index" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "get-reports" ) )
+        {
+            Operation operation = manager.createOperation( "get-reports" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "regenerate-reports" ) )
+        {
+            Operation operation = manager.createOperation( "regenerate-reports" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "edit-user" ) )
+        {
+            Operation operation = manager.createOperation( "edit-user" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "edit-all-users" ) )
+        {
+            Operation operation = manager.createOperation( "edit-all-users" );
+            manager.saveOperation( operation );
+        }
+
+        if ( !manager.operationExists( "remove-roles" ) )
+        {
+            Operation operation = manager.createOperation( "remove-roles" );
+            manager.saveOperation( operation );
+        }
+
+        try
+        {
+            if ( !manager.permissionExists( "Edit Configuration" ) )
+            {
+                Permission editConfiguration =
+                    manager.createPermission( "Edit Configuration", "edit-configuration", manager.getGlobalResource().getIdentifier() );
+                manager.savePermission( editConfiguration );
+            }
+
+            if ( !manager.permissionExists( "Run Indexer" ) )
+            {
+                Permission runIndexer = manager.createPermission( "Run Indexer", "run-indexer", manager.getGlobalResource().getIdentifier()  );
+
+                manager.savePermission( runIndexer );
+            }
+
+            if ( !manager.permissionExists( "Add Repository" ) )
+            {
+                Permission runIndexer = manager.createPermission( "Add Repository", "add-repository", manager.getGlobalResource().getIdentifier() );
+                manager.savePermission( runIndexer );
+            }
+
+            if ( !manager.permissionExists( "Edit All Users" ) )
+            {
+                Permission editAllUsers = manager.createPermission( "Edit All Users", "edit-all-users", manager.getGlobalResource().getIdentifier()  );
+
+                manager.savePermission( editAllUsers );
+            }
+
+            if ( !manager.permissionExists( "Remove Roles" ) )
+            {
+                Permission editAllUsers = manager.createPermission( "Remove Roles", "remove-roles", manager.getGlobalResource().getIdentifier()  );
+
+                manager.savePermission( editAllUsers );
+            }
+
+
+            if ( !manager.permissionExists( "Regenerate Index" ) )
+            {
+                Permission regenIndex = manager.createPermission( "Regenerate Index", "regenerate-index", manager.getGlobalResource().getIdentifier()  );
+
+                manager.savePermission( regenIndex );
+            }
+
+            if ( !manager.roleExists( "User Administrator" ) )
+            {
+                Role userAdmin = manager.createRole( "User Administrator" );
+                userAdmin.addPermission( manager.getPermission( "Edit All Users" ) );
+                userAdmin.addPermission( manager.getPermission( "Remove Roles" ) );
+                userAdmin.setAssignable( true );
+                manager.saveRole( userAdmin );
+            }
+
+            if ( !manager.roleExists( "System Administrator" ) )
+            {
+                Role admin = manager.createRole( "System Administrator" );
+                admin.addChildRole( manager.getRole( "User Administrator" ) ) ;
+                admin.addPermission( manager.getPermission( "Edit Configuration" ) );
+                admin.addPermission( manager.getPermission( "Run Indexer" ) );
+                admin.addPermission( manager.getPermission( "Add Repository") );
+                admin.addPermission( manager.getPermission( "Regenerate Index" ) );
+                admin.setAssignable( true );
+                manager.saveRole( admin );
+            }
+
+
+
+        }
+        catch ( RbacObjectNotFoundException ne )
+        {
+            throw new InitializationException( "error in role initialization", ne );
+        }
+
+        initialized = true;
+    }
+
+    public void addUser( String principal )
+        throws RbacStoreException
+    {
+        try
+        {
+            // make the resource
+            Resource usernameResource = manager.createResource( principal );
+            manager.saveResource( usernameResource );
+
+            Permission editUser = manager.createPermission( "Edit Myself" );
+            editUser.setOperation( manager.getOperation( "edit-user" ) );
+            editUser.setResource( manager.getResource( principal ) );
+            editUser = manager.savePermission( editUser );
+
+            // todo this one role a user will go away when we have expressions in the resources
+            Role userRole = manager.createRole( "Personal Role - " + principal );
+            userRole.addPermission( editUser );
+            userRole = manager.saveRole( userRole );
+
+            UserAssignment assignment = manager.createUserAssignment( principal );
+            assignment.addRole( userRole );
+            manager.saveUserAssignment( assignment );
+
+        }
+        catch ( RbacObjectNotFoundException ne )
+        {
+            throw new RbacStoreException( "rbac object not found in repo role creation", ne );
+        }
+    }
+
+    public void addRepository( String repositoryName )
+        throws RbacStoreException
+    {
+        try
+        {
+            // make the resource
+            Resource repoResource = manager.createResource( repositoryName );
+            repoResource = manager.saveResource( repoResource );
+
+            // make the permissions
+            Permission editRepo = manager.createPermission( "Edit Repository - " + repositoryName );
+            editRepo.setOperation( manager.getOperation( "edit-repository" ) );
+            editRepo.setResource( repoResource );
+            editRepo = manager.savePermission( editRepo );
+
+            Permission deleteRepo = manager.createPermission( "Delete Repository - " + repositoryName );
+            deleteRepo.setOperation( manager.getOperation( "delete-repository" ) );
+            deleteRepo.setResource( repoResource );
+            deleteRepo = manager.savePermission( deleteRepo );
+
+            Permission getReports =
+                manager.createPermission( "Get Reports - " + repositoryName );
+            getReports.setOperation( manager.getOperation( "get-reports" ) );
+            getReports.setResource( repoResource );
+            getReports = manager.savePermission( getReports );
+
+            Permission regenReports = manager.createPermission( "Regenerate Reports - " + repositoryName );
+            regenReports.setOperation( manager.getOperation( "regenerate-reports" ) );
+            regenReports.setResource( repoResource );
+            regenReports = manager.savePermission( regenReports );
+
+            // make the roles
+            Role repositoryObserver = manager.createRole( "Repository Manager - " + repositoryName );
+            repositoryObserver.addPermission( editRepo );
+            repositoryObserver.setAssignable( true );
+            repositoryObserver = manager.saveRole( repositoryObserver );
+
+            Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
+            repositoryManager.addPermission( editRepo );
+            repositoryManager.addPermission( deleteRepo );
+            repositoryManager.addPermission( regenReports );
+            repositoryManager.addChildRole( repositoryObserver );
+            repositoryManager.setAssignable( true );
+            manager.saveRole( repositoryManager );
+
+        }
+        catch ( RbacObjectNotFoundException ne )
+        {
+            throw new RbacStoreException( "rbac object not found in repo role creation", ne );
+        }
+    }
+
+    public boolean isInitialized()
+    {
+        return initialized;
+    }
+
+    public void setInitialized( boolean initialized )
+    {
+        this.initialized = initialized;
+    }
+}

archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java

@@ -0,0 +1,39 @@
+package org.apache.maven.archiva.web.util;
+
+import org.codehaus.plexus.security.rbac.RbacStoreException;
+
+/*
+ * Copyright 2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * RoleManager:
+ *
+ * @author Jesse McConnell <jmcconnell@apache.org>
+ * @version $Id:$
+ *
+ */
+public interface RoleManager
+{
+    public static final String ROLE = RoleManager.class.getName();
+
+    public void addRepository( String repositoryName )
+        throws RbacStoreException;
+
+    public void addUser( String principal )
+        throws RbacStoreException;
+
+    public boolean isInitialized();
+}

archiva-webapp/src/main/resources/META-INF/plexus/application.xml

@@ -56,6 +56,10 @@
             <hierarchy>org.apache.maven</hierarchy>
             <level>DEBUG</level>
           </level>
+          <level>
+            <hierarchy>org.codehaus.plexus.security</hierarchy>
+            <level>INFO</level>
+          </level>
         </levels>
       </configuration>
     </component>
@@ -69,7 +73,7 @@
       <requirements>
         <requirement>
           <role>org.codehaus.plexus.security.authentication.Authenticator</role>
-          <role-hint>memory</role-hint>
+          <role-hint>user-manager</role-hint>
         </requirement>
         <requirement>
           <role>org.codehaus.plexus.security.authorization.Authorizer</role>
@@ -77,7 +81,7 @@
         </requirement>
         <requirement>
           <role>org.codehaus.plexus.security.user.UserManager</role>
-          <role-hint>memory</role-hint>
+          <role-hint>jdo</role-hint>
         </requirement>
       </requirements>
     </component>
@@ -88,13 +92,86 @@
       <implementation>org.codehaus.plexus.security.authorization.rbac.RbacAuthorizer</implementation>
       <requirements>
         <requirement>
-          <role>org.codehaus.plexus.security.authorization.rbac.store.RbacStore</role>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
-          <role-hint>memory</role-hint>
+          <role-hint>jdo</role-hint>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.security.authorization.rbac.evaluator.PermissionEvaluator</role>
+          <role-hint>default</role-hint>
         </requirement>
       </requirements>
     </component>
 
 
+    <component>
+      <role>org.codehaus.plexus.jdo.JdoFactory</role>
+      <implementation>org.codehaus.plexus.jdo.DefaultConfigurableJdoFactory</implementation>
+      <configuration>
+
+        <!-- HSQLDB Configuration -->
+        <!--
+          NOTE: NO NOT USE THIS CONFIGURATION FOR A PRODUCTION SYSTEM.
+          HSQLDB keeps all data in memory at all times.
+
+          NOTE: JPOX 1.1.1 won't create the tables on start
+          http://www.jpox.org/servlet/jira/browse/CORE-2946
+        -->
+        <!--
+        <driverName>org.hsqldb.jdbcDriver</driverName>
+        <url>jdbc:hsqldb:mem:test</url>
+        <userName>sa</userName>
+        <password></password>
+            -->
+
+        <!-- Apache Derby Configuration -->
+        <driverName>org.apache.derby.jdbc.EmbeddedDriver</driverName>
+        <url>jdbc:derby:${plexus.home}/database;create=true</url>
+        <userName>sa</userName>
+        <password></password>
+
+        <!-- Postgresql Configuration -->
+        <!--
+        <driverName>org.postgresql.Driver</driverName>
+        <url>jdbc:postgresql://localhost/continuum</url>
+        <userName>username</userName>
+        <password></password>
+        -->
+
+        <!-- JPOX and JDO configuration -->
+        <persistenceManagerFactoryClass>org.jpox.PersistenceManagerFactoryImpl</persistenceManagerFactoryClass>
+        <otherProperties>
+          <property>
+            <name>org.jpox.autoCreateSchema</name>
+            <value>true</value>
+          </property>
+          <property>
+            <name>org.jpox.autoStartMechanism</name>
+            <value>SchemaTable</value>
+          </property>
+          <property>
+            <name>org.jpox.autoStartMechanismMode</name>
+            <value>Ignored</value>
+          </property>
+          <property>
+            <name>org.jpox.validateTables</name>
+            <value>false</value>
+          </property>
+          <property>
+            <name>org.jpox.validateConstraints</name>
+            <value>false</value>
+          </property>
+          <property>
+            <name>org.jpox.transactionIsolation</name>
+            <value>READ_UNCOMMITTED</value>
+          </property>
+          <property>
+            <name>org.jpox.poid.transactionIsolation</name>
+            <value>READ_UNCOMMITTED</value>
+          </property>
+        </otherProperties>
+      </configuration>
+    </component>
+
   </components>
 
   <!-- Override default configuration of components -->

archiva-webapp/src/main/resources/xwork.xml

@@ -126,17 +126,16 @@
     </action>
 
     <!-- plexus security actions -->
-    <action name="login" class="session" method="login">
+    <action name="login" class="plexusSecurityLogin" method="login">
-      <result name="input">/WEB-INF/jsp/login.jsp</result>
+      <result name="input">/WEB-INF/jsp/loginRegister.jsp</result>
       <result name="success" type="redirect-action">browse</result>
     </action>
 
-    <action name="logout" class="session" method="logout">
+    <action name="logout" class="plexusSecurityLogin" method="logout">
-      <result>/WEB-INF/jsp/logout.jsp</result>
+      <result name="success">/WEB-INF/jsp/logout.jsp</result>
     </action>
 
-    <action name="register" class="registerUser" method="createUser">
+    <action name="register" class="newUser" method="createUser">
-      <result name="input">/WEB-INF/jsp/register.jsp</result>
       <result name="success" type="redirect-action">login</result>
     </action>
   </package>
@@ -237,6 +236,112 @@
       <result name="wait" type="redirect">/admin/reports.action?reportGroup=${reportGroup}&amp;repositoryId=${repositoryId}&amp;filter=${filter}</result>
       <result name="success" type="redirect">/admin/reports.action?reportGroup=${reportGroup}&amp;repositoryId=${repositoryId}&amp;filter=${filter}</result>
     </action>
+
+
+    <action name="user" class="userManagement">
+      <result name="success">/WEB-INF/jsp/user.jsp</result>
+    </action>
+
+    <!-- plexus security actions -->
+
+    <action name="userDetails" class="plexusSecurityUserManagement" method="save">
+      <result name="success">/WEB-INF/jsp/userDetails.jsp</result>
+    </action>
+
+    <action name="userManagement" class="plexusSecurityUserManagement">
+      <result name="success">/WEB-INF/jsp/findUser.jsp</result>
+    </action>
+
+    <action name="assignRoleToUser" class="plexusSecurityUserAssignment" method="assignRole">
+      <result name="success" type="redirect-action">user</result>
+    </action>
+
+    <action name="removeRoleFromUser" class="plexusSecurityUserAssignment" method="removeRole">
+      <result name="success" type="redirect-action">user</result>
+    </action>
+
+    <action name="permissions" class="plexusSecuritySummary" method="permissionSummary">
+      <result name="success">/WEB-INF/jsp/admin/rbac/permissions.jsp</result>
+    </action>
+
+    <action name="permission" class="plexusSecurityPermission">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success">/WEB-INF/jsp/admin/rbac/permission.jsp</result>
+    </action>
+
+    <action name="savePermission" class="plexusSecurityPermission" method="save">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success" type="redirect-action">permissions</result>
+    </action>
+
+    <action name="removePermission" class="plexusSecurityPermission" method="remove">
+      <result name="success" type="redirect-action">permissions</result>
+    </action>
+
+    <action name="operations" class="plexusSecuritySummary" method="operationSummary">
+      <result name="success">/WEB-INF/jsp/admin/rbac/operations.jsp</result>
+    </action>
+
+    <action name="operation" class="plexusSecurityOperation">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success">/WEB-INF/jsp/admin/rbac/operation.jsp</result>
+    </action>
+
+    <action name="saveOperation" class="plexusSecurityOperation" method="save">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success" type="redirect-action">operations</result>
+    </action>
+
+    <action name="removeOperation" class="plexusSecurityOperation" method="remove">
+      <result name="success" type="redirect-action">operations</result>
+    </action>
+
+    <action name="resources" class="plexusSecuritySummary" method="resourceSummary">
+      <result name="success">/WEB-INF/jsp/admin/rbac/resources.jsp</result>
+    </action>
+
+    <action name="resource" class="plexusSecurityResource">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success">/WEB-INF/jsp/admin/rbac/resource.jsp</result>
+    </action>
+
+    <action name="saveResource" class="plexusSecurityResource" method="save">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success" type="redirect-action">resources</result>
+    </action>
+
+    <action name="removeResource" class="plexusSecurityResource" method="remove">
+      <result name="success">/WEB-INF/jsp/admin/rbac/resources.jsp</result>
+    </action>
+
+    <action name="roles" class="plexusSecuritySummary" method="roleSummary">
+      <result name="success">/WEB-INF/jsp/admin/rbac/roles.jsp</result>
+    </action>
+
+    <action name="role" class="plexusSecurityRole">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success">/WEB-INF/jsp/admin/rbac/role.jsp</result>
+    </action>
+
+    <action name="saveRole" class="plexusSecurityRole" method="save">
+      <interceptor-ref name="paramsPrepareParamsStack"/>
+      <result name="success" type="redirect-action">roles</result>
+    </action>
+
+    <action name="removeRole" class="plexusSecurityRole" method="remove">
+      <result name="success" type="redirect-action">roles</result>
+    </action>
+
+    <action name="removeAssignedRole" class="plexusSecurityRole" method="removeAssignedRole">
+      <result name="success" type="chain">role</result>
+    </action>
+
+    <action name="removeAssignedPermission" class="plexusSecurityRole" method="removeAssignedPermission">
+      <result name="success" type="chain">role</result>
+    </action>
+
+
+
   </package>
 </xwork>
 

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp

@@ -16,6 +16,7 @@
 
 <%@ taglib prefix="ww" uri="/webwork" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="pss" uri="plexusSecuritySystem" %>
 
 <html>
 <head>
@@ -50,7 +51,11 @@
       <ww:property value="indexerCronExpression"/>
     </td>
     <%-- TODO: a "delete index and run now" operation should be here too (really clean, remove deletions that didn't get picked up) --%>
-    <td><a href="<ww:url action="runIndexer" />">Run Now</a></td>
+    <td>
+      <pss:ifAuthorized permission="run-indexer">
+        <a href="<ww:url action="runIndexer" />">Run Now</a>
+      </pss:ifAuthorized>
+    </td>
   </tr>
 </table>
 
@@ -77,7 +82,11 @@
 <div>
   <div style="float: right">
     <%-- TODO replace with icons --%>
-    <a href="<ww:url action="addRepository" method="input" />">Add Repository</a></div>
+    <pss:ifAuthorized permission="add-repository">
+      <ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
+      <ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
+    </pss:ifAuthorized>
+  </div>
   <h2>Managed Repositories</h2>
 </div>
 

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/README

@@ -0,0 +1,6 @@
+NOTE: since this is the first application of plexus-security I have these pages here for analyzing the roles
+from rbac.
+
+these will be removed shortly
+
+nada que ver aqui! :P

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operation.jsp

@@ -0,0 +1,43 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Operation Modification</h1>
+
+<div id="contentArea">
+
+<ww:actionerror/>
+<ww:form action="saveOperation" method="post">
+  <ww:hidden name="operationName"/>
+
+  <ww:textfield label="name" name="name"/> <br/>
+  <ww:textfield label="description" name="description"/> <br/>
+
+  <ww:submit/>
+</ww:form>
+
+</div>
+</body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/operations.jsp

@@ -0,0 +1,55 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Available Operations</h1>
+
+<div id="contentArea">
+
+  <ww:url id="rolesUrl" action="roles"/>
+  <ww:url id="permissionsUrl" action="permissions"/>
+  <ww:url id="operationsUrl" action="operations"/>
+  <ww:url id="resourcesUrl" action="resources"/>
+
+  <p><ww:a href="%{rolesUrl}">Roles</ww:a>|<ww:a href="%{permissionsUrl}">Permissions</ww:a>|<ww:a href="%{operationsUrl}">Operations</ww:a>|<ww:a href="%{resourcesUrl}">Resources</ww:a> </p>
+
+    <ww:actionerror/>
+
+     <ww:iterator id="operation" value="operations">
+      <ww:url id="operationUrl" action="operation">
+        <ww:param name="operationName">${operation.name}</ww:param>
+      </ww:url>
+
+      <ww:a href="%{operationUrl}">${operation.name}</ww:a><br/>
+    </ww:iterator>
+
+    <p>
+      <ww:url id="newOperationUrl" action="operation"/>
+
+      <ww:a href="%{newOperationUrl}">new</ww:a><br/>
+    </p>
+</div>
+  </body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permission.jsp

@@ -0,0 +1,46 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Permission Modification</h1>
+
+<div id="contentArea">
+
+    <ww:actionerror/>
+  <ww:form action="savePermission" method="post">
+     <ww:hidden name="permissionName"/>
+
+     <ww:textfield label="Name" name="name"/> <br/>
+     <ww:textfield label="Description" name="description"/> <br/>
+     <ww:select label="Operation" name="operationName" list="operations" listKey="name" listValue="name" value="operation.name" emptyOption="true"/> <br/>
+   <br/>
+     <ww:select label="Resource" name="resourceIdentifier" list="resources" listKey="identifier" listValue="identifier" value="resource.identifier" emptyOption="true"/><br/>
+      or<br/>
+     <ww:checkbox label="Is GlobalResource?" name="globalResource"/><br/>
+      <center><ww:submit/></center>
+    </ww:form>
+</div>
+  </body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/permissions.jsp

@@ -0,0 +1,59 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Available Permissions</h1>
+
+<div id="contentArea">
+  <ww:url id="rolesUrl" action="roles"/>
+  <ww:url id="permissionsUrl" action="permissions"/>
+  <ww:url id="operationsUrl" action="operations"/>
+  <ww:url id="resourcesUrl" action="resources"/>
+
+  <p><ww:a href="%{rolesUrl}">Roles</ww:a>|<ww:a href="%{permissionsUrl}">Permissions</ww:a>|<ww:a href="%{operationsUrl}">Operations</ww:a>|<ww:a href="%{resourcesUrl}">Resources</ww:a> </p>
+
+    <p>
+      Permissions list page
+    </p>
+    <ww:actionerror/>
+
+  <ww:iterator id="permission" value="permissions">
+       <ww:url id="permissionUrl" action="permission">
+         <ww:param name="permissionName">${permission.name}</ww:param>
+       </ww:url>
+
+       <ww:a href="%{permissionUrl}">${permission.name}</ww:a><br/>
+     </ww:iterator>
+
+     <p>
+       <ww:url id="newPermissionUrl" action="permission"/>
+
+       <ww:a href="%{newPermissionUrl}">new</ww:a><br/>
+     </p>
+     
+    
+</div
+  </body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resource.jsp

@@ -0,0 +1,42 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Resource Modification</h1>
+
+<div id="contentArea">
+
+    <ww:actionerror/>
+  <ww:form action="saveResource" method="post">
+      <ww:hidden name="resourceIdentifier"/>
+
+      <ww:textfield label="identifier" name="identifier"/> <br/>
+
+      <center><ww:submit/></center>
+    </ww:form>
+ 
+</div>
+  </body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/resources.jsp

@@ -0,0 +1,55 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Available Resources</h1>
+
+<div id="contentArea">
+
+  <ww:url id="rolesUrl" action="roles"/>
+  <ww:url id="permissionsUrl" action="permissions"/>
+  <ww:url id="operationsUrl" action="operations"/>
+  <ww:url id="resourcesUrl" action="resources"/>
+
+  <p><ww:a href="%{rolesUrl}">Roles</ww:a>|<ww:a href="%{permissionsUrl}">Permissions</ww:a>|<ww:a href="%{operationsUrl}">Operations</ww:a>|<ww:a href="%{resourcesUrl}">Resources</ww:a> </p>
+
+    <ww:actionerror/>
+
+   <ww:iterator id="resource" value="resources">
+      <ww:url id="resourceUrl" action="resource">
+        <ww:param name="resourceIdentifier">${resource.identifier}</ww:param>
+      </ww:url>
+      <ww:a href="%{resourceUrl}">${resource.identifier}</ww:a><br/>
+    </ww:iterator>
+
+    <p>
+      <ww:url id="newResourceUrl" action="resource"/>
+
+      <ww:a href="%{newResourceUrl}">new</ww:a><br/>
+    </p>
+</div>
+
+  </body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/role.jsp

@@ -0,0 +1,67 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Role Modification</h1>
+
+<div id="contentArea">
+
+<ww:actionerror/>
+<ww:form action="saveRole" method="post">
+  <ww:hidden name="roleName"/>
+
+  <ww:textfield label="name" name="name"/> <br/>
+  <ww:textfield label="description" name="description"/> <br/>
+  <ww:checkbox label="assignable?" name="assignable"/><br/>
+  <br/>
+  Currently Assigned Permissions:<br/>
+  <ww:iterator id="permission" value="permissions">
+    <ww:url id="removeAssignedPermissionUrl" action="removeAssignedPermission">
+      <ww:param name="roleName" value="roleName"/>
+      <ww:param name="removePermissionName">${permission.name}</ww:param>
+    </ww:url>
+    ${permission.name} | <ww:a href="%{removeAssignedPermissionUrl}">remove</ww:a><br/>
+  </ww:iterator>
+  <br/>
+  <ww:select label="add new permission" name="assignPermissionName" list="assignablePermissions"  listKey="name" listValue="name" emptyOption="true"/><br/>
+  <br/>
+  Currently Assigned Roles:<br/>
+  <ww:iterator id="arole" value="childRoles.roles">
+    <ww:url id="removeAssignedRoleUrl" action="removeAssignedRole">
+      <ww:param name="roleName" value="roleName"/>
+      <ww:param name="removeRoleName" value="${arole.name}"/>
+    </ww:url>
+    ${arole.name} | <ww:a href="%{removeAssignedRoleUrl}">remove</ww:a><br/>
+  </ww:iterator>
+  <br/>
+  <ww:select label="add sub role" name="assignedRoleName" list="assignableRoles" listKey="name" listValue="name" emptyOption="true"/><br/>
+
+  <p>
+    <ww:submit/>
+  </p>
+</ww:form>
+   </div>
+</body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/rbac/roles.jsp

@@ -0,0 +1,55 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~    http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+
+<html>
+<head>
+  <title>Configuration</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<h1>Available Roles</h1>
+
+<div id="contentArea">
+
+  <body>
+    <ww:url id="rolesUrl" action="roles"/>
+    <ww:url id="permissionsUrl" action="permissions"/>
+    <ww:url id="operationsUrl" action="operations"/>
+    <ww:url id="resourcesUrl" action="resources"/>
+
+    <p><ww:a href="%{rolesUrl}">Roles</ww:a>|<ww:a href="%{permissionsUrl}">Permissions</ww:a>|<ww:a href="%{operationsUrl}">Operations</ww:a>|<ww:a href="%{resourcesUrl}">Resources</ww:a> </p>
+
+    <ww:actionerror/>
+   <ww:iterator id="role" value="roles">
+      <ww:url id="roleUrl" action="role">
+        <ww:param name="roleName">${role.name}</ww:param>
+      </ww:url>
+
+      <ww:a href="%{roleUrl}">${role.name}</ww:a><br/>
+    </ww:iterator>
+
+    <p>
+      <ww:url id="newRoleUrl" action="role"/>
+
+      <ww:a href="%{newRoleUrl}">new</ww:a><br/>
+    </p>
+</div>
+  </body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/browse.jsp

@@ -16,6 +16,7 @@
 
 <%@ taglib prefix="ww" uri="/webwork" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="pss" uri="plexusSecuritySystem" %>
 
 <html>
 <head>
@@ -26,7 +27,6 @@
 <body>
 
 <h1>Browse Repository</h1>
-
 <div id="contentArea">
   <div id="nameColumn">
     <h2>Groups</h2>
@@ -43,6 +43,8 @@
     </ul>
   </div>
 
+
+
   <%-- TODO: later, when supported in metadata
   <div id="categoryColumn">
     <h2>Category</h2>

archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp

@@ -18,6 +18,7 @@
 <%@ taglib uri="/webwork" prefix="ww" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 <%@ taglib prefix="my" tagdir="/WEB-INF/tags" %>
+<%@ taglib prefix="pss" uri="plexusSecuritySystem" %>
 <html>
 <head>
   <title>Maven Archiva ::
@@ -60,14 +61,15 @@
   <div class="xleft">
     <ww:url id="loginUrl" action="login" namespace="/"/>
     <ww:url id="logoutUrl" action="logout" namespace="/"/>
-    <ww:url id="registerUrl" action="register" namespace="/"/>
+    <ww:url id="manageUserUrl" action="user" namespace="/admin"/>
+
     <ww:if test="${sessionScope.authStatus != true}">
-      <ww:a href="%{loginUrl}">Login</ww:a>
+      <ww:a href="%{loginUrl}">Login/Register</ww:a>
-      or
+
-      <ww:a href="%{registerUrl}">Register</ww:a>
     </ww:if>
     <ww:else>
       Welcome, <b>${sessionScope.user.username}</b> -
+      <ww:a href="%{manageUserUrl}">Settings</ww:a> -
       <ww:a href="%{logoutUrl}">Logout</ww:a>
     </ww:else>
   </div>
@@ -120,11 +122,17 @@
           <li class="none">
             <my:currentWWUrl action="proxiedRepositories" namespace="/admin">Proxied Repositories</my:currentWWUrl>
           </li>
+
           <%-- TODO: add back after synced repos are implemented
                     <li class="none">
                       <my:currentWWUrl action="syncedRepositories" namespace="/admin">Synced Repositories</my:currentWWUrl>
                     </li>
           --%>
+          <pss:ifAuthorized permission="edit-all-users">
+            <li class="none">
+              <my:currentWWUrl action="userManagement" namespace="/admin">User Management</my:currentWWUrl>
+            </li>
+          </pss:ifAuthorized>
         </ul>
       </li>
     </ul>

archiva-webapp/src/main/webapp/WEB-INF/jsp/findUser.jsp

@@ -15,43 +15,34 @@
   --%>
 
 <%@ taglib prefix="ww" uri="/webwork" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
 <html>
 <head>
-  <title>Login Page</title>
+  <title>User Management - Find a User</title>
-  <ww:head/>
+  <ww:head />
 </head>
 
 <body>
 
-<h1>Login</h1>
 
-<div id="contentArea">
+    <h1>User Management</h1>
-  <div id="nameColumn">
+
-    <ww:form action="login">
+    <div id="contentArea">
-      <table>
+      <div id="searchBox">
-        <tr>
+        <ww:form action="userDetails">
-          <td>Username:</td>
-          <td><ww:textfield name="username"/></td>
-        </tr>
-        <tr>
-          <td>Password:</td>
-          <td><ww:password name="password"/></td>
-        </tr>
-        <tr>
-          <td><ww:submit name="Login"/></td>
-          <td></td>
-        </tr>
-      </table>
-    </ww:form>
           <p>
-      <ww:url id="registerUrl" action="register" namespace="/"/>
+            <ww:textfield label="Find a user" name="user"/>
-
+            <ww:submit value="Search"/>
-      New user? - <ww:a href="%{registerUrl}">Register!</ww:a>
           </p>
+        </ww:form>
       </div>
-</div>
+    </div>
+
+
+
+    <div class="clear">
+      <hr/>
+    </div>
+
 
 </body>
 </html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/loginRegister.jsp

@@ -0,0 +1,134 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+
+<html>
+<head>
+  <title>Login Page</title>
+  <ww:head/>
+</head>
+
+<body>
+
+<div id="contentArea">
+  <div id="searchBox">
+    <div style="float: right">
+      <a href="#">Forgotten your Password?</a>
+
+    </div>
+
+    <h2>Login</h2>
+    <ww:form action="login">
+      <table class="bodyTable">
+        <tr class="a">
+          <th>
+            Username
+          </th>
+          <td>
+            <ww:textfield name="username" size="30"/>
+          </td>
+        </tr>
+        <tr class="b">
+          <th>
+            Password
+          </th>
+          <td>
+            <ww:password name="password" size="20"/>
+
+          </td>
+        </tr>
+        <tr class="a">
+          <td></td>
+          <td>
+            <ww:submit value="Login"/>
+          </td>
+        </tr>
+      </table>
+
+    </ww:form>
+    <h2>Request an Account</h2>
+    <ww:form action="register">
+      <table class="bodyTable">
+        <tr class="b">
+          <th>
+            Username
+          </th>
+          <td>
+            <ww:textfield name="username" size="30"/>
+          </td>
+        </tr>
+        <tr class="a">
+          <th>
+            Password
+          </th>
+          <td>
+            <ww:password name="password" size="20"/>
+
+          </td>
+        </tr>
+        <tr class="b">
+          <th>
+            Confirm Password
+          </th>
+          <td>
+            <ww:password name="confirmPassword" size="20"/>
+          </td>
+
+        </tr>
+        <tr class="a">
+          <th>
+            Full Name
+          </th>
+          <td>
+            <ww:textfield name="fullName" size="30"/>
+          </td>
+        </tr>
+
+        <tr class="b">
+          <th>
+            Email
+          </th>
+          <td>
+            <ww:textfield name="email" size="50 "/>
+            <br></br>
+                <span style="font-size: x-small">(Only administrators will be able to view this, and it will be used to
+                  send you information about your project)
+                </span>
+          </td>
+
+        </tr>
+        <tr class="a">
+          <td></td>
+          <td>
+            <ww:submit value="Register"/>
+          </td>
+        </tr>
+      </table>
+    </ww:form>
+
+  </div>
+</div>
+
+
+<div class="clear">
+  <hr/>
+</div>
+
+</body>
+
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/register.jsp

@@ -1,60 +0,0 @@
-<%--
-  ~ Copyright 2005-2006 The Apache Software Foundation.
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  --%>
-
-<%@ taglib prefix="ww" uri="/webwork" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-<html>
-<head>
-  <title>Registration Page</title>
-  <ww:head/>
-</head>
-
-<body>
-
-<h1>Registration</h1>
-
-<div id="contentArea">
-  <div id="nameColumn">
-    <ww:form action="register">
-      <table>
-        <tr>
-          <td>Username:</td>
-          <td><ww:textfield name="username"/></td>
-        </tr>
-        <tr>
-          <td>Password:</td>
-          <td><ww:password name="password"/></td>
-        </tr>
-        <tr>
-          <td>Full Name:</td>
-          <td><ww:textfield name="fullName"/></td>
-        </tr>
-        <tr>
-          <td>Email Address:</td>
-          <td><ww:textfield name="email"/></td>
-        </tr>
-        <tr>
-          <td><ww:submit name="Register"/></td>
-          <td></td>
-        </tr>
-      </table>
-    </ww:form>
-  </div>
-</div>
-
-</body>
-</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/user.jsp

@@ -0,0 +1,168 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+<%@ taglib prefix="pss" uri="plexusSecuritySystem" %>
+<html>
+<head>
+  <title>User Management - Find a User</title>
+  <ww:head />
+</head>
+
+<body>
+
+    <div id="contentArea">
+      <div id="searchBox">
+        <div style="float: right">
+          <pss:ifAnyAuthorized permissions="edit-all-users,edit-user" resource="${username}">
+            <ww:url id="userDetailsUrl" action="userDetails">
+              <ww:param name="username">${username}</ww:param>
+            </ww:url>
+            <ww:a href="%{userDetailsUrl}">Edit details</ww:a>
+          </pss:ifAnyAuthorized>
+        </div>
+
+        <h2>${user.fullName}</h2>
+
+        <table class="bodyTable">
+          <tr class="a">
+            <th>Username</th>
+
+            <td>${user.username}</td>
+          </tr>
+          <tr class="b">
+            <th>Email</th>
+            <td>${user.email}</td>
+          </tr>
+        </table>
+
+        <h2>My Roles</h2>
+
+        <table class="bodyTable">
+          <ww:iterator id="role" value="assignedRoles">
+            <ww:url id="removeAssignedRoleUrl" action="removeRoleFromUser">
+              <ww:param name="principal">${principal}</ww:param>
+              <ww:param name="roleName">${role.name}</ww:param>
+            </ww:url>
+            <tr class="a">
+             <td>
+               <em>${role.name}</em><br/>
+             </td>
+              <td>
+                <ww:a href="%{removeAssignedRoleUrl}">Delete</ww:a>
+              </td>
+            </tr>
+          </ww:iterator>
+        </table>
+
+        <h2>Grant Roles</h2>
+
+        <p>
+          <ww:iterator id="role" value="availableRoles">
+            <ww:url id="addRoleUrl" action="assignRoleToUser">
+              <ww:param name="principal">${sessionScope.user.principal}</ww:param>
+              <ww:param name="roleName">${role.name}</ww:param>
+            </ww:url>
+            <ww:a href="%{addRoleUrl}">${role.name}</ww:a><br/>
+          </ww:iterator>
+           </p>
+
+          <p>
+            This following screen needs have the various roles worked into it.
+          </p>
+
+          <table class="bodyTable">
+            <tr class="b">
+              <td>
+                <input type="radio" checked="checked"></input>
+
+              </td>
+              <td>Administrator</td>
+              <td>
+                <select>
+                  <option>(Please Select)</option>
+                  <option>System Administrator</option>
+                  <option>User Administrator</option>
+                </select>
+              </td>
+            </tr>
+            <tr class="a">
+              <td>
+                <input type="radio"></input>
+              </td>
+              <td>Repository</td>
+
+              <td>
+                <select>
+                  <option>(Please Select)</option>
+                  <option>manager</option>
+                  <option>obverser</option>
+                </select>
+                of
+                <ww:select name="resourceName" list="resources" listKey="identifier" listValue="identifier" headerKey="" headerValue="(Please Select)"/>
+              </td>
+            </tr>
+                 <%--  add in for project level security
+            <tr class="b">
+              <td>
+                <input type="radio"></input>
+              </td>
+              <td>Project</td>
+              <td>
+                <select>
+                  <option>(Please Select)</option>
+
+                  <option>manager</option>
+                  <option>obverser</option>
+                </select>
+                of
+                <select>
+                  <option>(Please Select)</option>
+                  <option>central</option>
+
+                  <option>central-plugins</option>
+                  <option>All repositories</option>
+                </select>
+                for project group
+                <input type="text" name="projectExpression"></input>
+                <br></br>
+                <span style="font-size: x-small">
+                  (eg org.apache.maven gives permissions on that group, and any sugroups)
+                </span>
+
+              </td>
+            </tr>
+            --%>
+            <tr class="a">
+              <td></td>
+              <td>
+                <input type="submit" value="Add Role"></input>
+              </td>
+              <td></td>
+            </tr>
+
+          </table>
+
+      </div>
+  </div>
+
+      <div class="clear">
+        <hr/>
+      </div>
+
+
+</body>
+</html>

archiva-webapp/src/main/webapp/WEB-INF/jsp/userDetails.jsp

@@ -0,0 +1,52 @@
+<%--
+  ~ Copyright 2005-2006 The Apache Software Foundation.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  --%>
+
+<%@ taglib prefix="ww" uri="/webwork" %>
+<html>
+<head>
+  <title>User Management - Find a User</title>
+  <ww:head />
+</head>
+
+<body>
+
+    <div id="contentArea">
+      <div id="searchBox">
+        <div style="float: right">
+
+        </div>
+
+        <h2>Modify User Details</h2>
+
+        <ww:form action="userDetails" method="post">
+          <ww:textfield label="Full Name" name="fullName"/>
+          <ww:textfield label="Email Address" name="email"/>
+
+          <ww:checkbox label="Account Locked" name="locked"/>
+
+          <ww:submit/>
+        </ww:form>
+      </div>
+    </div>
+
+
+
+      <div class="clear">
+        <hr/>
+      </div>
+
+</body>
+</html>