From: Olivier Lamy <olamy@apache.org>
Date: Thu, 6 Dec 2012 14:32:45 +0000 (+0000)
Subject: more natural place for this module
X-Git-Tag: redback-2.1~220
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=8dbb9a32ff3c7e225f85d4ff4e117edc778e99cb;p=archiva.git

more natural place for this module

git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1417913 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/redback-authentication/redback-authentication-providers/pom.xml b/redback-authentication/redback-authentication-providers/pom.xml
index 964d7cd3c..f395ec14e 100644
--- a/redback-authentication/redback-authentication-providers/pom.xml
+++ b/redback-authentication/redback-authentication-providers/pom.xml
@@ -31,5 +31,6 @@
     <module>redback-authentication-open</module>
     <module>redback-authentication-memory</module>    
     <module>redback-authentication-ldap</module>
+    <module>redback-authentication-users</module>
   </modules>
 </project>
diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-users/pom.xml b/redback-authentication/redback-authentication-providers/redback-authentication-users/pom.xml
new file mode 100644
index 000000000..b8a596432
--- /dev/null
+++ b/redback-authentication/redback-authentication-providers/redback-authentication-users/pom.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~  http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.archiva.redback</groupId>
+    <artifactId>redback-authentication-providers</artifactId>
+    <version>2.1-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>redback-authentication-users</artifactId>
+  <packaging>bundle</packaging>
+  <name>Redback :: Authentication Provider :: Users</name>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-authentication-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-policy</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-users-configurable</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-users-cached</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-context-support</artifactId>
+    </dependency>   
+    <dependency>
+      <groupId>javax.annotation</groupId>
+      <artifactId>jsr250-api</artifactId>
+    </dependency>     
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-users-memory</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-simple</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.felix</groupId>
+        <artifactId>maven-bundle-plugin</artifactId>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java
new file mode 100644
index 000000000..5614fa30d
--- /dev/null
+++ b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java
@@ -0,0 +1,195 @@
+package org.apache.archiva.redback.authentication.users;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.authentication.AuthenticationConstants;
+import org.apache.archiva.redback.authentication.AuthenticationDataSource;
+import org.apache.archiva.redback.authentication.AuthenticationException;
+import org.apache.archiva.redback.authentication.AuthenticationResult;
+import org.apache.archiva.redback.authentication.Authenticator;
+import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.apache.archiva.redback.policy.AccountLockedException;
+import org.apache.archiva.redback.policy.MustChangePasswordException;
+import org.apache.archiva.redback.policy.PasswordEncoder;
+import org.apache.archiva.redback.policy.PolicyViolationException;
+import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserNotFoundException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * {@link Authenticator} implementation that uses a wrapped {@link UserManager} to authenticate.
+ *
+ * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
+ */
+@Service ("authenticator#user-manager")
+public class UserManagerAuthenticator
+    implements Authenticator
+{
+    private Logger log = LoggerFactory.getLogger( getClass() );
+
+    @Inject
+    @Named (value = "userManager#configurable")
+    private UserManager userManager;
+
+    @Inject
+    private UserSecurityPolicy securityPolicy;
+
+    public String getId()
+    {
+        return "UserManagerAuthenticator";
+    }
+
+    /**
+     * @throws org.apache.archiva.redback.policy.AccountLockedException
+     *
+     * @throws MustChangePasswordException
+     * @throws MustChangePasswordException
+     * @throws PolicyViolationException
+     * @see org.apache.archiva.redback.authentication.Authenticator#authenticate(org.apache.archiva.redback.authentication.AuthenticationDataSource)
+     */
+    public AuthenticationResult authenticate( AuthenticationDataSource ds )
+        throws AuthenticationException, AccountLockedException, MustChangePasswordException
+    {
+        boolean authenticationSuccess = false;
+        String username = null;
+        Exception resultException = null;
+        PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
+        Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
+
+        try
+        {
+            log.debug( "Authenticate: {}", source );
+            User user = userManager.findUser( source.getPrincipal() );
+            username = user.getUsername();
+
+            if ( user.isLocked() )
+            {
+                throw new AccountLockedException( "Account " + source.getPrincipal() + " is locked.", user );
+            }
+
+            if ( user.isPasswordChangeRequired() && source.isEnforcePasswordChange() )
+            {
+                throw new MustChangePasswordException( "Password expired.", user );
+            }
+
+            PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
+            log.debug( "PasswordEncoder: {}", encoder.getClass().getName() );
+
+            boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() );
+            if ( isPasswordValid )
+            {
+                log.debug( "User {} provided a valid password", source.getPrincipal() );
+
+                try
+                {
+                    securityPolicy.extensionPasswordExpiration( user );
+                }
+                catch ( MustChangePasswordException e )
+                {
+                    user.setPasswordChangeRequired( true );
+                    throw e;
+                }
+
+                authenticationSuccess = true;
+
+                //REDBACK-151 do not make unnessesary updates to the user object
+                if ( user.getCountFailedLoginAttempts() > 0 )
+                {
+                    user.setCountFailedLoginAttempts( 0 );
+                    userManager.updateUser( user );
+                }
+
+                return new AuthenticationResult( true, source.getPrincipal(), null );
+            }
+            else
+            {
+                log.warn( "Password is Invalid for user {}.", source.getPrincipal() );
+                authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
+                                              "Password is Invalid for user " + source.getPrincipal() + "." );
+
+                try
+                {
+                    securityPolicy.extensionExcessiveLoginAttempts( user );
+                }
+                finally
+                {
+                    userManager.updateUser( user );
+                }
+
+                return new AuthenticationResult( false, source.getPrincipal(), null, authnResultExceptionsMap );
+            }
+        }
+        catch ( UserNotFoundException e )
+        {
+            log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
+            resultException = e;
+            authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
+                                          "Login for user " + source.getPrincipal() + " failed. user not found." );
+        }
+
+        return new AuthenticationResult( authenticationSuccess, username, resultException, authnResultExceptionsMap );
+    }
+
+    /**
+     * Returns the wrapped {@link UserManager} used by this {@link org.apache.archiva.redback.authentication.Authenticator}
+     * implementation for authentication.
+     *
+     * @return the userManager
+     */
+    public UserManager getUserManager()
+    {
+        return userManager;
+    }
+
+    /**
+     * Sets a {@link UserManager} to be used by this {@link Authenticator}
+     * implementation for authentication.
+     *
+     * @param userManager the userManager to set
+     */
+    public void setUserManager( UserManager userManager )
+    {
+        this.userManager = userManager;
+    }
+
+    public boolean supportsDataSource( AuthenticationDataSource source )
+    {
+        return ( source instanceof PasswordBasedAuthenticationDataSource );
+    }
+
+    public UserSecurityPolicy getSecurityPolicy()
+    {
+        return securityPolicy;
+    }
+
+    public void setSecurityPolicy( UserSecurityPolicy securityPolicy )
+    {
+        this.securityPolicy = securityPolicy;
+    }
+}
diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/resources/META-INF/spring-context.xml b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/resources/META-INF/spring-context.xml
new file mode 100644
index 000000000..770a37f7a
--- /dev/null
+++ b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/main/resources/META-INF/spring-context.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+           http://www.springframework.org/schema/context 
+           http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+       default-lazy-init="true">
+
+  <context:annotation-config />
+  <context:component-scan 
+    base-package="org.apache.archiva.redback.authentication.users"/>
+ 
+</beans>
\ No newline at end of file
diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/test/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticatorTest.java b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/test/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticatorTest.java
new file mode 100644
index 000000000..ea80a8940
--- /dev/null
+++ b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/test/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticatorTest.java
@@ -0,0 +1,214 @@
+package org.apache.archiva.redback.authentication.users;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import junit.framework.TestCase;
+import org.apache.archiva.redback.authentication.Authenticator;
+import org.apache.archiva.redback.policy.MustChangePasswordException;
+import org.apache.archiva.redback.users.User;
+import org.apache.archiva.redback.users.UserManager;
+import org.apache.archiva.redback.users.UserNotFoundException;
+import org.apache.archiva.redback.authentication.AuthenticationException;
+import org.apache.archiva.redback.authentication.AuthenticationResult;
+import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
+import org.apache.archiva.redback.policy.AccountLockedException;
+import org.apache.archiva.redback.policy.UserSecurityPolicy;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.Calendar;
+import java.util.Date;
+
+/**
+ * Tests for {@link org.apache.archiva.redback.authentication.users.UserManagerAuthenticator} implementation.
+ *
+ * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
+ */
+@RunWith( SpringJUnit4ClassRunner.class )
+@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
+public class UserManagerAuthenticatorTest
+    extends TestCase
+{
+    @Inject
+    private UserSecurityPolicy userSecurityPolicy;
+
+    @Inject
+    @Named(value = "authenticator#user-manager")
+    Authenticator component;
+
+    @Inject
+    @Named(value = "userManager#memory")
+    UserManager um;
+
+    @Before
+    public void setUp()
+        throws Exception
+    {
+        super.setUp();
+        userSecurityPolicy.setEnabled( false );
+    }
+
+    @Test
+    public void testLookup()
+        throws Exception
+    {
+        assertNotNull( component );
+        assertEquals( UserManagerAuthenticator.class.getName(), component.getClass().getName() );
+    }
+
+    @Test
+    public void testAuthenticate()
+        throws Exception
+    {
+        // Set up a few users for the Authenticator
+
+        User user = um.createUser( "test", "Test User", "testuser@somedomain.com" );
+        user.setPassword( "testpass" );
+        um.addUser( user );
+
+        user = um.createUser( "guest", "Guest User", "testuser@somedomain.com" );
+        user.setPassword( "guestpass" );
+        um.addUser( user );
+
+        user = um.createUser( "anonymous", "Anonymous User", "testuser@somedomain.com" );
+        user.setPassword( "nopass" );
+        um.addUser( user );
+
+        // test with valid credentials
+        Authenticator auth = component;
+        assertNotNull( auth );
+
+        AuthenticationResult result = auth.authenticate( createAuthDataSource( "anonymous", "nopass" ) );
+        assertTrue( result.isAuthenticated() );
+
+        // test with invalid password
+        result = auth.authenticate( createAuthDataSource( "anonymous", "wrongpass" ) );
+        assertFalse( result.isAuthenticated() );
+        assertNull( result.getException() );
+
+        // test with unknown user
+        result = auth.authenticate( createAuthDataSource( "unknownuser", "wrongpass" ) );
+        assertFalse( result.isAuthenticated() );
+        assertNotNull( result.getException() );
+        assertEquals( result.getException().getClass().getName(), UserNotFoundException.class.getName() );
+    }
+
+    @Test
+    public void testAuthenticateLockedPassword()
+        throws AuthenticationException, MustChangePasswordException, UserNotFoundException
+    {
+        userSecurityPolicy.setEnabled( true );
+
+        // Set up a user for the Authenticator
+        User user = um.createUser( "testuser", "Test User Locked Password", "testuser@somedomain.com" );
+        user.setPassword( "correctpass1" );
+        user.setValidated( true );
+        user.setPasswordChangeRequired( false );
+        um.addUser( user );
+
+        Authenticator auth = component;
+        assertNotNull( auth );
+
+        boolean hasException = false;
+        AuthenticationResult result = null;
+
+        try
+        {
+            // test password lock
+            for ( int i = 0; i < 11; i++ )
+            {
+                result = auth.authenticate( createAuthDataSource( "testuser", "wrongpass" ) );
+            }
+        }
+        catch ( AccountLockedException e )
+        {
+            hasException = true;
+        }
+        finally
+        {
+            assertNotNull( result );
+            assertFalse( result.isAuthenticated() );
+            assertTrue( hasException );
+        }
+    }
+
+    @Test
+    public void testAuthenticateExpiredPassword()
+        throws AuthenticationException, AccountLockedException, UserNotFoundException
+    {
+        userSecurityPolicy.setEnabled( true );
+        userSecurityPolicy.setPasswordExpirationDays( 15 );
+
+        // Set up a user for the Authenticator
+        User user = um.createUser( "testuser", "Test User Expired Password", "testuser@somedomain.com" );
+        user.setPassword( "expiredpass1" );
+        user.setValidated( true );
+        user.setPasswordChangeRequired( false );
+        um.addUser( user );
+
+        Authenticator auth = component;
+        assertNotNull( auth );
+
+        boolean hasException = false;
+
+        try
+        {
+            // test successful authentication
+            AuthenticationResult result = auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
+            assertTrue( result.isAuthenticated() );
+
+            // test expired password
+            user = um.findUser( "testuser" );
+
+            Calendar currentDate = Calendar.getInstance();
+            currentDate.set( Calendar.YEAR, currentDate.get( Calendar.YEAR ) - 1 );
+            Date lastPasswordChange = currentDate.getTime();
+            user.setLastPasswordChange( lastPasswordChange );
+
+            um.updateUser( user );
+
+            auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
+        }
+        catch ( MustChangePasswordException e )
+        {
+            hasException = true;
+        }
+        finally
+        {
+            assertTrue( hasException );
+        }
+    }
+
+    private PasswordBasedAuthenticationDataSource createAuthDataSource( String username, String password )
+    {
+        PasswordBasedAuthenticationDataSource source = new PasswordBasedAuthenticationDataSource();
+
+        source.setPrincipal( username );
+        source.setPassword( password );
+
+        return source;
+
+    }
+}
diff --git a/redback-authentication/redback-authentication-providers/redback-authentication-users/src/test/resources/spring-context.xml b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/test/resources/spring-context.xml
new file mode 100644
index 000000000..33625b862
--- /dev/null
+++ b/redback-authentication/redback-authentication-providers/redback-authentication-users/src/test/resources/spring-context.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
+       default-lazy-init="true">
+
+  <bean name="authenticator#user-manager" class="org.apache.archiva.redback.authentication.users.UserManagerAuthenticator">
+    <property name="userManager" ref="userManager#memory"/>
+    <property name="securityPolicy" ref="userSecurityPolicy"/>
+  </bean>
+
+  <alias name="userManager#memory" alias="userManager#jdo"/>
+
+  <alias name="userConfiguration#redback" alias="userConfiguration#default"/>
+
+</beans>
\ No newline at end of file
diff --git a/redback-users/pom.xml b/redback-users/pom.xml
index c4b112738..894d555d8 100644
--- a/redback-users/pom.xml
+++ b/redback-users/pom.xml
@@ -31,6 +31,5 @@
     <module>redback-users-api</module>
     <module>redback-users-providers</module>
     <module>redback-users-tests</module>
-    <module>redback-authentication-users</module>
   </modules>
 </project>
diff --git a/redback-users/redback-authentication-users/pom.xml b/redback-users/redback-authentication-users/pom.xml
deleted file mode 100644
index be4864040..000000000
--- a/redback-users/redback-authentication-users/pom.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one
-  ~ or more contributor license agreements.  See the NOTICE file
-  ~ distributed with this work for additional information
-  ~ regarding copyright ownership.  The ASF licenses this file
-  ~ to you under the Apache License, Version 2.0 (the
-  ~ "License"); you may not use this file except in compliance
-  ~ with the License.  You may obtain a copy of the License at
-  ~
-  ~  http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing,
-  ~ software distributed under the License is distributed on an
-  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  ~ KIND, either express or implied.  See the License for the
-  ~ specific language governing permissions and limitations
-  ~ under the License.
-  -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
-  <modelVersion>4.0.0</modelVersion>
-
-  <parent>
-    <groupId>org.apache.archiva.redback</groupId>
-    <artifactId>redback-authentication-providers</artifactId>
-    <version>2.1-SNAPSHOT</version>
-    <relativePath>../../redback-authentication/redback-authentication-providers/pom.xml</relativePath>
-  </parent>
-
-  <artifactId>redback-authentication-users</artifactId>
-  <packaging>bundle</packaging>
-  <name>Redback :: Authentication Provider :: Users</name>
-
-  <dependencies>
-    <dependency>
-      <groupId>org.apache.archiva.redback</groupId>
-      <artifactId>redback-authentication-api</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.archiva.redback</groupId>
-      <artifactId>redback-policy</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.archiva.redback</groupId>
-      <artifactId>redback-users-configurable</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.archiva.redback</groupId>
-      <artifactId>redback-users-cached</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context-support</artifactId>
-    </dependency>   
-    <dependency>
-      <groupId>javax.annotation</groupId>
-      <artifactId>jsr250-api</artifactId>
-    </dependency>     
-    <dependency>
-      <groupId>org.apache.archiva.redback</groupId>
-      <artifactId>redback-users-memory</artifactId>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-simple</artifactId>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.felix</groupId>
-        <artifactId>maven-bundle-plugin</artifactId>
-      </plugin>
-    </plugins>
-  </build>
-
-</project>
diff --git a/redback-users/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java b/redback-users/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java
deleted file mode 100644
index 5614fa30d..000000000
--- a/redback-users/redback-authentication-users/src/main/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticator.java
+++ /dev/null
@@ -1,195 +0,0 @@
-package org.apache.archiva.redback.authentication.users;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import org.apache.archiva.redback.authentication.AuthenticationConstants;
-import org.apache.archiva.redback.authentication.AuthenticationDataSource;
-import org.apache.archiva.redback.authentication.AuthenticationException;
-import org.apache.archiva.redback.authentication.AuthenticationResult;
-import org.apache.archiva.redback.authentication.Authenticator;
-import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
-import org.apache.archiva.redback.policy.AccountLockedException;
-import org.apache.archiva.redback.policy.MustChangePasswordException;
-import org.apache.archiva.redback.policy.PasswordEncoder;
-import org.apache.archiva.redback.policy.PolicyViolationException;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.apache.archiva.redback.users.UserNotFoundException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * {@link Authenticator} implementation that uses a wrapped {@link UserManager} to authenticate.
- *
- * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
- */
-@Service ("authenticator#user-manager")
-public class UserManagerAuthenticator
-    implements Authenticator
-{
-    private Logger log = LoggerFactory.getLogger( getClass() );
-
-    @Inject
-    @Named (value = "userManager#configurable")
-    private UserManager userManager;
-
-    @Inject
-    private UserSecurityPolicy securityPolicy;
-
-    public String getId()
-    {
-        return "UserManagerAuthenticator";
-    }
-
-    /**
-     * @throws org.apache.archiva.redback.policy.AccountLockedException
-     *
-     * @throws MustChangePasswordException
-     * @throws MustChangePasswordException
-     * @throws PolicyViolationException
-     * @see org.apache.archiva.redback.authentication.Authenticator#authenticate(org.apache.archiva.redback.authentication.AuthenticationDataSource)
-     */
-    public AuthenticationResult authenticate( AuthenticationDataSource ds )
-        throws AuthenticationException, AccountLockedException, MustChangePasswordException
-    {
-        boolean authenticationSuccess = false;
-        String username = null;
-        Exception resultException = null;
-        PasswordBasedAuthenticationDataSource source = (PasswordBasedAuthenticationDataSource) ds;
-        Map<String, String> authnResultExceptionsMap = new HashMap<String, String>();
-
-        try
-        {
-            log.debug( "Authenticate: {}", source );
-            User user = userManager.findUser( source.getPrincipal() );
-            username = user.getUsername();
-
-            if ( user.isLocked() )
-            {
-                throw new AccountLockedException( "Account " + source.getPrincipal() + " is locked.", user );
-            }
-
-            if ( user.isPasswordChangeRequired() && source.isEnforcePasswordChange() )
-            {
-                throw new MustChangePasswordException( "Password expired.", user );
-            }
-
-            PasswordEncoder encoder = securityPolicy.getPasswordEncoder();
-            log.debug( "PasswordEncoder: {}", encoder.getClass().getName() );
-
-            boolean isPasswordValid = encoder.isPasswordValid( user.getEncodedPassword(), source.getPassword() );
-            if ( isPasswordValid )
-            {
-                log.debug( "User {} provided a valid password", source.getPrincipal() );
-
-                try
-                {
-                    securityPolicy.extensionPasswordExpiration( user );
-                }
-                catch ( MustChangePasswordException e )
-                {
-                    user.setPasswordChangeRequired( true );
-                    throw e;
-                }
-
-                authenticationSuccess = true;
-
-                //REDBACK-151 do not make unnessesary updates to the user object
-                if ( user.getCountFailedLoginAttempts() > 0 )
-                {
-                    user.setCountFailedLoginAttempts( 0 );
-                    userManager.updateUser( user );
-                }
-
-                return new AuthenticationResult( true, source.getPrincipal(), null );
-            }
-            else
-            {
-                log.warn( "Password is Invalid for user {}.", source.getPrincipal() );
-                authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
-                                              "Password is Invalid for user " + source.getPrincipal() + "." );
-
-                try
-                {
-                    securityPolicy.extensionExcessiveLoginAttempts( user );
-                }
-                finally
-                {
-                    userManager.updateUser( user );
-                }
-
-                return new AuthenticationResult( false, source.getPrincipal(), null, authnResultExceptionsMap );
-            }
-        }
-        catch ( UserNotFoundException e )
-        {
-            log.warn( "Login for user {} failed. user not found.", source.getPrincipal() );
-            resultException = e;
-            authnResultExceptionsMap.put( AuthenticationConstants.AUTHN_NO_SUCH_USER,
-                                          "Login for user " + source.getPrincipal() + " failed. user not found." );
-        }
-
-        return new AuthenticationResult( authenticationSuccess, username, resultException, authnResultExceptionsMap );
-    }
-
-    /**
-     * Returns the wrapped {@link UserManager} used by this {@link org.apache.archiva.redback.authentication.Authenticator}
-     * implementation for authentication.
-     *
-     * @return the userManager
-     */
-    public UserManager getUserManager()
-    {
-        return userManager;
-    }
-
-    /**
-     * Sets a {@link UserManager} to be used by this {@link Authenticator}
-     * implementation for authentication.
-     *
-     * @param userManager the userManager to set
-     */
-    public void setUserManager( UserManager userManager )
-    {
-        this.userManager = userManager;
-    }
-
-    public boolean supportsDataSource( AuthenticationDataSource source )
-    {
-        return ( source instanceof PasswordBasedAuthenticationDataSource );
-    }
-
-    public UserSecurityPolicy getSecurityPolicy()
-    {
-        return securityPolicy;
-    }
-
-    public void setSecurityPolicy( UserSecurityPolicy securityPolicy )
-    {
-        this.securityPolicy = securityPolicy;
-    }
-}
diff --git a/redback-users/redback-authentication-users/src/main/resources/META-INF/spring-context.xml b/redback-users/redback-authentication-users/src/main/resources/META-INF/spring-context.xml
deleted file mode 100644
index 770a37f7a..000000000
--- a/redback-users/redback-authentication-users/src/main/resources/META-INF/spring-context.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0"?>
-
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one
-  ~ or more contributor license agreements.  See the NOTICE file
-  ~ distributed with this work for additional information
-  ~ regarding copyright ownership.  The ASF licenses this file
-  ~ to you under the Apache License, Version 2.0 (the
-  ~ "License"); you may not use this file except in compliance
-  ~ with the License.  You may obtain a copy of the License at
-  ~
-  ~   http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing,
-  ~ software distributed under the License is distributed on an
-  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  ~ KIND, either express or implied.  See the License for the
-  ~ specific language governing permissions and limitations
-  ~ under the License.
-  -->
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:context="http://www.springframework.org/schema/context"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
-           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-           http://www.springframework.org/schema/context 
-           http://www.springframework.org/schema/context/spring-context-3.0.xsd"
-       default-lazy-init="true">
-
-  <context:annotation-config />
-  <context:component-scan 
-    base-package="org.apache.archiva.redback.authentication.users"/>
- 
-</beans>
\ No newline at end of file
diff --git a/redback-users/redback-authentication-users/src/test/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticatorTest.java b/redback-users/redback-authentication-users/src/test/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticatorTest.java
deleted file mode 100644
index ea80a8940..000000000
--- a/redback-users/redback-authentication-users/src/test/java/org/apache/archiva/redback/authentication/users/UserManagerAuthenticatorTest.java
+++ /dev/null
@@ -1,214 +0,0 @@
-package org.apache.archiva.redback.authentication.users;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import junit.framework.TestCase;
-import org.apache.archiva.redback.authentication.Authenticator;
-import org.apache.archiva.redback.policy.MustChangePasswordException;
-import org.apache.archiva.redback.users.User;
-import org.apache.archiva.redback.users.UserManager;
-import org.apache.archiva.redback.users.UserNotFoundException;
-import org.apache.archiva.redback.authentication.AuthenticationException;
-import org.apache.archiva.redback.authentication.AuthenticationResult;
-import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
-import org.apache.archiva.redback.policy.AccountLockedException;
-import org.apache.archiva.redback.policy.UserSecurityPolicy;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import javax.inject.Inject;
-import javax.inject.Named;
-import java.util.Calendar;
-import java.util.Date;
-
-/**
- * Tests for {@link org.apache.archiva.redback.authentication.users.UserManagerAuthenticator} implementation.
- *
- * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
- */
-@RunWith( SpringJUnit4ClassRunner.class )
-@ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
-public class UserManagerAuthenticatorTest
-    extends TestCase
-{
-    @Inject
-    private UserSecurityPolicy userSecurityPolicy;
-
-    @Inject
-    @Named(value = "authenticator#user-manager")
-    Authenticator component;
-
-    @Inject
-    @Named(value = "userManager#memory")
-    UserManager um;
-
-    @Before
-    public void setUp()
-        throws Exception
-    {
-        super.setUp();
-        userSecurityPolicy.setEnabled( false );
-    }
-
-    @Test
-    public void testLookup()
-        throws Exception
-    {
-        assertNotNull( component );
-        assertEquals( UserManagerAuthenticator.class.getName(), component.getClass().getName() );
-    }
-
-    @Test
-    public void testAuthenticate()
-        throws Exception
-    {
-        // Set up a few users for the Authenticator
-
-        User user = um.createUser( "test", "Test User", "testuser@somedomain.com" );
-        user.setPassword( "testpass" );
-        um.addUser( user );
-
-        user = um.createUser( "guest", "Guest User", "testuser@somedomain.com" );
-        user.setPassword( "guestpass" );
-        um.addUser( user );
-
-        user = um.createUser( "anonymous", "Anonymous User", "testuser@somedomain.com" );
-        user.setPassword( "nopass" );
-        um.addUser( user );
-
-        // test with valid credentials
-        Authenticator auth = component;
-        assertNotNull( auth );
-
-        AuthenticationResult result = auth.authenticate( createAuthDataSource( "anonymous", "nopass" ) );
-        assertTrue( result.isAuthenticated() );
-
-        // test with invalid password
-        result = auth.authenticate( createAuthDataSource( "anonymous", "wrongpass" ) );
-        assertFalse( result.isAuthenticated() );
-        assertNull( result.getException() );
-
-        // test with unknown user
-        result = auth.authenticate( createAuthDataSource( "unknownuser", "wrongpass" ) );
-        assertFalse( result.isAuthenticated() );
-        assertNotNull( result.getException() );
-        assertEquals( result.getException().getClass().getName(), UserNotFoundException.class.getName() );
-    }
-
-    @Test
-    public void testAuthenticateLockedPassword()
-        throws AuthenticationException, MustChangePasswordException, UserNotFoundException
-    {
-        userSecurityPolicy.setEnabled( true );
-
-        // Set up a user for the Authenticator
-        User user = um.createUser( "testuser", "Test User Locked Password", "testuser@somedomain.com" );
-        user.setPassword( "correctpass1" );
-        user.setValidated( true );
-        user.setPasswordChangeRequired( false );
-        um.addUser( user );
-
-        Authenticator auth = component;
-        assertNotNull( auth );
-
-        boolean hasException = false;
-        AuthenticationResult result = null;
-
-        try
-        {
-            // test password lock
-            for ( int i = 0; i < 11; i++ )
-            {
-                result = auth.authenticate( createAuthDataSource( "testuser", "wrongpass" ) );
-            }
-        }
-        catch ( AccountLockedException e )
-        {
-            hasException = true;
-        }
-        finally
-        {
-            assertNotNull( result );
-            assertFalse( result.isAuthenticated() );
-            assertTrue( hasException );
-        }
-    }
-
-    @Test
-    public void testAuthenticateExpiredPassword()
-        throws AuthenticationException, AccountLockedException, UserNotFoundException
-    {
-        userSecurityPolicy.setEnabled( true );
-        userSecurityPolicy.setPasswordExpirationDays( 15 );
-
-        // Set up a user for the Authenticator
-        User user = um.createUser( "testuser", "Test User Expired Password", "testuser@somedomain.com" );
-        user.setPassword( "expiredpass1" );
-        user.setValidated( true );
-        user.setPasswordChangeRequired( false );
-        um.addUser( user );
-
-        Authenticator auth = component;
-        assertNotNull( auth );
-
-        boolean hasException = false;
-
-        try
-        {
-            // test successful authentication
-            AuthenticationResult result = auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
-            assertTrue( result.isAuthenticated() );
-
-            // test expired password
-            user = um.findUser( "testuser" );
-
-            Calendar currentDate = Calendar.getInstance();
-            currentDate.set( Calendar.YEAR, currentDate.get( Calendar.YEAR ) - 1 );
-            Date lastPasswordChange = currentDate.getTime();
-            user.setLastPasswordChange( lastPasswordChange );
-
-            um.updateUser( user );
-
-            auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
-        }
-        catch ( MustChangePasswordException e )
-        {
-            hasException = true;
-        }
-        finally
-        {
-            assertTrue( hasException );
-        }
-    }
-
-    private PasswordBasedAuthenticationDataSource createAuthDataSource( String username, String password )
-    {
-        PasswordBasedAuthenticationDataSource source = new PasswordBasedAuthenticationDataSource();
-
-        source.setPrincipal( username );
-        source.setPassword( password );
-
-        return source;
-
-    }
-}
diff --git a/redback-users/redback-authentication-users/src/test/resources/spring-context.xml b/redback-users/redback-authentication-users/src/test/resources/spring-context.xml
deleted file mode 100644
index 33625b862..000000000
--- a/redback-users/redback-authentication-users/src/test/resources/spring-context.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<?xml version="1.0"?>
-
-<!--
-  ~ Licensed to the Apache Software Foundation (ASF) under one
-  ~ or more contributor license agreements.  See the NOTICE file
-  ~ distributed with this work for additional information
-  ~ regarding copyright ownership.  The ASF licenses this file
-  ~ to you under the Apache License, Version 2.0 (the
-  ~ "License"); you may not use this file except in compliance
-  ~ with the License.  You may obtain a copy of the License at
-  ~
-  ~   http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing,
-  ~ software distributed under the License is distributed on an
-  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  ~ KIND, either express or implied.  See the License for the
-  ~ specific language governing permissions and limitations
-  ~ under the License.
-  -->
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
-           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"
-       default-lazy-init="true">
-
-  <bean name="authenticator#user-manager" class="org.apache.archiva.redback.authentication.users.UserManagerAuthenticator">
-    <property name="userManager" ref="userManager#memory"/>
-    <property name="securityPolicy" ref="userSecurityPolicy"/>
-  </bean>
-
-  <alias name="userManager#memory" alias="userManager#jdo"/>
-
-  <alias name="userConfiguration#redback" alias="userConfiguration#default"/>
-
-</beans>
\ No newline at end of file