add role profiles

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@450822 13f79535-47bb-0310-9956-ffa450edef68
author: Brett Porter <brett@apache.org> 2006-09-28 12:06:45 +0000
committer: Brett Porter <brett@apache.org> 2006-09-28 12:06:45 +0000
commit: 46926538b885383dd37db1649c5836da4348240b (patch)
tree: 2dd88f15987641734e1bcdfbefa0411b76d6eb3d
parent: 1e99374aee61d603ad8211ae9cbc5dbd97ac697b (diff)
download: archiva-46926538b885383dd37db1649c5836da4348240b.tar.gz
archiva-46926538b885383dd37db1649c5836da4348240b.zip
20 files changed, 253 insertions, 540 deletions
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
index adef01f19..17e085878 100644
--- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaRoleConstants.java
@@ -18,14 +18,42 @@ package org.apache.maven.archiva.security;
 
 public class ArchivaRoleConstants
 {
+    public static final String DELIMITER = " - ";
+
     // globalish roles
     public static final String SYSTEM_ADMINISTRATOR_ROLE = "System Administrator";
+
     public static final String USER_ADMINISTRATOR_ROLE = "User Administrator";
+
     public static final String REGISTERED_USER_ROLE = "Registered User";
+
     public static final String GUEST_ROLE = "Guest";
 
+    // dynamic role prefixes
+    public static final String REPOSITORY_MANAGER_ROLE_PREFIX = "Repository Manager";
+
+    public static final String REPOSITORY_OBSERVER_ROLE_PREFIX = "Repository Observer";
+
     // operations
     public static final String OPERATION_MANAGE_USERS = "archiva-manage-users";
+
     public static final String OPERATION_MANAGE_CONFIGURATION = "archiva-manage-configuration";
+
     public static final String OPERATION_ACTIVE_GUEST = "archiva-guest";
+
+    public static final String OPERATION_RUN_INDEXER = "archiva-run-indexer";
+
+    public static final String OPERATION_REGENERATE_INDEX = "archiva-regenerate-index";
+
+    public static final String OPERATION_ACCESS_REPORT = "archiva-access-reports";
+
+    public static final String OPERATION_ADD_REPOSITORY = "archiva-add-repository";
+
+    public static final String OPERATION_REPOSITORY_ACCESS = "archiva-read-repository";
+
+    public static final String OPERATION_DELETE_REPOSITORY = "archiva-delete-repository";
+
+    public static final String OPERATION_EDIT_REPOSITORY = "archiva-edit-repository";
+
+    public static final String OPERATION_REPOSITORY_UPLOAD = "archiva-upload-repository";
 }
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
index 81d354176..facb4dfad 100644
--- a/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/ArchivaSystemAdministratorRoleProfile.java
@@ -39,6 +39,12 @@ public class ArchivaSystemAdministratorRoleProfile
         List operations = new ArrayList();
         operations.add( ArchivaRoleConstants.OPERATION_MANAGE_CONFIGURATION );
         operations.add( ArchivaRoleConstants.OPERATION_MANAGE_USERS );
+        operations.add( ArchivaRoleConstants.OPERATION_RUN_INDEXER );
+        operations.add( ArchivaRoleConstants.OPERATION_REGENERATE_INDEX );
+        operations.add( ArchivaRoleConstants.OPERATION_ACCESS_REPORT ); // TODO: does this need to be templated?
+        operations.add( ArchivaRoleConstants.OPERATION_ADD_REPOSITORY );
+        operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+        operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
         return operations;
     }
 
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java
new file mode 100644
index 000000000..564f4a0b7
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryManagerDynamicRoleProfile.java
@@ -0,0 +1,61 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-manager"
+ */
+public class RepsitoryManagerDynamicRoleProfile
+    extends AbstractDynamicRoleProfile
+{
+    public String getRoleName( String string )
+    {
+        return ArchivaRoleConstants.REPOSITORY_MANAGER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+
+        // I'm not sure these are appropriate roles.
+        operations.add( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY );
+        operations.add( ArchivaRoleConstants.OPERATION_DELETE_REPOSITORY );
+
+        operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+        operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD );
+        return operations;
+    }
+
+    public List getDynamicChildRoles( String string )
+    {
+        return Collections.singletonList(
+            ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string );
+    }
+
+    public boolean isAssignable()
+    {
+        return true;
+    }
+}
+
diff --git a/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java
new file mode 100644
index 000000000..9b0338bf5
--- /dev/null
+++ b/archiva-security/src/main/java/org/apache/maven/archiva/security/RepsitoryObserverDynamicRoleProfile.java
@@ -0,0 +1,47 @@
+package org.apache.maven.archiva.security;
+
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.codehaus.plexus.rbac.profile.AbstractDynamicRoleProfile;
+
+import java.util.List;
+import java.util.ArrayList;
+
+/**
+ * @plexus.component role="org.codehaus.plexus.rbac.profile.DynamicRoleProfile"
+ * role-hint="archiva-repository-observer"
+ */
+public class RepsitoryObserverDynamicRoleProfile
+    extends AbstractDynamicRoleProfile
+{
+    public String getRoleName( String string )
+    {
+        return ArchivaRoleConstants.REPOSITORY_OBSERVER_ROLE_PREFIX + ArchivaRoleConstants.DELIMITER + string;
+    }
+
+    public List getOperations()
+    {
+        List operations = new ArrayList();
+        operations.add( ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS );
+        return operations;
+    }
+
+    public boolean isAssignable()
+    {
+        return true;
+    }
+}
diff --git a/archiva-security/src/main/resources/META-INF/plexus/components.xml b/archiva-security/src/main/resources/META-INF/plexus/components.xml
index 9fc5dbf18..8accc36fe 100644
--- a/archiva-security/src/main/resources/META-INF/plexus/components.xml
+++ b/archiva-security/src/main/resources/META-INF/plexus/components.xml
@@ -63,5 +63,25 @@
         </requirement>
       </requirements>
     </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+      <role-hint>archiva-repository-manager</role-hint>
+      <implementation>org.apache.maven.archiva.security.RepositoryManagerDynamicRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+      </requirements>
+    </component>
+    <component>
+      <role>org.codehaus.plexus.rbac.profile.DynamicRoleProfile</role>
+      <role-hint>archiva-repository-observer</role-hint>
+      <implementation>org.apache.maven.archiva.security.RepositoryObserverDynamicRoleProfile</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.security.rbac.RBACManager</role>
+        </requirement>
+      </requirements>
+    </component>
   </components>
 </component-set>
diff --git a/archiva-webapp/pom.xml b/archiva-webapp/pom.xml
index 8018e19ce..7506bf0f9 100644
--- a/archiva-webapp/pom.xml
+++ b/archiva-webapp/pom.xml
@@ -198,16 +198,21 @@
       </exclusions>
     </dependency>
     <dependency>
-        <groupId>org.codehaus.plexus.security</groupId>
-        <artifactId>plexus-security-keys-jdo</artifactId>
-        <version>1.0-SNAPSHOT</version>
-      </dependency>
+      <groupId>org.codehaus.plexus.security</groupId>
+      <artifactId>plexus-security-keys-jdo</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
     <dependency>
       <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-utils</artifactId>
       <version>1.2</version>
     </dependency>    
     <dependency>
+      <groupId>org.codehaus.plexus</groupId>
+      <artifactId>plexus-mail-sender-javamail</artifactId>
+      <version>1.0-alpha-3</version>
+    </dependency>    
+    <dependency>
       <groupId>org.apache.derby</groupId>
       <artifactId>derby</artifactId>
       <version>10.1.3.1</version>
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java
deleted file mode 100644
index b1154fb86..000000000
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/ArchivaSecurityDefaults.java
+++ /dev/null
@@ -1,97 +0,0 @@
-package org.apache.maven.archiva.web;
-
-/*
- * Copyright 2001-2006 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-
-/**
- * ArchivaSecurityDefaults
- *
- * NOTE: this is targeted for removal with the forth coming rbac role templating 
- *
- * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
- * @version $Id$
- */
-public interface ArchivaSecurityDefaults
-{
-    public static final String ROLE = ArchivaSecurityDefaults.class.getName();
-
-    public static final String GUEST_USERNAME = "guest";
-
-    public static final String INDEX_REGENERATE_OPERATION = "regenerate-index";
-
-    public static final String INDEX_REGENERATE_PERMISSION = "Regenerate Index";
-
-    public static final String INDEX_RUN_OPERATION = "run-indexer";
-
-    public static final String INDEX_RUN_PERMISSION = "Run Indexer";
-
-    public static final String REPORTS_ACCESS_OPERATION = "access-reports";
-
-    public static final String REPORTS_ACCESS_PERMISSION = "Access Reports";
-
-    public static final String REPORTS_GENERATE_OPERATION = "generate-reports";
-
-    public static final String REPORTS_GENERATE_PERMISSION = "Generate Reports";
-
-    public static final String REPOSITORY_ACCESS = "Access Repository";
-
-    public static final String REPOSITORY_ACCESS_OPERATION = "read-repository";
-
-    public static final String REPOSITORY_ADD_OPERATION = "add-repository";
-
-    public static final String REPOSITORY_ADD_PERMISSION = "Add Repository";
-
-    public static final String REPOSITORY_DELETE = "Delete Repository";
-    
-    public static final String REPOSITORY_DELETE_OPERATION = "delete-repository";
-
-    public static final String REPOSITORY_EDIT = "Edit Repository";
-    
-    public static final String REPOSITORY_EDIT_OPERATION = "edit-repository";
-    
-    public static final String REPOSITORY_MANAGER = "Repository Manager";
-    
-    public static final String REPOSITORY_OBSERVER = "Repository Observer";
-
-    public static final String REPOSITORY_UPLOAD = "Repository Upload";
-
-    public static final String REPOSITORY_UPLOAD_OPERATION = "upload-repository";
-
-    public static final String ROLES_GRANT_OPERATION = "grant-roles";
-
-    public static final String ROLES_GRANT_PERMISSION = "Grant Roles";
-
-    public static final String ROLES_REMOVE_OPERATION = "remove-roles";
-
-    public static final String ROLES_REMOVE_PERMISSION = "Remove Roles";
-
-    public static final String SYSTEM_ADMINISTRATOR = "System Administrator";
-
-    public static final String USER_ADMINISTRATOR = "User Administrator";
-
-    public static final String USER_EDIT_OPERATION = "edit-user";
-
-    public static final String USERS_EDIT_ALL_OPERATION = "edit-all-users";
-
-    public static final String USERS_EDIT_ALL_PERMISSION = "Edit All Users";
-    
-    public void ensureDefaultsExist()
-        throws RbacManagerException;
-
-}
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java
deleted file mode 100644
index 23449f1ea..000000000
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/DefaultArchivaSecurityDefaults.java
+++ /dev/null
@@ -1,147 +0,0 @@
-package org.apache.maven.archiva.web;
-
-/*
- * Copyright 2001-2006 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.personality.plexus.lifecycle.phase.Initializable;
-import org.codehaus.plexus.personality.plexus.lifecycle.phase.InitializationException;
-import org.codehaus.plexus.security.rbac.Operation;
-import org.codehaus.plexus.security.rbac.Permission;
-import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-
-/**
- * DefaultArchivaSecurityDefaults
- *
- * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
- * @version $Id$
- * @plexus.component role="org.apache.maven.archiva.web.ArchivaSecurityDefaults"
- */
-public class DefaultArchivaSecurityDefaults
-    extends AbstractLogEnabled
-    implements ArchivaSecurityDefaults, Initializable
-{
-    /**
-     * @plexus.requirement
-     */
-    private RBACManager rbacManager;
-
-    private boolean initialized = false;
-
-    public void ensureDefaultsExist()
-        throws RbacManagerException
-    {
-        if ( initialized )
-        {
-            return;
-        }
-
-        ensureOperationsExist();
-        ensurePermissionsExist();
-        ensureRolesExist();
-
-        initialized = true;
-    }
-
-    private void ensureOperationExists( String operationName )
-        throws RbacManagerException
-    {
-        if ( !rbacManager.operationExists( operationName ) )
-        {
-            Operation operation = rbacManager.createOperation( operationName );
-            rbacManager.saveOperation( operation );
-        }
-    }
-
-    private void ensureOperationsExist()
-        throws RbacManagerException
-    {
-        ensureOperationExists( REPOSITORY_ADD_OPERATION );
-        ensureOperationExists( REPOSITORY_EDIT_OPERATION );
-        ensureOperationExists( REPOSITORY_DELETE_OPERATION );
-        ensureOperationExists( INDEX_RUN_OPERATION );
-        ensureOperationExists( INDEX_REGENERATE_OPERATION );
-        ensureOperationExists( REPORTS_ACCESS_OPERATION );
-        ensureOperationExists( REPORTS_GENERATE_OPERATION );
-        ensureOperationExists( USER_EDIT_OPERATION );
-        ensureOperationExists( USERS_EDIT_ALL_OPERATION );
-        ensureOperationExists( ROLES_GRANT_OPERATION );
-        ensureOperationExists( ROLES_REMOVE_OPERATION );
-        ensureOperationExists( REPOSITORY_ACCESS_OPERATION );
-        ensureOperationExists( REPOSITORY_UPLOAD_OPERATION );
-    }
-
-    private void ensurePermissionExists( String permissionName, String operationName, String resourceIdentifier )
-        throws RbacManagerException
-    {
-        if ( !rbacManager.permissionExists( permissionName ) )
-        {
-            Permission editConfiguration =
-                rbacManager.createPermission( permissionName, operationName, resourceIdentifier );
-            rbacManager.savePermission( editConfiguration );
-        }
-    }
-
-    private void ensurePermissionsExist()
-        throws RbacManagerException
-    {
-        String globalResource = rbacManager.getGlobalResource().getIdentifier();
-
-        ensurePermissionExists( REPORTS_ACCESS_PERMISSION, REPORTS_ACCESS_OPERATION, globalResource );
-        ensurePermissionExists( REPORTS_GENERATE_PERMISSION, REPORTS_GENERATE_OPERATION, globalResource );
-
-        ensurePermissionExists( INDEX_RUN_PERMISSION, INDEX_RUN_OPERATION, globalResource );
-        ensurePermissionExists( INDEX_REGENERATE_PERMISSION, INDEX_REGENERATE_OPERATION, globalResource );
-
-        ensurePermissionExists( REPOSITORY_ADD_PERMISSION, REPOSITORY_ADD_OPERATION, globalResource );
-        ensurePermissionExists( REPOSITORY_ACCESS, "access-repository", globalResource );
-        ensurePermissionExists( REPOSITORY_UPLOAD, REPOSITORY_UPLOAD_OPERATION, globalResource );
-    }
-
-    private void ensureRolesExist()
-        throws RbacManagerException
-    {
-        /* TODO!
-                    if ( !rbacManager.roleExists( SYSTEM_ADMINISTRATOR ) )
-                    {
-                        Role admin = rbacManager.createRole( SYSTEM_ADMINISTRATOR );
-                        admin.addChildRoleName( rbacManager.getRole( USER_ADMINISTRATOR ).getName() );
-                        admin.addPermission( rbacManager.getPermission( CONFIGURATION_EDIT_PERMISSION ) );
-                        admin.addPermission( rbacManager.getPermission( INDEX_RUN_PERMISSION ) );
-                        admin.addPermission( rbacManager.getPermission( REPOSITORY_ADD_PERMISSION ) );
-                        admin.addPermission( rbacManager.getPermission( REPORTS_ACCESS_PERMISSION ) );
-                        admin.addPermission( rbacManager.getPermission( REPORTS_GENERATE_PERMISSION ) );
-                        admin.addPermission( rbacManager.getPermission( INDEX_REGENERATE_PERMISSION ) );
-                        admin.setAssignable( true );
-                        rbacManager.saveRole( admin );
-                    }
-        */
-    }
-
-    public void initialize()
-        throws InitializationException
-    {
-        try
-        {
-            ensureDefaultsExist();
-        }
-        catch ( RbacManagerException e )
-        {
-            throw new InitializationException( e.getMessage(), e );
-        }
-    }
-}
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java
index 47293bca2..73ba72296 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/ReportsAction.java
@@ -16,7 +16,6 @@ package org.apache.maven.archiva.web.action;
  * limitations under the License.
  */
 
-import com.opensymphony.xwork.ActionSupport;
 import com.opensymphony.xwork.Preparable;
 import org.apache.maven.archiva.configuration.Configuration;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
@@ -29,8 +28,13 @@ import org.apache.maven.archiva.reporting.ReportExecutor;
 import org.apache.maven.archiva.reporting.ReportGroup;
 import org.apache.maven.archiva.reporting.ReportingDatabase;
 import org.apache.maven.archiva.reporting.ReportingStoreException;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.apache.maven.artifact.repository.ArtifactRepository;
 import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
+import org.codehaus.plexus.security.rbac.Resource;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 
 import java.util.ArrayList;
@@ -42,10 +46,11 @@ import java.util.Map;
  * Repository reporting.
  *
  * @plexus.component role="com.opensymphony.xwork.Action" role-hint="reportsAction"
+ * @todo split report access and report generation
  */
 public class ReportsAction
     extends PlexusActionSupport
-    implements Preparable
+    implements Preparable, SecureAction
 {
     /**
      * @plexus.requirement
@@ -223,4 +228,15 @@ public class ReportsAction
     {
         this.filter = filter;
     }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+
+        bundle.setRequiresAuthentication( true );
+        bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_ACCESS_REPORT, Resource.GLOBAL );
+
+        return bundle;
+    }
 }
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
index 1d92656c7..89214537a 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/AbstractConfigureRepositoryAction.java
@@ -24,9 +24,14 @@ import org.apache.maven.archiva.configuration.ConfigurationChangeException;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
 import org.apache.maven.archiva.configuration.ConfigurationStoreException;
 import org.apache.maven.archiva.configuration.InvalidConfigurationException;
-import org.apache.maven.archiva.web.util.RoleManager;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.codehaus.plexus.xwork.action.PlexusActionSupport;
 import org.codehaus.plexus.security.rbac.RbacManagerException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureAction;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.rbac.profile.RoleProfileManager;
 
 import java.io.IOException;
 
@@ -37,7 +42,7 @@ import java.io.IOException;
  */
 public abstract class AbstractConfigureRepositoryAction
     extends PlexusActionSupport
-    implements ModelDriven, Preparable
+    implements ModelDriven, Preparable, SecureAction
 {
     /**
      * @plexus.requirement
@@ -45,9 +50,9 @@ public abstract class AbstractConfigureRepositoryAction
     private ConfigurationStore configurationStore;
 
     /**
-     * @plexus.requirement
+     * @plexus.requirement role-hint="archiva"
      */
-    protected RoleManager roleManager;
+    protected RoleProfileManager roleProfileManager;
 
     /**
      * The repository.
@@ -66,7 +71,7 @@ public abstract class AbstractConfigureRepositoryAction
 
     public String add()
         throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
-        RbacManagerException
+        RbacManagerException, RoleProfileException
     {
         // TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
 
@@ -82,7 +87,7 @@ public abstract class AbstractConfigureRepositoryAction
 
     public String edit()
         throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
-        RbacManagerException
+        RbacManagerException, RoleProfileException
     {
         // TODO: if this didn't come from the form, go to configure.action instead of going through with re-saving what was just loaded
 
@@ -98,12 +103,10 @@ public abstract class AbstractConfigureRepositoryAction
 
     private String saveConfiguration()
         throws IOException, ConfigurationStoreException, InvalidConfigurationException, ConfigurationChangeException,
-        RbacManagerException
+        RbacManagerException, RoleProfileException
     {
         addRepository();
 
-        roleManager.addRepository( repository.getId() );
-
         configurationStore.storeConfiguration( configuration );
 
         // TODO: do we need to check if indexing is needed?
@@ -114,7 +117,7 @@ public abstract class AbstractConfigureRepositoryAction
     }
 
     protected abstract void addRepository()
-        throws IOException;
+        throws IOException, RoleProfileException;
 
     public String input()
     {
@@ -162,4 +165,19 @@ public abstract class AbstractConfigureRepositoryAction
     {
         return configuration;
     }
+
+    public SecureActionBundle getSecureActionBundle()
+        throws SecureActionException
+    {
+        SecureActionBundle bundle = new SecureActionBundle();
+
+        if ( getRepoId() != null )
+        {
+            bundle.setRequiresAuthentication( true );
+            // TODO: this is not right. It needs to change based on method
+            bundle.addRequiredAuthorization( ArchivaRoleConstants.OPERATION_EDIT_REPOSITORY, getRepoId() );
+        }
+
+        return bundle;
+    }
 }
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java
index 25d6185f2..78b5e1d94 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/ConfigureRepositoryAction.java
@@ -18,6 +18,11 @@ package org.apache.maven.archiva.web.action.admin;
 
 import org.apache.maven.archiva.configuration.AbstractRepositoryConfiguration;
 import org.apache.maven.archiva.configuration.RepositoryConfiguration;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
+import org.codehaus.plexus.rbac.profile.RoleProfileException;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionBundle;
+import org.codehaus.plexus.security.ui.web.interceptor.SecureActionException;
+import org.codehaus.plexus.security.rbac.Resource;
 
 import java.io.File;
 import java.io.IOException;
@@ -41,7 +46,7 @@ public class ConfigureRepositoryAction
     }
 
     protected void addRepository()
-        throws IOException
+        throws IOException, RoleProfileException
     {
         RepositoryConfiguration repository = (RepositoryConfiguration) getRepository();
 
@@ -55,6 +60,11 @@ public class ConfigureRepositoryAction
         }
 
         configuration.addRepository( repository );
+
+        // TODO: double check these are configured on start up
+        roleProfileManager.getDynamicRole( "archiva-repository-manager", repository.getId() );
+
+        roleProfileManager.getDynamicRole( "archiva-repository-observer", repository.getId() );
     }
 
     protected AbstractRepositoryConfiguration createRepository()
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java
index 114f4c847..6003c6917 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/interceptor/ConfigurationInterceptor.java
@@ -18,21 +18,9 @@ package org.apache.maven.archiva.web.interceptor;
 
 import com.opensymphony.xwork.ActionInvocation;
 import com.opensymphony.xwork.interceptor.Interceptor;
-
 import org.apache.maven.archiva.configuration.Configuration;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
-import org.apache.maven.archiva.configuration.ConfigurationStoreException;
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
-import org.apache.maven.archiva.web.util.RoleManager;
 import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.user.UserManager;
-import org.codehaus.plexus.security.user.UserNotFoundException;
-
-import java.util.Iterator;
-import java.util.Map;
 
 /**
  * An interceptor that makes the application configuration available
@@ -51,28 +39,6 @@ public class ConfigurationInterceptor
     private ConfigurationStore configurationStore;
 
     /**
-     * @plexus.requirement
-     */
-    private RoleManager roleManager;
-
-    /**
-     * @plexus.requirement
-     */
-    private RBACManager rbacManager;
-    
-    /**
-     * @plexus.requirement
-     */
-    private UserManager userManager;
-
-    /**
-     * @plexus.requirement
-     */
-    private ArchivaSecurityDefaults archivaDefaults;
-    
-    private boolean adminInitialized = false;
-
-    /**
      *
      * @param actionInvocation
      * @return
@@ -81,30 +47,6 @@ public class ConfigurationInterceptor
     public String intercept( ActionInvocation actionInvocation )
         throws Exception
     {
-        archivaDefaults.ensureDefaultsExist();
-        ensureRepoRolesExist();
-        
-        if ( !adminInitialized )
-        {
-            adminInitialized = true;
-
-            try
-            {
-                User user = userManager.findUser( "admin" );
-                if ( user == null )
-                {
-                    getLogger().info( "No admin user configured - forwarding to admin user creation page." );
-                    return "admin-user-needed";
-                }
-                getLogger().info( "Admin user found. No need to configure admin user." );
-            }
-            catch ( UserNotFoundException e )
-            {
-                getLogger().info( "No admin user found - forwarding to admin user creation page." );
-                return "admin-user-needed";
-            }
-        }
-
         Configuration configuration = configurationStore.getConfigurationFromStore();
 
         if ( !configuration.isValid() )
@@ -126,39 +68,6 @@ public class ConfigurationInterceptor
         }
     }
 
-    public void ensureRepoRolesExist()
-        throws RbacManagerException
-    {
-        try
-        {
-            if ( configurationStore.getConfigurationFromStore().isValid() )
-            {
-                Map repositories = configurationStore.getConfigurationFromStore().getRepositoriesMap();
-
-                for ( Iterator i = repositories.keySet().iterator(); i.hasNext(); )
-                {
-                    String id = (String) i.next();
-
-                    if ( !rbacManager.roleExists( "Repository Observer - " + id ) )
-                    {
-                        getLogger().info( "recovering Repository Observer - " + id );
-                        roleManager.addRepository( id );
-                    }
-
-                    if ( !rbacManager.roleExists( "Repository Manager - " + id ) )
-                    {
-                        getLogger().info( "recovering Repository Manager - " + id );
-                        roleManager.addRepository( id );
-                    }
-                }
-            }
-        }
-        catch ( ConfigurationStoreException e )
-        {
-            throw new RuntimeException( "error with configurationStore()" );
-        }
-    }
-
     public void destroy()
     {
         // This space left intentionally blank
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
index a09cec435..67e67078e 100644
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
+++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/servlet/repository/RepositoryAccess.java
@@ -22,16 +22,16 @@ import org.apache.maven.archiva.configuration.Configuration;
 import org.apache.maven.archiva.configuration.ConfigurationStore;
 import org.apache.maven.archiva.configuration.ConfigurationStoreException;
 import org.apache.maven.archiva.configuration.RepositoryConfiguration;
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
+import org.apache.maven.archiva.security.ArchivaRoleConstants;
 import org.apache.maven.archiva.web.servlet.AbstractPlexusServlet;
 import org.codehaus.plexus.security.authentication.AuthenticationException;
 import org.codehaus.plexus.security.authentication.AuthenticationResult;
 import org.codehaus.plexus.security.authorization.AuthorizationException;
+import org.codehaus.plexus.security.policy.AccountLockedException;
+import org.codehaus.plexus.security.policy.MustChangePasswordException;
 import org.codehaus.plexus.security.system.SecuritySession;
 import org.codehaus.plexus.security.system.SecuritySystem;
 import org.codehaus.plexus.security.ui.web.filter.authentication.HttpAuthenticator;
-import org.codehaus.plexus.security.policy.AccountLockedException;
-import org.codehaus.plexus.security.policy.MustChangePasswordException;
 import org.codehaus.plexus.util.FileUtils;
 import org.codehaus.plexus.util.StringUtils;
 
@@ -47,11 +47,10 @@ import java.util.Map;
 /**
  * RepositoryAccess - access read/write to the repository.
  *
- * @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
- *                   role-hint="repositoryAccess"
- * 
  * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
  * @version $Id$
+ * @plexus.component role="org.apache.maven.archiva.web.servlet.PlexusServlet"
+ * role-hint="repositoryAccess"
  * @todo CACHE REPOSITORY LIST
  */
 public class RepositoryAccess
@@ -73,11 +72,6 @@ public class RepositoryAccess
     private HttpAuthenticator httpAuth;
 
     /**
-     * @plexus.requirement
-     */
-    private ArchivaSecurityDefaults archivaSecurity;
-
-    /**
      * List of request methods that fall into the category of 'access' or 'read' of a repository.
      * All other method requests are to be considered 'write' or 'upload' requests.
      */
@@ -137,7 +131,7 @@ public class RepositoryAccess
             routeToErrorPage( response, "Invalid Repository ID." );
             return;
         }
-        
+
         // Authentication Tests.
 
         AuthenticationResult result;
@@ -148,8 +142,8 @@ public class RepositoryAccess
             if ( !result.isAuthenticated() )
             {
                 // Must Authenticate.
-                httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), 
-                                    new AuthenticationException("User Credentials Invalid") );
+                httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
+                                    new AuthenticationException( "User Credentials Invalid" ) );
                 return;
             }
         }
@@ -161,12 +155,12 @@ public class RepositoryAccess
         catch ( AccountLockedException e )
         {
             httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
-                                new AuthenticationException("User account is locked") );
+                                new AuthenticationException( "User account is locked" ) );
         }
         catch ( MustChangePasswordException e )
         {
-            httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
-                                new AuthenticationException("You must change your password before you can attempt this again.") );
+            httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), new AuthenticationException(
+                "You must change your password before you can attempt this again." ) );
         }
 
         // Authorization Tests.
@@ -176,11 +170,11 @@ public class RepositoryAccess
         SecuritySession securitySession = httpAuth.getSecuritySession();
         try
         {
-            String permission = ArchivaSecurityDefaults.REPOSITORY_ACCESS;
+            String permission = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
 
             if ( isWriteRequest )
             {
-                permission = ArchivaSecurityDefaults.REPOSITORY_UPLOAD;
+                permission = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
             }
 
             permission += " - " + repoconfig.getId();
@@ -190,8 +184,8 @@ public class RepositoryAccess
             if ( !isAuthorized )
             {
                 // Issue HTTP Challenge.
-                httpAuth.challenge( request, response, "Repository " + repoconfig.getName(), 
-                                    new AuthenticationException("Authorization Denied.") );
+                httpAuth.challenge( request, response, "Repository " + repoconfig.getName(),
+                                    new AuthenticationException( "Authorization Denied." ) );
                 return;
             }
         }
@@ -204,8 +198,8 @@ public class RepositoryAccess
 
         RepositoryMapping repo = getRepositoryMapping( repoconfig );
 
-        response.setHeader( "Server", getServletContext().getServerInfo() + " Archiva : "
-            + DAVUtilities.SERVLET_SIGNATURE );
+        response.setHeader( "Server",
+                            getServletContext().getServerInfo() + " Archiva : " + DAVUtilities.SERVLET_SIGNATURE );
 
         DAVTransaction transaction = new DAVTransaction( request, response );
         try
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
deleted file mode 100644
index 67eb96952..000000000
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/DefaultRoleManager.java
+++ /dev/null
@@ -1,97 +0,0 @@
-package org.apache.maven.archiva.web.util;
-
-/*
- * Copyright 2001-2006 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.apache.maven.archiva.web.ArchivaSecurityDefaults;
-import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.security.rbac.Permission;
-import org.codehaus.plexus.security.rbac.RBACManager;
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-import org.codehaus.plexus.security.rbac.Resource;
-import org.codehaus.plexus.security.rbac.Role;
-import org.codehaus.plexus.security.user.User;
-import org.codehaus.plexus.security.user.UserManager;
-
-/**
- * DefaultRoleManager:
- * @todo remove!
- *
- * @author Jesse McConnell <jmcconnell@apache.org>
- * @version $Id:$
- * @plexus.component role="org.apache.maven.archiva.web.util.RoleManager"
- * role-hint="default"
- */
-public class DefaultRoleManager
-    extends AbstractLogEnabled
-    implements RoleManager
-{
-
-    /**
-     * @plexus.requirement
-     */
-    private RBACManager manager;
-
-    public void addRepository( String repositoryName )
-        throws RbacManagerException
-    {
-        // make the resource
-        Resource repoResource = manager.createResource( repositoryName );
-        repoResource = manager.saveResource( repoResource );
-
-        // make the permissions
-        Permission editRepo =
-            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_EDIT + " - " + repositoryName );
-        editRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_EDIT_OPERATION ) );
-        editRepo.setResource( repoResource );
-        editRepo = manager.savePermission( editRepo );
-
-        Permission deleteRepo =
-            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_DELETE + " - " + repositoryName );
-        deleteRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_DELETE_OPERATION ) );
-        deleteRepo.setResource( repoResource );
-        deleteRepo = manager.savePermission( deleteRepo );
-
-        Permission accessRepo =
-            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_ACCESS + " - " + repositoryName );
-        accessRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_ACCESS_OPERATION ) );
-        accessRepo.setResource( repoResource );
-        accessRepo = manager.savePermission( accessRepo );
-
-        Permission uploadRepo =
-            manager.createPermission( ArchivaSecurityDefaults.REPOSITORY_UPLOAD + " - " + repositoryName );
-        uploadRepo.setOperation( manager.getOperation( ArchivaSecurityDefaults.REPOSITORY_UPLOAD_OPERATION ) );
-        uploadRepo.setResource( repoResource );
-        uploadRepo = manager.savePermission( uploadRepo );
-
-        // make the roles
-        Role repositoryObserver = manager.createRole( "Repository Observer - " + repositoryName );
-        repositoryObserver.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_ACCESS_PERMISSION ) );
-        repositoryObserver.setAssignable( true );
-        repositoryObserver = manager.saveRole( repositoryObserver );
-
-        Role repositoryManager = manager.createRole( "Repository Manager - " + repositoryName );
-        repositoryManager.addPermission( editRepo );
-        repositoryManager.addPermission( deleteRepo );
-        repositoryManager.addPermission( accessRepo );
-        repositoryManager.addPermission( uploadRepo );
-        repositoryManager.addPermission( manager.getPermission( ArchivaSecurityDefaults.REPORTS_GENERATE_PERMISSION ) );
-        repositoryManager.addChildRoleName( repositoryObserver.getName() );
-        repositoryManager.setAssignable( true );
-        manager.saveRole( repositoryManager );
-    }
-
-}
diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java
deleted file mode 100644
index 3f614d8b7..000000000
--- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/util/RoleManager.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package org.apache.maven.archiva.web.util;
-
-/*
- * Copyright 2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import org.codehaus.plexus.security.rbac.RbacManagerException;
-
-/**
- * RoleManager:
- *
- * @author Jesse McConnell <jmcconnell@apache.org>
- * @version $Id:$
- */
-public interface RoleManager
-{
-    public static final String ROLE = RoleManager.class.getName();
-
-    public void addRepository( String repositoryName )
-        throws RbacManagerException;
-
-}
diff --git a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
index e2e092cc4..71df47dd2 100644
--- a/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
+++ b/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
@@ -441,8 +441,5 @@
     <component>
       <role>org.apache.maven.archiva.scheduler.RepositoryTaskScheduler</role>
     </component>
-    <component>
-      <role>org.apache.maven.archiva.web.ArchivaSecurityDefaults</role>
-    </component>
   </load-on-start>
 </plexus>
diff --git a/archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties b/archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties
deleted file mode 100644
index d53c40833..000000000
--- a/archiva-webapp/src/main/resources/META-INF/plexus/plexus-security.properties
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# properties that might be used in plexus-security initialization
-#
-
-#
-# operations
-#
-addRepositoryOperation=add-repository
-editRepositoryOperation=edit-repository
-deleteRepositoryOperation=delete-repository
-
-editConfiguration=edit-configuration
-
-runIndexer=run-indexer
-regenerateIndex=regenerate-index
-
-accessReports=access-reports
-generateReports=generate-reports
-
-editAllUsers=edit-all-users
-editUser=edit-user
-
-grantRoles=grant-roles
-removeRoles=remove-roles
-\ No newline at end of file
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
index 852891861..3e82d910a 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/admin/index.jsp
@@ -52,7 +52,7 @@
     </td>
     <%-- TODO: a "delete index and run now" operation should be here too (really clean, remove deletions that didn't get picked up) --%>
     <td>
-      <pss:ifAuthorized permission="run-indexer">
+      <pss:ifAuthorized permission="archiva-run-indexer">
         <a href="<ww:url action="runIndexer" />">Run Now</a>
       </pss:ifAuthorized>
     </td>
@@ -82,7 +82,7 @@
 <div>
   <div style="float: right">
     <%-- TODO replace with icons --%>
-    <pss:ifAuthorized permission="add-repository">
+    <pss:ifAuthorized permission="archiva-add-repository">
       <ww:url id="addRepositoryUrl" action="addRepository" method="input"/>
       <ww:a href="%{addRepositoryUrl}">Add Repository</ww:a>
     </pss:ifAuthorized>
@@ -104,7 +104,8 @@
         <ww:param name="repoId" value="%{'${repository.id}'}" />
       </ww:url>
       <%-- TODO replace with icons --%>
-      <pss:ifAuthorized permission="edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized><pss:ifAuthorized permission="delete-repository" resource="${repository.id}"> <ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
+      <pss:ifAuthorized permission="archiva-edit-repository" resource="${repository.id}"><ww:a href="%{editRepositoryUrl}">Edit Repository</ww:a></pss:ifAuthorized>
+      <pss:ifAuthorized permission="archiva-delete-repository" resource="${repository.id}"><ww:a href="%{deleteRepositoryUrl}">Delete Repository</ww:a></pss:ifAuthorized>
     </div>
     <h3>${repository.name}</h3>
     <table class="infoTable">
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
index af2284e04..abc505ea5 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/decorators/default.jsp
@@ -92,10 +92,10 @@
         <my:currentWWUrl action="browse" namespace="/">Browse</my:currentWWUrl>
       </li>
     </ul>
-    <pss:ifAnyAuthorized permissions="archiva-manage-users,access-reports,archiva-manage-configuration">
+    <pss:ifAnyAuthorized permissions="archiva-manage-users,archiva-access-reports,archiva-manage-configuration">
       <h5>Manage</h5>
       <ul>
-        <pss:ifAuthorized permission="access-reports">
+        <pss:ifAuthorized permission="archiva-access-reports">
           <li class="none">
             <my:currentWWUrl action="reports" namespace="/admin">Reports</my:currentWWUrl>
           </li>
diff --git a/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp b/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
index fb9ac1902..2d234144c 100644
--- a/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
+++ b/archiva-webapp/src/main/webapp/WEB-INF/jsp/reports/reports.jsp
@@ -34,7 +34,7 @@
 
 <div id="contentArea">
 
-<pss:ifAnyAuthorized permissions="generate-reports">
+<pss:ifAnyAuthorized permissions="archiva-generate-reports">
   <ww:form action="reports" namespace="/admin">
     <ww:select list="reports" label="Report" name="reportGroup" onchange="document.reports.submit();"/>
     <ww:select list="configuration.repositories" listKey="id" listValue="name" label="Repository" headerKey="-"
@@ -55,7 +55,7 @@
     --%>
   <c:choose>
     <c:when test="${!database.inProgress}">
-      <pss:ifAuthorized permission="generate-reports">
+      <pss:ifAuthorized permission="archiva-generate-reports">
         <ww:url id="regenerateReportUrl" action="runReport" namespace="/admin">
           <ww:param name="repositoryId">${database.repository.id}</ww:param>
           <ww:param name="reportGroup" value="reportGroup"/>
author	Brett Porter <brett@apache.org>	2006-09-28 12:06:45 +0000
committer	Brett Porter <brett@apache.org>	2006-09-28 12:06:45 +0000
commit	46926538b885383dd37db1649c5836da4348240b (patch)
tree	2dd88f15987641734e1bcdfbefa0411b76d6eb3d
parent	1e99374aee61d603ad8211ae9cbc5dbd97ac697b (diff)
download	archiva-46926538b885383dd37db1649c5836da4348240b.tar.gz archiva-46926538b885383dd37db1649c5836da4348240b.zip