Verschiedene Old Initializer entfernt, nirgends genutztes package populate deaktiviert.

git-svn-id: https://svn.libreccm.org/ccm/trunk@722 8810af33-2d31-482b-a856-94f89814c4df

ccm-core/src/com/arsdigita/categorization/CategoryPurpose.java

@@ -43,9 +43,9 @@ import org.apache.log4j.Logger;
  * filter the list of categories associated with an object.
  *
  * @author Scott Seago
+ * @version $Revision: #13 $ $DateTime: 2004/08/16 18:10:38 $
  * @deprecated See the note about "use context" methods in the documentation for
  * {@link Category} class.
- * @version $Revision: #13 $ $DateTime: 2004/08/16 18:10:38 $
  */
 public class CategoryPurpose extends ACSObject {
 

ccm-core/src/com/arsdigita/core/Initializer.java

@@ -86,6 +86,7 @@ public class Initializer extends CompoundInitializer {
               new NameFilter(DbHelper.getDatabaseSuffix(database), "pdl"))));
 
         add(new com.arsdigita.ui.Initializer());
+        add(new com.arsdigita.kernel.security.Initializer());
         add(new com.arsdigita.portal.Initializer());
         add(new com.arsdigita.search.Initializer());
         add(new com.arsdigita.search.lucene.Initializer());

ccm-core/src/com/arsdigita/core/enterprise.init

@@ -37,7 +37,7 @@ init com.arsdigita.globalization.LegacyInitializer {
 
 init com.arsdigita.kernel.Initializer {}
 
-init com.arsdigita.kernel.security.Initializer {
+init com.arsdigita.kernel.security.LegacyInitializer {
     securityHelperClass = "com.arsdigita.kernel.security.DefaultSecurityHelper";
     sessionTrackingMethod = "cookie";
 

ccm-core/src/com/arsdigita/kernel/security/CredentialLoginModule.java

@@ -51,7 +51,7 @@ import com.arsdigita.kernel.Kernel;
  *
  * @author Sameer Ajmani
  * @version $Id: CredentialLoginModule.java 718 2005-08-18 15:34:42Z apevec $
- */
+ **/
 public abstract class CredentialLoginModule implements LoginModule {
 
     private static final Logger s_log =
@@ -389,7 +389,7 @@ public abstract class CredentialLoginModule implements LoginModule {
      **/
     protected final boolean requestIsExcluded()
         throws LoginException {
-        java.util.Iterator exts = Initializer.getExcludedExtensions();
+        java.util.Iterator exts = Util.getExcludedExtensions();
         while (exts.hasNext()) {
             String ext = (String)exts.next();
             if (getRequest().getRequestURI().endsWith(ext)) {
@@ -466,7 +466,9 @@ public abstract class CredentialLoginModule implements LoginModule {
             if (m_forever == null) {
                 LifetimeCallback cb = new LifetimeCallback();
                 m_handler.handle(new Callback[] { cb });
-                m_forever = new Boolean(cb.isForever());
+                // m_forever = new Boolean(cb.isForever());
+                // performancewise better:
+                m_forever = Boolean.valueOf(cb.isForever());
             }
             return m_forever.booleanValue();
         } catch (IOException e) {

ccm-core/src/com/arsdigita/kernel/security/DefaultSecurityHelper.java

@@ -41,11 +41,11 @@ public class DefaultSecurityHelper implements SecurityHelper {
     }
 
     private static String[] allowedPages = new String[] {
-        Initializer.LOGIN_PAGE_KEY,
+        LegacyInitializer.LOGIN_PAGE_KEY,
-        Initializer.LOGOUT_PAGE_KEY,
+        LegacyInitializer.LOGOUT_PAGE_KEY,
-        Initializer.COOKIES_PAGE_KEY,
+        LegacyInitializer.COOKIES_PAGE_KEY,
-        Initializer.RECOVER_PAGE_KEY,
+        LegacyInitializer.RECOVER_PAGE_KEY,
-        Initializer.EXPIRED_PAGE_KEY,
+        LegacyInitializer.EXPIRED_PAGE_KEY,
     };
 
     /**
@@ -68,7 +68,7 @@ public class DefaultSecurityHelper implements SecurityHelper {
 //        // don't require login if page on allowed list
 //        String url = req.getRequestURI();
 //        for (int i = 0; i < allowedPages.length; i++) {
-//            String allowed = Initializer.getFullURL(allowedPages[i], req);
+//            String allowed = LegacyInitializer.getFullURL(allowedPages[i], req);
 //            if (url.equals(allowed)) {
 //                return false;
 //            }
@@ -83,6 +83,6 @@ public class DefaultSecurityHelper implements SecurityHelper {
      * @return the full URL of the login page.
      **/
     public String getLoginURL(HttpServletRequest req) {
-        return Initializer.getFullURL(Initializer.LOGIN_PAGE_KEY, req);
+        return LegacyInitializer.getFullURL(LegacyInitializer.LOGIN_PAGE_KEY, req);
     }
 }

ccm-core/src/com/arsdigita/kernel/security/Initializer.java

@@ -1,5 +1,4 @@
 /*
- * Copyright (C) 2001-2004 Red Hat Inc. All Rights Reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public License
@@ -16,326 +15,110 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  *
  */
+
 package com.arsdigita.kernel.security;
 
-import com.arsdigita.util.URLRewriter;
 import com.arsdigita.kernel.Kernel;
-import com.arsdigita.kernel.SiteNode;
+import com.arsdigita.runtime.ConfigError;
-import com.arsdigita.initializer.Configuration;
+import com.arsdigita.runtime.DomainInitEvent;
-import com.arsdigita.initializer.InitializationException;
+import com.arsdigita.runtime.GenericInitializer;
+import com.arsdigita.util.URLRewriter;
 
 import java.util.Arrays;
-import java.util.ArrayList;
+//import java.util.ArrayList;
-import java.util.HashMap;
+//import java.util.HashMap;
-import java.util.Iterator;
+//import java.util.Iterator;
 import java.util.List;
-import java.util.Map;
+//import java.util.Map;
+
 import javax.security.auth.login.LoginException;
-import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 
 /**
- * <p>Initializes security properties.</p>
+ * Initializes the kernel security subpackage.
  *
- * <p><b><font color="red">Deprecated feature: </font></b> Provides access
+ * @author pboy (pboy@barkhof.uni-bremen.de)
- * to URLs for standard pages.</p>
+ */
- *
+public class Initializer extends GenericInitializer {
- * @author Sameer Ajmani
- * @since ACS 4.5
- * @version $Id: Initializer.java 1225 2006-06-19 09:27:21Z apevec $
- **/
-public class Initializer
-    implements com.arsdigita.initializer.Initializer {
 
-    private static final Logger s_log =
+    // Creates a s_logging category with name = to the full name of class
-        Logger.getLogger(Initializer.class);
+    public static final Logger s_log = Logger.getLogger(Initializer.class);
 
-    /** Obsolete parameter name for session tracking method. **/
+    private static SecurityConfig s_conf = Kernel.getSecurityConfig();
-    public static String SESSION_TRACKING_PARAM = "sessionTrackingMethod";
-    /** Parameter name for security helper class name. **/
-    public static String SECURITY_HELPER_PARAM = "securityHelperClass";
-    /** Parameter name for excluded URI extensions. **/
-    public static String EXCLUDED_EXTENSIONS_PARAM = "excludedExtensions";
-    /** Size of secret key in bytes. **/
-    public static int SECRET_KEY_BYTES = 16;
-
-    private Configuration m_conf = new Configuration();
-
-    public Configuration getConfiguration() {
-        return m_conf;
-    }
-
-    public Initializer() throws InitializationException {
-        m_conf.initParameter
-            (SECURITY_HELPER_PARAM,
-             "The class name of the SecurityHelper implementation",
-             String.class,
-             DefaultSecurityHelper.class.getName());
-        m_conf.initParameter
-            (SESSION_TRACKING_PARAM,
-             "This parameter is obsolete.",
-             String.class);
-        m_conf.initParameter
-            (EXCLUDED_EXTENSIONS_PARAM,
-             "List of extensions excluded from authentication cookies. "
-             +"Authentication is checked for all requests, but requests "
-             +"with one of these extensions will never cause a new cookie "
-             +"to be set.  Include a leading dot for each extension.",
-             List.class,
-             Arrays.asList(new String[] { ".jpg", ".gif", ".png", ".pdf" }));
-
-
-    }
-
-    public void startup() throws InitializationException {
-        URLRewriter.addParameterProvider
-            (new SecurityParameterProvider());
-        loadExcludedExtensions();
-        loadSecurityHelper();
-        loadPageMap();
-        loadLoginConfig();
-    }
 
     /**
-     * Returns an iterator over the list of excluded extensions.
+     * Implementation of the {@link Initializer#init(DomainInitEvent)}
+     * method.
      *
-     * @return an iterator over the list of excluded extensions.
      *
-     * @deprecated To be moved into a utility class.
+     * @param evt The domain init event.
-     **/
+     */
-    public static Iterator getExcludedExtensions() {
+    public void init(DomainInitEvent evt) {
-        if (s_exts == null) {
+        s_log.debug("kernel security domain init begin.");
-            return java.util.Collections.EMPTY_LIST.iterator();
-        } else {
-            return s_exts.iterator();
-        }
-    }
-    private static List s_exts = null;
 
-    private void loadExcludedExtensions() {
+        // Steps carried over from the old style initializer / enterprise.ini
-        s_exts = (List)m_conf.getParameter(EXCLUDED_EXTENSIONS_PARAM);
-        Iterator exts = getExcludedExtensions();
-        while (exts.hasNext()) {
-            Object o = exts.next();
-            if (!(o instanceof String)) {
-                throw new InitializationException
-                    ("Extension must be a string: "+o);
-            }
-        }
-    }
         
-    /**
+        // Step 1:
-     * Returns the security helper instance.
+        // Add the security package' parameter provider to the list of URL
-     *
+        // parameters to enable cookielesss login.
-     * @return the security helper instance.
+        URLRewriter.addParameterProvider(new SecurityParameterProvider());
-     *
-     * @deprecated Moved into {@link Util}
-     **/
-    public static SecurityHelper getSecurityHelper() {
-        return Util.getSecurityHelper();
-    }
 
-    private void loadSecurityHelper() {
+        // Step 2:
-        String name = (String)m_conf.getParameter(SECURITY_HELPER_PARAM);
+        // TODO: Implement an equivalant to loadExcludedExtensions() of
-        if (name == null) {
+        // LegacyInitializer to set the list of ExludecExtensions in Util!
-            throw new InitializationException
+        // Avoid any reference to the config object in Util.
-                (SECURITY_HELPER_PARAM+" not defined");
+
-        }
+        // Step 3:
+        // Set the SecurityHelper class to be used.
         try {
-            Class theClass = Class.forName(name);
+
-            if (!SecurityHelper.class.isAssignableFrom(theClass)) {
+            Class theClass = s_conf.getSecurityHelperClass();
-                throw new InitializationException
-                    (SECURITY_HELPER_PARAM+": "+name
-                     +" does not implement interface "
-                     +SecurityHelper.class.getName());
-            }
             Util.setSecurityHelper(theClass.newInstance());
-        } catch (ClassNotFoundException e) {
+
-            throw new InitializationException
-                (SECURITY_HELPER_PARAM+": "+name+" not found: ", e);
         } catch (InstantiationException e) {
-            throw new InitializationException
+            throw new ConfigError(
-                (SECURITY_HELPER_PARAM+": "+name
+                  "Class: " + s_conf.getSecurityHelperClass().getName()
-                 +" is not concrete or lacks no-arg constructor: ", e);
+                 +" is not concrete or lacks no-arg constructor: " );
         } catch (IllegalAccessException e) {
-            throw new InitializationException
+            throw new ConfigError(
-                (SECURITY_HELPER_PARAM+": "+name
+                  "Class: " + s_conf.getSecurityHelperClass().getName()
-                 +" is not public or lacks public constructor: ", e);
+                 +" is not public or lacks public constructor: " + e.toString() );
-        }
-    }
-
-    /** Key for the root page of the site. **/
-    public static String ROOT_PAGE_KEY =
-        "com.arsdigita.page.kernel.root";
-    /** Key for the user edit page. **/
-    public static String EDIT_PAGE_KEY =
-        "com.arsdigita.page.kernel.edit";
-    /** Key for the login page. **/
-    public static String LOGIN_PAGE_KEY =
-        "com.arsdigita.page.kernel.login";
-    /** Key for the new user page. **/
-    public static String NEWUSER_PAGE_KEY =
-        "com.arsdigita.page.kernel.newuser";
-    /** Key for the logout page. **/
-    public static String LOGOUT_PAGE_KEY =
-        "com.arsdigita.page.kernel.logout";
-    /** Key for the explain-cookies page. **/
-    public static String COOKIES_PAGE_KEY =
-        "com.arsdigita.page.kernel.cookies";
-    /** Key for the login-expired page. **/
-    public static String EXPIRED_PAGE_KEY =
-        "com.arsdigita.page.kernel.expired";
-    /** Key for the change-password page. **/
-    public static String CHANGE_PAGE_KEY =
-        "com.arsdigita.page.kernel.change";
-    /** Key for the recover-password page. **/
-    public static String RECOVER_PAGE_KEY =
-        "com.arsdigita.page.kernel.recover";
-    /** Key for the workspace page. **/
-    public static String WORKSPACE_PAGE_KEY =
-        "com.arsdigita.page.kernel.workspace";
-    /** Key for the login redirect url. **/
-    public static String LOGIN_REDIRECT_PAGE_KEY =
-        "com.arsdigita.page.kernel.login.redirect";
-    /** Key for the admin-permission page. **/
-    public static String PERMISSION_PAGE_KEY =
-        "com.arsdigita.page.kernel.permission";
-    /** Key for the single-permission page. **/
-    public static String PERM_SINGLE_PAGE_KEY =
-        "com.arsdigita.page.kernel.perm-single";
-
-    private static List s_defaultPageMap = new ArrayList() {
-            {
-                put(ROOT_PAGE_KEY, "register/");
-                put(EDIT_PAGE_KEY, "register/edit-profile/");
-                put(LOGIN_PAGE_KEY, "register/");
-                put(NEWUSER_PAGE_KEY, "register/new-user/");
-                put(LOGOUT_PAGE_KEY, "register/logout/");
-                put(COOKIES_PAGE_KEY, "register/explain-persistent-cookies/");
-                put(CHANGE_PAGE_KEY, "register/change-password/");
-                put(RECOVER_PAGE_KEY, "register/recover-password/");
-                put(EXPIRED_PAGE_KEY, "register/login-expired/");
-                put(WORKSPACE_PAGE_KEY, "pvt/");
-                put(LOGIN_REDIRECT_PAGE_KEY, "pvt/");
-                put(PERMISSION_PAGE_KEY, "permissions/");
-                put(PERM_SINGLE_PAGE_KEY, "permissions/one/");
-            }
-            private void put(String key, String value) {
-                add(Arrays.asList(new Object[] { key, value }));
-            }
-        };
-
-    private static Map s_pageMap = new HashMap();
-
-
-
-    private void loadPageMap() throws InitializationException {
-        // load default page map
-        loadPageMap(s_defaultPageMap);
-        // load user page map
-        
-        List list = new ArrayList() {
-                {
-                    SecurityConfig conf = Kernel.getSecurityConfig();
-                    put(ROOT_PAGE_KEY, conf.getRootPage());
-                    put(LOGIN_PAGE_KEY, conf.getLoginPage());
-                    put(NEWUSER_PAGE_KEY, conf.getNewUserPage());
-                    put(LOGOUT_PAGE_KEY, conf.getLogoutPage());
-                    put(COOKIES_PAGE_KEY, conf.getCookiesPage());
-                    put(CHANGE_PAGE_KEY, conf.getChangePage());
-                    put(RECOVER_PAGE_KEY, conf.getRecoverPage());
-                    put(EXPIRED_PAGE_KEY, conf.getExpiredPage());
-                    put(WORKSPACE_PAGE_KEY, conf.getWorkspacePage());
-                    put(LOGIN_REDIRECT_PAGE_KEY, conf.getLoginRedirectPage());
-                    put(PERMISSION_PAGE_KEY, conf.getPermissionPage());
-                    put(PERM_SINGLE_PAGE_KEY, conf.getPermSinglePage());
-                }
-                private void put(String key, String value) {
-                    add(Arrays.asList(new Object[] { key, value }));
-                }
-            };
-        if (list != null) {
-            s_log.info("Security Initializer: mapping "
-                       +list.size()+" pages");
-            loadPageMap(list);
-        }
-    }
-
-    private void loadPageMap(List list) {
-        Iterator pairs = list.iterator();
-        while (pairs.hasNext()) {
-            List pair = (List)pairs.next();
-            String key = (String)pair.get(0);
-            String url = (String)pair.get(1);
-            s_pageMap.put(key, url);
-        }
-    }
-
-    /**
-     * Returns the relative URL associated with the given key.  This is the
-     * value of the URL in the page map for the given key.
-     *
-     * @return the relative URL associated with the given key, or null if it
-     * does not exist.
-     *
-     * @deprecated To be replaced by package parameters.
-     *
-     * @see #getFullURL(String, HttpServletRequest)
-     **/
-    public static String getURL(String key) {
-        return (String)s_pageMap.get(key);
-    }
-
-    /**
-     * Returns the absolute URL associated with the given key.  This is the
-     * root URL for the system (the mount point) prepended to the result of
-     * getURL(key).
-     *
-     * @return the absolute URL associated with the given key, or null
-     * if it does not exist.
-     *
-     * @see #getURL(String)
-     **/
-    public static String getFullURL(String key, HttpServletRequest req) {
-        String root = getRootURL(req);
-        String url = getURL(key);
-        
-        if (s_log.isDebugEnabled()) {
-            s_log.debug("Root is " + root + ", url is " + url);
         }
 
-        if ((root == null) || (key == null)) {
+        // Step 4:
-            return null;
+        // LoadPageMap / handling of URL's. Not an initializer task.
-        }
+        // Has to be handled anywhere else (e.g. com arsdigita.ui)
-        return root + url;
+
+        // Step 5:
+        loadLoginConfig();
+
+        s_log.debug("kernel security domain init completed");
     }
 
-    private static String getRootURL(HttpServletRequest req) {
-        // XXX this isn't safe since you aren't neccessarily
-        // calling it from the root webapp - so we can't
-        // blindly prepend the context path from the current
-        // request.
-        //return SiteNode.getRootSiteNode().getURL(req);
 
-        return SiteNode.getRootSiteNode().getURL();
+    //  //////////////////////////////////////////////////////////
-    }
+    //
+    //  Helper methods
+    //
+    // ///////////////////////////////////////////////////////////
 
-    private void loadLoginConfig() throws InitializationException {
+    private void loadLoginConfig() throws ConfigError {
-        javax.security.auth.login.Configuration.setConfiguration
+        javax.security.auth.login.Configuration
-            (getLoginConfig());
+                      .setConfiguration(getLoginConfig());
 
         checkLoginConfig();
     }
 
     private javax.security.auth.login.Configuration getLoginConfig()
-        throws InitializationException {
+        throws ConfigError {
         SecurityConfig conf = Kernel.getSecurityConfig();
         List loginConfig = Arrays.asList(conf.getLoginConfig());
         return new LoginConfig(loginConfig);
     }
 
-    private void checkLoginConfig() throws InitializationException {
+    private void checkLoginConfig() throws ConfigError {
         // check the login configurations
         String[] contexts = new String[] {
             UserContext.REQUEST_LOGIN_CONTEXT,
@@ -345,16 +128,11 @@ public class Initializer
             try {
                 new LoginContext(contexts[i]);
             } catch (LoginException e) {
-                throw new InitializationException
+                throw new ConfigError
-                    ("Could not instantiate login context '"
+                    ("Could not instantiate login context '"+contexts[i]+"'.  "
-                     +contexts[i]+"'.  "
+                     +"Check that it is defined in your login configuration.");
-                     +"Check that it is defined in your login "
-                     +"configuration.", e);
             }
         }
     }
 
-    public void shutdown() throws InitializationException {
-        // do nothing
-    }
 }

ccm-core/src/com/arsdigita/kernel/security/LegacyInitializer.java

@@ -0,0 +1,371 @@
+/*
+ * Copyright (C) 2001-2004 Red Hat Inc. All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+package com.arsdigita.kernel.security;
+
+//  import com.arsdigita.util.URLRewriter;
+import com.arsdigita.kernel.Kernel;
+import com.arsdigita.kernel.SiteNode;
+import com.arsdigita.initializer.Configuration;
+import com.arsdigita.initializer.InitializationException;
+
+import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+// import javax.security.auth.login.LoginException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+/**
+ * <p>Initializes security properties.</p>
+ *
+ * <p><b><font color="red">Deprecated feature: </font></b> Provides access
+ * to URLs for standard pages.</p>
+ *
+ * @author Sameer Ajmani
+ * @since ACS 4.5
+ * @version $Id: LegacyInitializer.java 1225 2006-06-19 09:27:21Z apevec $
+ **/
+public class LegacyInitializer
+    implements com.arsdigita.initializer.Initializer {
+
+    private static final Logger s_log =
+        Logger.getLogger(LegacyInitializer.class);
+
+    /** Obsolete parameter name for session tracking method. **/
+    public static String SESSION_TRACKING_PARAM = "sessionTrackingMethod";
+    /** Parameter name for security helper class name. **/
+    public static String SECURITY_HELPER_PARAM = "securityHelperClass";
+    /** Parameter name for excluded URI extensions. **/
+    public static String EXCLUDED_EXTENSIONS_PARAM = "excludedExtensions";
+    /** Size of secret key in bytes. **/
+    public static int SECRET_KEY_BYTES = 16;
+
+    private static SecurityConfig s_conf = Kernel.getSecurityConfig();
+
+    private Configuration m_conf = new Configuration();
+
+    public Configuration getConfiguration() {
+        return m_conf;
+    }
+
+    public LegacyInitializer() throws InitializationException {
+        m_conf.initParameter
+            (SECURITY_HELPER_PARAM,
+             "The class name of the SecurityHelper implementation",
+             String.class,
+             DefaultSecurityHelper.class.getName());
+        m_conf.initParameter
+            (SESSION_TRACKING_PARAM,
+             "This parameter is obsolete.",
+             String.class);
+        m_conf.initParameter
+            (EXCLUDED_EXTENSIONS_PARAM,
+             "List of extensions excluded from authentication cookies. "
+             +"Authentication is checked for all requests, but requests "
+             +"with one of these extensions will never cause a new cookie "
+             +"to be set.  Include a leading dot for each extension.",
+             List.class,
+             Arrays.asList(new String[] { ".jpg", ".gif", ".png", ".pdf" }));
+
+
+    }
+
+    public void startup() throws InitializationException {
+      // Moved to new style kernel.security.Initializer
+      //URLRewriter.addParameterProvider
+      //    (new SecurityParameterProvider());
+      // Moved to security.Util
+      //loadExcludedExtensions();
+      // Moved to new style kernel.security.Initializer
+      //loadSecurityHelper();
+        loadPageMap();
+      // Moved to new style kernel.security.Initializer
+      //loadLoginConfig();
+    }
+
+    // Moved to security.Util because providing a configuration detail is
+    // definitly not part of an initialization procedure!
+    // Previously it had been used by CredentialLoginModule only, so it may be
+    // appropriate to move it over there for future versions.
+//  /**
+//   * Returns an iterator over the list of excluded extensions.
+//   *
+//   * @return an iterator over the list of excluded extensions.
+//   *
+//   * @deprecated To be moved into a utility class.
+//   **/
+//  public static Iterator getExcludedExtensions() {
+//      if (s_exts == null) {
+//          return java.util.Collections.EMPTY_LIST.iterator();
+//      } else {
+//          return s_exts.iterator();
+//      }
+//  }
+//  private static List s_exts = null;
+
+//  private void loadExcludedExtensions() {
+//      // s_exts = (List)m_conf.getParameter(EXCLUDED_EXTENSIONS_PARAM);
+//      s_exts = (List)s_conf.getExcludedExtensions();
+//      Iterator exts = getExcludedExtensions();
+//      while (exts.hasNext()) {
+//          Object o = exts.next();
+//          if (!(o instanceof String)) {
+//              throw new InitializationException
+//                  ("Extension must be a string: "+o);
+//          }
+//      }
+//  }
+
+//  /**
+//   * Returns the security helper instance.
+//   *
+//   * @return the security helper instance.
+//   *
+//   * @deprecated Moved into {@link Util}
+//   **/
+//  public static SecurityHelper getSecurityHelper() {
+//      return Util.getSecurityHelper();
+//  }
+
+//  private void loadSecurityHelper() {
+//      String name = (String)m_conf.getParameter(SECURITY_HELPER_PARAM);
+//      if (name == null) {
+//          throw new InitializationException
+//              (SECURITY_HELPER_PARAM+" not defined");
+//      }
+//      try {
+//          Class theClass = Class.forName(name);
+//          if (!SecurityHelper.class.isAssignableFrom(theClass)) {
+//              throw new InitializationException
+//                  (SECURITY_HELPER_PARAM+": "+name
+//                   +" does not implement interface "
+//                   +SecurityHelper.class.getName());
+//          }
+//          Util.setSecurityHelper(theClass.newInstance());
+//      } catch (ClassNotFoundException e) {
+//          throw new InitializationException
+//              (SECURITY_HELPER_PARAM+": "+name+" not found: ", e);
+//      } catch (InstantiationException e) {
+//          throw new InitializationException
+//              (SECURITY_HELPER_PARAM+": "+name
+//               +" is not concrete or lacks no-arg constructor: ", e);
+//      } catch (IllegalAccessException e) {
+//          throw new InitializationException
+//              (SECURITY_HELPER_PARAM+": "+name
+//               +" is not public or lacks public constructor: ", e);
+//      }
+//  }
+
+    /** Key for the root page of the site. **/
+    public static String ROOT_PAGE_KEY =
+        "com.arsdigita.page.kernel.root";
+    /** Key for the user edit page. **/
+    public static String EDIT_PAGE_KEY =
+        "com.arsdigita.page.kernel.edit";
+    /** Key for the login page. **/
+    public static String LOGIN_PAGE_KEY =
+        "com.arsdigita.page.kernel.login";
+    /** Key for the new user page. **/
+    public static String NEWUSER_PAGE_KEY =
+        "com.arsdigita.page.kernel.newuser";
+    /** Key for the logout page. **/
+    public static String LOGOUT_PAGE_KEY =
+        "com.arsdigita.page.kernel.logout";
+    /** Key for the explain-cookies page. **/
+    public static String COOKIES_PAGE_KEY =
+        "com.arsdigita.page.kernel.cookies";
+    /** Key for the login-expired page. **/
+    public static String EXPIRED_PAGE_KEY =
+        "com.arsdigita.page.kernel.expired";
+    /** Key for the change-password page. **/
+    public static String CHANGE_PAGE_KEY =
+        "com.arsdigita.page.kernel.change";
+    /** Key for the recover-password page. **/
+    public static String RECOVER_PAGE_KEY =
+        "com.arsdigita.page.kernel.recover";
+    /** Key for the workspace page. **/
+    public static String WORKSPACE_PAGE_KEY =
+        "com.arsdigita.page.kernel.workspace";
+    /** Key for the login redirect url. **/
+    public static String LOGIN_REDIRECT_PAGE_KEY =
+        "com.arsdigita.page.kernel.login.redirect";
+    /** Key for the admin-permission page. **/
+    public static String PERMISSION_PAGE_KEY =
+        "com.arsdigita.page.kernel.permission";
+    /** Key for the single-permission page. **/
+    public static String PERM_SINGLE_PAGE_KEY =
+        "com.arsdigita.page.kernel.perm-single";
+
+    private static List s_defaultPageMap = new ArrayList() {
+            {
+                put(ROOT_PAGE_KEY, "register/");
+                put(EDIT_PAGE_KEY, "register/edit-profile/");
+                put(LOGIN_PAGE_KEY, "register/");
+                put(NEWUSER_PAGE_KEY, "register/new-user/");
+                put(LOGOUT_PAGE_KEY, "register/logout/");
+                put(COOKIES_PAGE_KEY, "register/explain-persistent-cookies/");
+                put(CHANGE_PAGE_KEY, "register/change-password/");
+                put(RECOVER_PAGE_KEY, "register/recover-password/");
+                put(EXPIRED_PAGE_KEY, "register/login-expired/");
+                put(WORKSPACE_PAGE_KEY, "pvt/");
+                put(LOGIN_REDIRECT_PAGE_KEY, "pvt/");
+                put(PERMISSION_PAGE_KEY, "permissions/");
+                put(PERM_SINGLE_PAGE_KEY, "permissions/one/");
+            }
+            private void put(String key, String value) {
+                add(Arrays.asList(new Object[] { key, value }));
+            }
+        };
+
+    private static Map s_pageMap = new HashMap();
+
+
+
+    private void loadPageMap() throws InitializationException {
+        // load default page map
+        loadPageMap(s_defaultPageMap);
+        // load user page map
+        
+        List list = new ArrayList() {
+                {
+                    SecurityConfig conf = Kernel.getSecurityConfig();
+                    put(ROOT_PAGE_KEY, conf.getRootPage());
+                    put(LOGIN_PAGE_KEY, conf.getLoginPage());
+                    put(NEWUSER_PAGE_KEY, conf.getNewUserPage());
+                    put(LOGOUT_PAGE_KEY, conf.getLogoutPage());
+                    put(COOKIES_PAGE_KEY, conf.getCookiesPage());
+                    put(CHANGE_PAGE_KEY, conf.getChangePage());
+                    put(RECOVER_PAGE_KEY, conf.getRecoverPage());
+                    put(EXPIRED_PAGE_KEY, conf.getExpiredPage());
+                    put(WORKSPACE_PAGE_KEY, conf.getWorkspacePage());
+                    put(LOGIN_REDIRECT_PAGE_KEY, conf.getLoginRedirectPage());
+                    put(PERMISSION_PAGE_KEY, conf.getPermissionPage());
+                    put(PERM_SINGLE_PAGE_KEY, conf.getPermSinglePage());
+                }
+                private void put(String key, String value) {
+                    add(Arrays.asList(new Object[] { key, value }));
+                }
+            };
+        if (list != null) {
+            s_log.info("Security Initializer: mapping "
+                       +list.size()+" pages");
+            loadPageMap(list);
+        }
+    }
+
+    private void loadPageMap(List list) {
+        Iterator pairs = list.iterator();
+        while (pairs.hasNext()) {
+            List pair = (List)pairs.next();
+            String key = (String)pair.get(0);
+            String url = (String)pair.get(1);
+            s_pageMap.put(key, url);
+        }
+    }
+
+    /**
+     * Returns the relative URL associated with the given key.  This is the
+     * value of the URL in the page map for the given key.
+     *
+     * @return the relative URL associated with the given key, or null if it
+     * does not exist.
+     *
+     * @deprecated To be replaced by package parameters.
+     *
+     * @see #getFullURL(String, HttpServletRequest)
+     **/
+    public static String getURL(String key) {
+        return (String)s_pageMap.get(key);
+    }
+
+    /**
+     * Returns the absolute URL associated with the given key.  This is the
+     * root URL for the system (the mount point) prepended to the result of
+     * getURL(key).
+     *
+     * @return the absolute URL associated with the given key, or null
+     * if it does not exist.
+     *
+     * @see #getURL(String)
+     **/
+    public static String getFullURL(String key, HttpServletRequest req) {
+        String root = getRootURL(req);
+        String url = getURL(key);
+        
+        if (s_log.isDebugEnabled()) {
+            s_log.debug("Root is " + root + ", url is " + url);
+        }
+
+        if ((root == null) || (key == null)) {
+            return null;
+        }
+        return root + url;
+    }
+
+    private static String getRootURL(HttpServletRequest req) {
+        // XXX this isn't safe since you aren't neccessarily
+        // calling it from the root webapp - so we can't
+        // blindly prepend the context path from the current
+        // request.
+        //return SiteNode.getRootSiteNode().getURL(req);
+        
+        return SiteNode.getRootSiteNode().getURL();
+    }
+
+//  private void loadLoginConfig() throws InitializationException {
+//      javax.security.auth.login.Configuration.setConfiguration
+//          (getLoginConfig());
+//
+//      checkLoginConfig();
+//  }
+//
+//  private javax.security.auth.login.Configuration getLoginConfig()
+//      throws InitializationException {
+//      SecurityConfig conf = Kernel.getSecurityConfig();
+//      List loginConfig = Arrays.asList(conf.getLoginConfig());
+//      return new LoginConfig(loginConfig);
+//  }
+
+//  private void checkLoginConfig() throws InitializationException {
+//      // check the login configurations
+//      String[] contexts = new String[] {
+//          UserContext.REQUEST_LOGIN_CONTEXT,
+//          UserContext.REGISTER_LOGIN_CONTEXT
+//      };
+//      for (int i = 0; i < contexts.length; i++) {
+//          try {
+//              new LoginContext(contexts[i]);
+//          } catch (LoginException e) {
+//              throw new InitializationException
+//                  ("Could not instantiate login context '"
+//                   +contexts[i]+"'.  "
+//                   +"Check that it is defined in your login "
+//                   +"configuration.", e);
+//          }
+//      }
+//  }
+
+    public void shutdown() throws InitializationException {
+        // do nothing
+    }
+}

ccm-core/src/com/arsdigita/kernel/security/LoginConfig.java

@@ -36,10 +36,10 @@ import org.apache.log4j.Logger;
  *
  * @author Sameer Ajmani
  * @since ACS 4.5
+ * @version $Id: LoginConfig.java 287 2005-02-22 00:29:02Z sskracic $
  **/
 public class LoginConfig extends Configuration {
 
-    public static final String versionId = "$Id: LoginConfig.java 287 2005-02-22 00:29:02Z sskracic $ by $Author: sskracic $, $DateTime: 2004/08/16 18:10:38 $";
     /** Maps application names to <code>AppConfigurationEntry[]</code>. **/
     private Map m_appConfigs = new HashMap();
 

ccm-core/src/com/arsdigita/kernel/security/SecurityConfig.java

@@ -24,35 +24,73 @@ import com.arsdigita.runtime.AbstractConfig;
 import com.arsdigita.util.parameter.BooleanParameter;
 import com.arsdigita.util.parameter.IntegerParameter;
 import com.arsdigita.util.parameter.Parameter;
+import com.arsdigita.util.parameter.SpecificClassParameter;
 import com.arsdigita.util.parameter.StringArrayParameter;
 import com.arsdigita.util.parameter.StringParameter;
 
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
 /**
- * SecurityConfig
+ * A record containing server-session scoped security configuration properties.
+ *
+ * Accessors of this class may return null. Developers should take care
+ * to trap null return values in their code.
+ *
  *
  * @author Rafael H. Schloming <rhs@mit.edu>
  * @version $Revision: #8 $ $Date: 2004/08/16 $
  * @version $Id: SecurityConfig.java 1471 2007-03-12 11:27:55Z chrisgilbert23 $
- **/
+ */
 
 public class SecurityConfig extends AbstractConfig {
 
+    private static final Logger s_log = Logger.getLogger(SecurityConfig.class);
+
+    private static SecurityConfig s_config = null;
+
     private static String s_systemAdministratorEmailAddress = null;
 
+    /** The class name of the SecurityHelper implementation. Must implement
+        SecurityHelper interface                                              */
+    private final Parameter m_securityHelperClass  = new SpecificClassParameter
+        ("waf.security_helper_class", Parameter.REQUIRED,
+         com.arsdigita.kernel.security.DefaultSecurityHelper.class,
+         com.arsdigita.kernel.security.SecurityHelper.class);
+    /** This parameter is obsolete.                                           */
+    private final Parameter m_sessionTrackingMethod  = new StringParameter
+        ("waf.session_tracking_method", Parameter.REQUIRED, "cookie");
+    /** List of extensions excluded from authentication cookies.
+     *  Authentication is checked for all requests, but requests with one of
+     *  these extensions will never cause a new cookie to be set.
+     *  Include a leading dot for each extension.                             */
+    private final Parameter m_excludedExtensions  = new StringArrayParameter
+        ("waf.excluded_extensions", Parameter.REQUIRED,
+        new String[] { ".jpg", ".gif", ".png", ".pdf" } );
+    /** Key for the root page of the site.                                    */
     private final Parameter m_rootPage       = new StringParameter
         ("waf.pagemap.root", Parameter.REQUIRED, "register/");
+    /** Key for the login page.                                               */
     private final Parameter m_loginPage      = new StringParameter
         ("waf.pagemap.login", Parameter.REQUIRED, "register/");
+    /** Key for the new user page.                                            */
     private final Parameter m_newUserPage    = new StringParameter
         ("waf.pagemap.newuser", Parameter.REQUIRED, "register/new-user");
+    /** Key for the logout page.                                              */
     private final Parameter m_logoutPage     = new StringParameter
         ("waf.pagemap.logout", Parameter.REQUIRED, "register/logout");
+    /** Key for the explain-cookies page.                                     */
     private final Parameter m_cookiesPage    = new StringParameter
         ("waf.pagemap.cookies", Parameter.REQUIRED, "register/explain-persistent-cookies");
+    /** Key for the change-password page. **/
     private final Parameter m_changePage     = new StringParameter
         ("waf.pagemap.change", Parameter.REQUIRED, "register/change-password");
+    /** Key for the recover-password page. **/
     private final Parameter m_recoverPage    = new StringParameter
         ("waf.pagemap.recover", Parameter.REQUIRED, "register/recover-password");
+    /** Key for the login-expired page.                                       */
     private final Parameter m_expiredPage    = new StringParameter
         ("waf.pagemap.expired", Parameter.REQUIRED, "register/login-expired");
     private final Parameter m_workspacePage  = new StringParameter
@@ -67,6 +105,7 @@ public class SecurityConfig extends AbstractConfig {
         ("waf.pagemap.cookies_duration_minutes", Parameter.OPTIONAL, null);
     private final Parameter m_cookieDomain = new StringParameter
         ("waf.cookie_domain", Parameter.OPTIONAL, null);
+
     private final Parameter m_loginConfig = new StringArrayParameter
         ("waf.login_config", Parameter.REQUIRED, new String[] {
                 "Request:com.arsdigita.kernel.security.AdminLoginModule:sufficient",
@@ -79,6 +118,7 @@ public class SecurityConfig extends AbstractConfig {
                 "RegisterSSO:com.arsdigita.kernel.security.CookieLoginModule:optional"
                 }
         );
+
     private final Parameter m_adminEmail = new StringParameter
         ("waf.admin.contact_email", Parameter.OPTIONAL, null);
     private final Parameter m_autoRegistrationOn = new BooleanParameter
@@ -90,6 +130,10 @@ public class SecurityConfig extends AbstractConfig {
      * Constructs an empty SecurityConfig object
      */
     public SecurityConfig() {
+        register(m_securityHelperClass);
+        register(m_sessionTrackingMethod);
+        register(m_excludedExtensions);
+
         register(m_rootPage);
         register(m_loginPage);
         register(m_newUserPage);
@@ -104,6 +148,7 @@ public class SecurityConfig extends AbstractConfig {
         register(m_permSinglePage);
         register(m_cookieDomain);
         register(m_loginConfig);
+
         register(m_cookieDurationMinutes);
         register(m_adminEmail);
         register(m_autoRegistrationOn);
@@ -112,6 +157,49 @@ public class SecurityConfig extends AbstractConfig {
         loadInfo();
     }
 
+    /**
+     * Returns the singleton configuration record for the runtime
+     * environment.
+     *
+     * @return The <code>RuntimeConfig</code> record; it cannot be null
+     */
+    public static final synchronized SecurityConfig getConfig() {
+        if (s_config == null) {
+            s_config = new SecurityConfig();
+            // deprecated
+            // s_config.require("ccm-core/runtime.properties");
+            // use instead:
+            // read values from the persistent storage
+            s_config.load();
+        }
+
+        return s_config;
+    }
+
+    /**
+     * 
+     * @return
+     */
+    public final Class getSecurityHelperClass() {
+        return (Class) get(m_securityHelperClass);
+    }
+
+    /**
+     * Obsolete!
+     * @return
+     */
+    public final String getSessionTrackingMethod() {
+        return (String) get(m_sessionTrackingMethod);
+    }
+
+    /**
+     * 
+     * @return
+     */
+    public final List getExcludedExtensions() {
+        return Arrays.asList( (String[]) get(m_excludedExtensions));
+    }
+
     String getRootPage() {
         return (String) get(m_rootPage);
     }

ccm-core/src/com/arsdigita/kernel/security/SecurityHelper.java

@@ -25,10 +25,10 @@ import javax.servlet.http.HttpServletRequest;
  * determining security properties for a request.
  *
  * @author Sameer Ajmani
- **/
+ * @version $Id: SecurityHelper.java 287 2005-02-22 00:29:02Z sskracic $
+ */
 public interface SecurityHelper {
 
-    public static final String versionId = "$Id: SecurityHelper.java 287 2005-02-22 00:29:02Z sskracic $ by $Author: sskracic $, $DateTime: 2004/08/16 18:10:38 $";
     /**
      * Determines whether the given request is secure.  Implementation may
      * simply return <code>req.isSecure()</code>, but certain deployments

ccm-core/src/com/arsdigita/kernel/security/SecurityLogger.java

@@ -34,7 +34,6 @@ import org.apache.log4j.Priority;
  **/
 public class SecurityLogger {
 
-    public static final String versionId = "";
     private static final Logger s_log = Logger.getLogger("SECURITY");
 
     private SecurityLogger() {}

ccm-core/src/com/arsdigita/kernel/security/SecurityParameterProvider.java

@@ -31,10 +31,10 @@ import org.apache.log4j.Logger;
  * Determines the URL parameters needed for user tracking.
  *
  * @author Sameer Ajmani
- **/
+ * @version $Id: SecurityParameterProvider.java 287 2005-02-22 00:29:02Z sskracic $
+ */
 public class SecurityParameterProvider implements ParameterProvider {
 
-    public static final String versionId = "$Id: SecurityParameterProvider.java 287 2005-02-22 00:29:02Z sskracic $ by $Author: sskracic $, $DateTime: 2004/08/16 18:10:38 $";
     private static final Logger s_log =
         Logger.getLogger(SecurityParameterProvider.class.getName());
 

ccm-core/src/com/arsdigita/kernel/security/SessionContext.java

@@ -35,11 +35,10 @@ import javax.security.auth.login.LoginException;
  * KernelRequestContext has a getSessionContext method and is "Stable".
  *
  * @author Rob Mayoff
- **/
+ * @version $Id: SessionContext.java 287 2005-02-22 00:29:02Z sskracic $
+ */
 public class SessionContext {
 
-    public static final String versionId = "$Id: SessionContext.java 287 2005-02-22 00:29:02Z sskracic $ by $Author: sskracic $, $DateTime: 2004/08/16 18:10:38 $";
-
     private static final Logger s_log =
         Logger.getLogger(SessionContext.class.getName());
 

ccm-core/src/com/arsdigita/kernel/security/Store.java

@@ -54,7 +54,7 @@ final class Store implements KeyStorage {
     Store() {}
 
     static byte[] newKey() {
-        byte[] key = new byte[Initializer.SECRET_KEY_BYTES];
+        byte[] key = new byte[LegacyInitializer.SECRET_KEY_BYTES];
         new SecureRandom().nextBytes(key);
         return key;
     }
@@ -107,9 +107,9 @@ final class Store implements KeyStorage {
             throw new IllegalStateException
                 ("the store is null");
         }
-        if ( m_secret.length != Initializer.SECRET_KEY_BYTES ) {
+        if ( m_secret.length != LegacyInitializer.SECRET_KEY_BYTES ) {
             throw new IllegalArgumentException
-                ("wrong length. expected=" + Initializer.SECRET_KEY_BYTES +
+                ("wrong length. expected=" + LegacyInitializer.SECRET_KEY_BYTES +
                  ", but got " + m_secret.length);
         }
         return m_secret;

ccm-core/src/com/arsdigita/kernel/security/URLLoginModule.java

@@ -27,10 +27,10 @@ import org.apache.log4j.Logger;
  * Logs in a user if the user has a valid authentication URL parameter.
  *
  * @author Sameer Ajmani
- **/
+ * @version $Id: URLLoginModule.java 287 2005-02-22 00:29:02Z sskracic $
+ */
 public class URLLoginModule extends UserLoginModule {
 
-    public static final String versionId = "$Id: URLLoginModule.java 287 2005-02-22 00:29:02Z sskracic $ by $Author: sskracic $, $DateTime: 2004/08/16 18:10:38 $";
     private static final Logger s_log =
         Logger.getLogger(URLLoginModule.class.getName());
 

ccm-core/src/com/arsdigita/kernel/security/URLManager.java

@@ -34,10 +34,10 @@ import org.apache.log4j.Logger;
  * @see URLLoginModule
  *
  * @author Sameer Ajmani
- **/
+ * @version $Id: URLManager.java 287 2005-02-22 00:29:02Z sskracic $
+ */
 public class URLManager extends CredentialManager {
 
-    public static final String versionId = "$Id: URLManager.java 287 2005-02-22 00:29:02Z sskracic $ by $Author: sskracic $, $DateTime: 2004/08/16 18:10:38 $";
     private static final Logger s_log =
         Logger.getLogger(URLManager.class.getName());
 

ccm-core/src/com/arsdigita/kernel/security/UserContext.java

@@ -61,12 +61,9 @@ import org.apache.log4j.Logger;
  * accessing the user ID.
  *
  * @author Sameer Ajmani
+ * @version $Id: UserContext.java 1498 2007-03-19 16:22:15Z apevec $
  */
 public class UserContext {
-    public static final String versionId =
-        "$Id: UserContext.java 1498 2007-03-19 16:22:15Z apevec $" +
-        "$Author: apevec $" +
-        "$DateTime: 2004/08/16 18:10:38 $";
 
     private static final Logger s_log = Logger.getLogger(UserContext.class);
 
@@ -360,7 +357,8 @@ public class UserContext {
 
             // Check that the user making this request is not banned.  If they
             // are we logout the context and throw an exception.
-            if(Kernel.getSecurityConfig().isUserBanOn() && User.retrieve(m_userID).isBanned()) {
+            if(Kernel.getSecurityConfig().isUserBanOn()
+               && User.retrieve(m_userID).isBanned()) {
                 context.logout();
                 throw new LoginException("This user is banned");
             }
@@ -414,7 +412,8 @@ public class UserContext {
                     return;
                 }
                 String encoded = auth.substring(6).trim(); // remove "Basic "
-                byte[] decoded = new Base64().decode(encoded.getBytes(Crypto.CHARACTER_ENCODING));
+                byte[] decoded = new Base64().decode(
+                                 encoded.getBytes(Crypto.CHARACTER_ENCODING));
                 String userpass = new String(decoded, Crypto.CHARACTER_ENCODING);
                 int colon = userpass.indexOf(':');
                 if (colon < 0) {
@@ -541,7 +540,8 @@ public class UserContext {
             // We now check if the user is banned and, if so, we don't allow
             // the user to login.
             if(Kernel.getSecurityConfig().isUserBanOn() 
-               && UserAuthentication.retrieveForLoginName(username).getUser().isBanned()) {
+               && UserAuthentication.retrieveForLoginName(username).getUser()
+                                                                   .isBanned()) {
                 throw new LoginException("This user is currently banned");
             }
 

ccm-core/src/com/arsdigita/kernel/security/UserIDLoginModule.java

@@ -32,10 +32,10 @@ import org.apache.log4j.Logger;
  * <code>com.arsdigita.kernel.UserAuthentication</code>.
  *
  * @author Sameer Ajmani
- **/
+ * @version $Id: UserIDLoginModule.java 287 2005-02-22 00:29:02Z sskracic $
+ */
 public class UserIDLoginModule extends MappingLoginModule {
 
-    public static final String versionId = "$Id: UserIDLoginModule.java 287 2005-02-22 00:29:02Z sskracic $ by $Author: sskracic $, $DateTime: 2004/08/16 18:10:38 $";
     private static final Logger s_log =
         Logger.getLogger(UserIDLoginModule.class.getName());
 

ccm-core/src/com/arsdigita/kernel/security/UserLoginModule.java

@@ -31,10 +31,10 @@ import com.arsdigita.kernel.Kernel;
  * current HTTP request.
  *
  * @author Sameer Ajmani
- **/
+ * @version $Id: UserLoginModule.java 1477 2007-03-14 10:27:16Z chrisgilbert23 $
+ */
 public abstract class UserLoginModule extends CredentialLoginModule {
 
-    public static final String versionId = "$Id: UserLoginModule.java 1477 2007-03-14 10:27:16Z chrisgilbert23 $ by $Author: chrisgilbert23 $, $DateTime: 2004/08/16 18:10:38 $";
     private static final Logger s_log =
         Logger.getLogger(UserLoginModule.class.getName());
 

ccm-core/src/com/arsdigita/kernel/security/Util.java

@@ -20,6 +20,8 @@ package com.arsdigita.kernel.security;
 
 import com.arsdigita.util.Classes;
 import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -29,12 +31,18 @@ import javax.servlet.http.HttpServletRequest;
 /**
  * Utility package of static security methods
  *
- * @author Christian
+ * @author Christian Brechbühler
- *            Brechbühler
  */
 public class Util {
+
+    private static SecurityConfig s_conf = SecurityConfig.getConfig();
+
     private static SecurityHelper s_helper = null;
 
+    /** list of excluded extensions */
+    private static List s_exclExts = null;
+    // private static List s_exclExts = s_conf.getExcludedExtensions();
+
     /** This class needs not to be instantiated. */
     private Util() {}
 
@@ -79,4 +87,26 @@ public class Util {
             throw new KernelLoginException("Error getting HTTP request", e);
         }
     }
+
+
+    /**
+     * Returns an iterator over the list of excluded extensions.
+     *
+     * @return an iterator over the list of excluded extensions.
+     */
+    // TODO: Currently method is used by CredentialLoginModule only. If no other
+    // class will use it, it is trivial and should directly be moved over there.
+    public static Iterator getExcludedExtensions() {
+        
+        // Alternativly we may introduce a setExkludedExtensions method as with
+        // setSecurityHelper and avoid a reference to config object here at all.
+        // Nevertheless, we shoul use it consistantly!
+        if (s_exclExts == null) {
+            s_exclExts = s_conf.getExcludedExtensions();
+            // return java.util.Collections.EMPTY_LIST.iterator();
+        } 
+        return s_exclExts.iterator();
+        
+    }
+
 }

ccm-core/src/com/arsdigita/populate/PopulateUsers.java.nolongerInUse

@@ -27,6 +27,18 @@ import com.arsdigita.persistence.Session;
 import com.arsdigita.persistence.SessionManager;
 import com.arsdigita.persistence.TransactionContext;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/Utilities.java.nolongerInUse

@@ -29,6 +29,18 @@ import com.arsdigita.kernel.UserCollection;
 import com.arsdigita.util.Assert;
 import com.arsdigita.util.ResourceManager;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/apps.nolongerInUse/AbstractPopulateApp.java.nolongerInUse

@@ -25,6 +25,18 @@ import com.arsdigita.portal.apportlet.AppPortlet;
 import com.arsdigita.web.Application;
 import com.arsdigita.web.ApplicationType;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/apps.nolongerInUse/Initializer.java.nolongerInUse

@@ -27,6 +27,19 @@ import com.arsdigita.initializer.InitializationException;
 import com.arsdigita.kernel.BaseInitializer;
 import com.arsdigita.util.Assert;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// Class is commented out in enterprise.ini for several years.
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/apps.nolongerInUse/PopulateApp.java.nolongerInUse

@@ -22,6 +22,18 @@ import com.arsdigita.portal.apportlet.AppPortlet;
 import com.arsdigita.web.Application;
 import com.arsdigita.web.ApplicationType;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/apps.nolongerInUse/PopulateAppPair.java.nolongerInUse

@@ -22,6 +22,18 @@ import java.util.List;
 
 import com.arsdigita.util.Assert;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/apps.nolongerInUse/PopulateAppPairCollection.java.nolongerInUse

@@ -20,6 +20,18 @@ package com.arsdigita.populate.apps;
 
 import java.util.ArrayList;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/apps.nolongerInUse/PopulateApps.java.nolongerInUse

@@ -30,6 +30,18 @@ import com.arsdigita.populate.Utilities;
 import com.arsdigita.portal.Portal;
 import com.arsdigita.web.Application;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/portlets.nolongerInUse/AbstractPopulatePortlet.java.nolongerInUse

@@ -28,6 +28,17 @@ import com.arsdigita.portal.Portal;
 import com.arsdigita.portal.Portlet;
 import com.arsdigita.portal.PortletType;
 
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/portlets.nolongerInUse/PopulatePortlet.java.nolongerInUse

@@ -22,6 +22,18 @@ import com.arsdigita.portal.Portal;
 import com.arsdigita.portal.Portlet;
 import com.arsdigita.portal.PortletType;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/portlets.nolongerInUse/PopulatePortletCollection.java.nolongerInUse

@@ -20,6 +20,18 @@ package com.arsdigita.populate.portlets;
 
 import java.util.ArrayList;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/populate/portlets.nolongerInUse/PopulatePortlets.java.nolongerInUse

@@ -26,6 +26,18 @@ import org.apache.log4j.Logger;
 import com.arsdigita.portal.Portal;
 import com.arsdigita.portal.Portlet;
 
+
+// ///////////////////////////////////////////////////////////////////////////
+//
+// NOT USED anywhere in the source tree.
+// No documentation available.
+// Retained temporarily until refactoring of test cases is completed.
+//
+// (pboy 2011.01.30)
+//
+// ///////////////////////////////////////////////////////////////////////////
+
+
 /**
  * @author bche
  */

ccm-core/src/com/arsdigita/ui/UserBanner.java

@@ -23,7 +23,7 @@ import com.arsdigita.bebop.SimpleComponent;
 import com.arsdigita.kernel.Kernel;
 import com.arsdigita.kernel.Party;
 import com.arsdigita.kernel.User;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.web.URL;
 import com.arsdigita.xml.Element;
 import com.arsdigita.ui.util.GlobalizationUtil;
@@ -103,25 +103,25 @@ public class UserBanner extends SimpleComponent {
         content.addAttribute(
             "workspaceURL",
             URL.there(state.getRequest(),
-                      Initializer.getFullURL(Initializer.WORKSPACE_PAGE_KEY,
+                      LegacyInitializer.getFullURL(LegacyInitializer.WORKSPACE_PAGE_KEY,
                                              state.getRequest())).toString());
 
         content.addAttribute(
             "loginURL",
             URL.there(state.getRequest(),
-                      Initializer.getFullURL(Initializer.LOGIN_PAGE_KEY,
+                      LegacyInitializer.getFullURL(LegacyInitializer.LOGIN_PAGE_KEY,
                                              state.getRequest())).toString());
 
         content.addAttribute(
             "loginExcursionURL",
             URL.excursion(state.getRequest(),
-                      Initializer.getFullURL(Initializer.LOGIN_PAGE_KEY,
+                      LegacyInitializer.getFullURL(LegacyInitializer.LOGIN_PAGE_KEY,
                                              state.getRequest())).toString());
 
         content.addAttribute(
             "logoutURL",
             URL.there(state.getRequest(),
-                      Initializer.getFullURL(Initializer.LOGOUT_PAGE_KEY,
+                      LegacyInitializer.getFullURL(LegacyInitializer.LOGOUT_PAGE_KEY,
                                              state.getRequest())).toString());
 
     }

ccm-core/src/com/arsdigita/ui/admin/SubsiteDispatcher.java

@@ -32,7 +32,7 @@ import com.arsdigita.kernel.Kernel;
 import com.arsdigita.kernel.permissions.PermissionDescriptor;
 import com.arsdigita.kernel.permissions.PermissionService;
 import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.Util;
 import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -70,6 +70,7 @@ class SubsiteDispatcher extends BebopMapDispatcher {
      * that the user requesting the page is logged in and authorized
      * as a system-wide administrator.
      */
+    @Override
     public void dispatch(HttpServletRequest req,
                          HttpServletResponse resp,
                          RequestContext ctx)
@@ -88,7 +89,7 @@ class SubsiteDispatcher extends BebopMapDispatcher {
         if (party == null) {
             // The user is not logged in; redirect to the login page.
 
-            final String path = Initializer.getSecurityHelper().getLoginURL
+            final String path = Util.getSecurityHelper().getLoginURL
                 (req);
 
             final ParameterMap params = new ParameterMap();

ccm-core/src/com/arsdigita/ui/admin/UserBrowsePane.java

@@ -59,7 +59,7 @@ import com.arsdigita.kernel.Group;
 import com.arsdigita.kernel.GroupCollection;
 import com.arsdigita.kernel.User;
 import com.arsdigita.kernel.UserAuthentication;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.kernel.security.UserContext;
 import com.arsdigita.persistence.DataQuery;
 import com.arsdigita.persistence.PersistenceException;
@@ -285,8 +285,8 @@ class UserBrowsePane extends SegmentedPanel
                     }
 
                     // Redirect to workspace URL
-                    final String path = Initializer.getFullURL
+                    final String path = LegacyInitializer.getFullURL
-                        (Initializer.LOGIN_REDIRECT_PAGE_KEY, state.getRequest());
+                        (LegacyInitializer.LOGIN_REDIRECT_PAGE_KEY, state.getRequest());
 
                     final URL url = URL.there(state.getRequest(), path);
 

ccm-core/src/com/arsdigita/ui/login/ChangePasswordForm.java

@@ -45,7 +45,7 @@ import com.arsdigita.web.ReturnSignal;
 import com.arsdigita.kernel.Kernel;
 import com.arsdigita.kernel.User;
 import com.arsdigita.kernel.UserAuthentication;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.kernel.security.RecoveryLoginModule;
 import com.arsdigita.mail.Mail;
 import com.arsdigita.util.UncheckedWrapperException;
@@ -297,8 +297,8 @@ public class ChangePasswordForm extends Form
 
         final HttpServletRequest req = state.getRequest();
 
-        final String path = Initializer.getFullURL
+        final String path = LegacyInitializer.getFullURL
-            (Initializer.WORKSPACE_PAGE_KEY, req);
+            (LegacyInitializer.WORKSPACE_PAGE_KEY, req);
 
         final URL fallback = URL.there(req, path);
 

ccm-core/src/com/arsdigita/ui/login/DynamicLink.java

@@ -22,7 +22,7 @@ import com.arsdigita.bebop.Label;
 import com.arsdigita.bebop.Link;
 import com.arsdigita.bebop.event.PrintEvent;
 import com.arsdigita.bebop.event.PrintListener;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 
 /**
  * Package-private class that generates the URL for a link dynamically from
@@ -43,7 +43,7 @@ class DynamicLink extends Link {
                   public void prepare(PrintEvent e) {
                       Link link = (Link) e.getTarget();
 
-                      String url = Initializer.getFullURL
+                      String url = LegacyInitializer.getFullURL
                           (targetKey, e.getPageState().getRequest());
 
                       link.setTarget(url);

ccm-core/src/com/arsdigita/ui/login/LoginHelper.java

@@ -21,6 +21,7 @@ package com.arsdigita.ui.login;
 import com.arsdigita.bebop.PageState;
 import com.arsdigita.dispatcher.DispatcherHelper;
 import com.arsdigita.globalization.GlobalizedMessage;
+import com.arsdigita.kernel.SiteNode;
 import com.arsdigita.web.ReturnSignal;
 import java.io.IOException;
 import org.apache.log4j.Logger;
@@ -32,12 +33,9 @@ import javax.servlet.http.HttpServletResponse;
  * Provides helper functions for the login UI.
  *
  * @author Sameer Ajmani
- **/
+ * @version $Id: LoginHelper.java 287 2005-02-22 00:29:02Z sskracic $
+ */
 public class LoginHelper {
-    public static final String versionId =
-        "$Id: LoginHelper.java 287 2005-02-22 00:29:02Z sskracic $" +
-        "$Author: sskracic $" +
-        "$DateTime: 2004/08/16 18:10:38 $";
 
     private static final Logger s_log = Logger.getLogger(LoginHelper.class);
 
@@ -141,4 +139,54 @@ public class LoginHelper {
                         +"response already committed");
         }
     }
+
+//  /**
+//   * Returns the relative URL associated with the given key.  This is the
+//   * value of the URL in the page map for the given key.
+//   *
+//   * @return the relative URL associated with the given key, or null if it
+//   * does not exist.
+//   *
+//   * @deprecated To be replaced by package parameters.
+//   *
+//   * @see #getFullURL(String, HttpServletRequest)
+//    **/
+//  public static String getURL(String key) {
+//      return (String)s_pageMap.get(key);
+//  }
+
+    /**
+     * Returns the absolute URL associated with the given key.  This is the
+     * root URL for the system (the mount point) prepended to the result of
+     * getURL(key).
+     *
+     * @return the absolute URL associated with the given key, or null
+     * if it does not exist.
+     *
+     * @see #getURL(String)
+     **/
+    public static String getFullURL(String key, HttpServletRequest req) {
+        String root = getRootURL(req);
+        String url = com.arsdigita.kernel.security.LegacyInitializer.getURL(key);
+
+        if (s_log.isDebugEnabled()) {
+            s_log.debug("Root is " + root + ", url is " + url);
+        }
+
+        if ((root == null) || (key == null)) {
+            return null;
+        }
+        return root + url;
+    }
+
+    private static String getRootURL(HttpServletRequest req) {
+        // XXX this isn't safe since you aren't neccessarily
+        // calling it from the root webapp - so we can't
+        // blindly prepend the context path from the current
+        // request.
+        //return SiteNode.getRootSiteNode().getURL(req);
+
+        return SiteNode.getRootSiteNode().getURL();
+    }
+
 }

ccm-core/src/com/arsdigita/ui/login/RecoverPasswordPanel.java

@@ -46,7 +46,7 @@ import com.arsdigita.domain.DataObjectNotFoundException;
 import com.arsdigita.kernel.User;
 import com.arsdigita.kernel.UserAuthentication;
 import com.arsdigita.kernel.security.CredentialEncodingException;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.kernel.security.RecoveryLoginModule;
 import com.arsdigita.web.ParameterMap;
 import com.arsdigita.web.URL;
@@ -351,8 +351,8 @@ public class RecoverPasswordPanel extends SimpleContainer
             
             url = com.arsdigita.web.URL.dynamicHostThere
                 (req, 
-                 Initializer.getFullURL
+                 LegacyInitializer.getFullURL
-                 (Initializer.CHANGE_PAGE_KEY, req),
+                 (LegacyInitializer.CHANGE_PAGE_KEY, req),
                  map);
         } catch (CredentialEncodingException e) {
             throw new UncheckedWrapperException

ccm-core/src/com/arsdigita/ui/login/SubsiteDispatcher.java

@@ -33,7 +33,7 @@ import com.arsdigita.dispatcher.DispatcherConfig;
 import com.arsdigita.dispatcher.DispatcherHelper;
 import com.arsdigita.dispatcher.RequestContext;
 import com.arsdigita.kernel.Kernel;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.web.URL;
 import com.arsdigita.web.ParameterMap;
 import com.arsdigita.web.ReturnSignal;
@@ -89,40 +89,40 @@ public class SubsiteDispatcher extends BebopMapDispatcher {
         //Map map = new HashMap();
     	Map map = new SubsiteDispatcherMap();
         // special-case the empty URL
-        String redirect = Initializer.getURL(Initializer.ROOT_PAGE_KEY);
+        String redirect = LegacyInitializer.getURL(LegacyInitializer.ROOT_PAGE_KEY);
         Dispatcher root = new RedirectDispatcher(redirect);
         map.put("", root);
         map.put("index", root);
 
-        put(map, Initializer.EDIT_PAGE_KEY, buildSimplePage
+        put(map, LegacyInitializer.EDIT_PAGE_KEY, buildSimplePage
             ("login.userEditPage.title", new UserEditForm(), "edit"));
-        put(map, Initializer.LOGIN_PAGE_KEY, buildSimplePage
+        put(map, LegacyInitializer.LOGIN_PAGE_KEY, buildSimplePage
             ("login.userRegistrationForm.title",
              new UserRegistrationForm(Kernel.getSecurityConfig().isAutoRegistrationOn()),
              "login"));
         if (Kernel.getSecurityConfig().isAutoRegistrationOn()) {
-            put(map, Initializer.NEWUSER_PAGE_KEY, buildSimplePage
+            put(map, LegacyInitializer.NEWUSER_PAGE_KEY, buildSimplePage
                 ("login.userNewForm.title", new UserNewForm(),"register"));
         }
-        put(map, Initializer.LOGOUT_PAGE_KEY, buildLogOutPage());
+        put(map, LegacyInitializer.LOGOUT_PAGE_KEY, buildLogOutPage());
-        put(map, Initializer.COOKIES_PAGE_KEY, buildSimplePage
+        put(map, LegacyInitializer.COOKIES_PAGE_KEY, buildSimplePage
             ("login.explainCookiesPage.title", new ElementComponent
              ("subsite:explainPersistentCookies", SUBSITE_NS_URI), "cookies"));
-        put(map, Initializer.CHANGE_PAGE_KEY, buildSimplePage
+        put(map, LegacyInitializer.CHANGE_PAGE_KEY, buildSimplePage
             ("login.changePasswordPage.title", new ChangePasswordForm(),
              "changepassword"));
-        put(map, Initializer.RECOVER_PAGE_KEY, buildSimplePage
+        put(map, LegacyInitializer.RECOVER_PAGE_KEY, buildSimplePage
             ("login.recoverPasswordPage.title", new RecoverPasswordPanel(),
              "recoverpassword"));
 
         Page workspace = checkForPageSubClass();
         if (workspace == null) workspace = buildSimplePage
             ("login.workspacePage.title", new UserInfo(), "workspace");
-        put(map, Initializer.WORKSPACE_PAGE_KEY, workspace);
+        put(map, LegacyInitializer.WORKSPACE_PAGE_KEY, workspace);
-        put(map, Initializer.EXPIRED_PAGE_KEY, buildExpiredPage());
+        put(map, LegacyInitializer.EXPIRED_PAGE_KEY, buildExpiredPage());
 
         // special case to handle pvt/home
-        String url = Initializer.getURL(Initializer.WORKSPACE_PAGE_KEY);
+        String url = LegacyInitializer.getURL(LegacyInitializer.WORKSPACE_PAGE_KEY);
         if (url.equals("pvt/")) {
             map.put("pvt/home", workspace);
         }
@@ -139,9 +139,9 @@ public class SubsiteDispatcher extends BebopMapDispatcher {
         // /register/login-expired, /register/recover-password
         // NB, although you'd think /register is cachable, it
         // stores a timestamp in the login form :(
-        if (url.equals(Initializer.getURL(Initializer.COOKIES_PAGE_KEY)) ||
+        if (url.equals(LegacyInitializer.getURL(LegacyInitializer.COOKIES_PAGE_KEY)) ||
-            url.equals(Initializer.getURL(Initializer.EXPIRED_PAGE_KEY)) ||
+            url.equals(LegacyInitializer.getURL(LegacyInitializer.EXPIRED_PAGE_KEY)) ||
-            url.equals(Initializer.getURL(Initializer.RECOVER_PAGE_KEY))) {
+            url.equals(LegacyInitializer.getURL(LegacyInitializer.RECOVER_PAGE_KEY))) {
             DispatcherHelper.cacheForWorld(resp);
         } else {
             DispatcherHelper.cacheDisable(resp);
@@ -155,7 +155,7 @@ public class SubsiteDispatcher extends BebopMapDispatcher {
      * redirected to URL.
      **/
     private void put(Map map, String key, Page page) {
-        String url = Initializer.getURL(key);
+        String url = LegacyInitializer.getURL(key);
         map.put(url, page);
         if (url.endsWith("/")) {
             map.put(url+"index", page);
@@ -205,7 +205,7 @@ public class SubsiteDispatcher extends BebopMapDispatcher {
                  add(new Label(LoginHelper.getMessage
                                ("login.loginExpiredPage.before")));
                  add(new DynamicLink("login.loginExpiredPage.link",
-                                     Initializer.LOGIN_PAGE_KEY));
+                                     LegacyInitializer.LOGIN_PAGE_KEY));
                  add(new Label(LoginHelper.getMessage
                                ("login.loginExpiredPage.after")));
                  add(new ElementComponent("subsite:explainLoginExpired",
@@ -227,8 +227,8 @@ public class SubsiteDispatcher extends BebopMapDispatcher {
 
                     final HttpServletRequest req = state.getRequest();
 
-                    final String path = Initializer.getFullURL
+                    final String path = LegacyInitializer.getFullURL
-                        (Initializer.ROOT_PAGE_KEY, req);
+                        (LegacyInitializer.ROOT_PAGE_KEY, req);
 
                     throw new ReturnSignal(req, URL.there(req, path));
                 }

ccm-core/src/com/arsdigita/ui/login/UserEditForm.java

@@ -22,7 +22,7 @@ import com.arsdigita.domain.DataObjectNotFoundException;
 import com.arsdigita.kernel.EmailAddress;
 import com.arsdigita.kernel.PersonName;
 import com.arsdigita.kernel.User;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.web.URL;
 import com.arsdigita.web.ReturnSignal;
 import com.arsdigita.bebop.ColumnPanel;
@@ -144,8 +144,8 @@ public class UserEditForm extends UserForm
 
         final HttpServletRequest req = state.getRequest();
 
-        final String path = Initializer.getFullURL
+        final String path = LegacyInitializer.getFullURL
-            (Initializer.WORKSPACE_PAGE_KEY, req);
+            (LegacyInitializer.WORKSPACE_PAGE_KEY, req);
 
         final URL fallback = com.arsdigita.web.URL.there(req, path);
 

ccm-core/src/com/arsdigita/ui/login/UserInfo.java

@@ -29,7 +29,7 @@ import com.arsdigita.kernel.PackageInstance;
 import com.arsdigita.kernel.SiteNode;
 import com.arsdigita.kernel.SiteNodeCollection;
 import com.arsdigita.kernel.PackageType;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.persistence.DataCollection;
 import com.arsdigita.persistence.SessionManager;
 import com.arsdigita.xml.Element;
@@ -78,11 +78,11 @@ public class UserInfo extends SimpleContainer {
         // add list of links
         ListPanel list = new ListPanel(false);
         list.add(new DynamicLink("login.userInfo.logoutLink",
-                                 Initializer.LOGOUT_PAGE_KEY));
+                                 LegacyInitializer.LOGOUT_PAGE_KEY));
         list.add(new DynamicLink("login.userInfo.editProfileLink",
-                                 Initializer.EDIT_PAGE_KEY));
+                                 LegacyInitializer.EDIT_PAGE_KEY));
         list.add(new DynamicLink("login.userInfo.changePasswordLink",
-                                 Initializer.CHANGE_PAGE_KEY));
+                                 LegacyInitializer.CHANGE_PAGE_KEY));
         add(list);
         // add user info text
         add(new SimpleComponent() {

ccm-core/src/com/arsdigita/ui/login/UserNewForm.java

@@ -43,7 +43,7 @@ import com.arsdigita.kernel.UserAuthentication;
 import com.arsdigita.kernel.permissions.PermissionDescriptor;
 import com.arsdigita.kernel.permissions.PermissionService;
 import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.persistence.PersistenceException;
 
 import javax.mail.internet.InternetAddress;
@@ -219,8 +219,8 @@ public class UserNewForm extends UserForm
         // redirect to workspace or return URL, if specified
         final HttpServletRequest req = state.getRequest();
 
-        url = Initializer.getFullURL
+        url = LegacyInitializer.getFullURL
-                (Initializer.WORKSPACE_PAGE_KEY, req);
+                (LegacyInitializer.WORKSPACE_PAGE_KEY, req);
 
         final URL fallback = com.arsdigita.web.URL.there(req, url);
 

ccm-core/src/com/arsdigita/ui/login/UserRegistrationForm.java

@@ -47,7 +47,7 @@ import com.arsdigita.kernel.KernelHelper;
 import com.arsdigita.kernel.security.AccountNotFoundException;
 import com.arsdigita.kernel.security.Credential;
 import com.arsdigita.kernel.security.CredentialException;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.kernel.security.UserContext;
 import com.arsdigita.web.ParameterMap;
 import com.arsdigita.web.RedirectSignal;
@@ -146,17 +146,17 @@ public class UserRegistrationForm extends Form
         cookiePanel.add(m_isPersistent);
         cookiePanel.add(new DynamicLink
                 ("login.userRegistrationForm.explainCookieLink",
-                        Initializer.COOKIES_PAGE_KEY));
+                        LegacyInitializer.COOKIES_PAGE_KEY));
         add(cookiePanel);
 
         add(new Submit(SUBMIT), ColumnPanel.CENTER | ColumnPanel.FULL_WIDTH);
 
         add(new DynamicLink("login.userRegistrationForm.forgotPasswordLink",
-                Initializer.RECOVER_PAGE_KEY));
+                LegacyInitializer.RECOVER_PAGE_KEY));
 
         if (m_autoRegistrationOn) {
             add(new DynamicLink("login.userRegistrationForm.newUserRegister",
-                                Initializer.NEWUSER_PAGE_KEY));
+                                LegacyInitializer.NEWUSER_PAGE_KEY));
         }
 
         add(new ElementComponent("subsite:promptToEnableCookiesMsg",
@@ -241,8 +241,8 @@ public class UserRegistrationForm extends Form
             } catch (CredentialException e) {
                 s_log.info( "Invalid credential" );
 
-                final String path = Initializer.getFullURL
+                final String path = LegacyInitializer.getFullURL
-                        (Initializer.EXPIRED_PAGE_KEY, state.getRequest());
+                        (LegacyInitializer.EXPIRED_PAGE_KEY, state.getRequest());
 
                 final URL url = com.arsdigita.web.URL.there
                         (state.getRequest(), path);
@@ -268,8 +268,8 @@ public class UserRegistrationForm extends Form
         final HttpServletRequest req = state.getRequest();
         
 	// Redirect to workspace or return URL, if specified.
-        final String path = Initializer.getFullURL
+        final String path = LegacyInitializer.getFullURL
-                (Initializer.LOGIN_REDIRECT_PAGE_KEY, req);
+                (LegacyInitializer.LOGIN_REDIRECT_PAGE_KEY, req);
 
         final URL url = com.arsdigita.web.URL.there(req, path);
 
@@ -404,8 +404,8 @@ public class UserRegistrationForm extends Form
     }
 
     protected void redirectToNewUserPage(PageState state) {
-        String url = Initializer.getFullURL
+        String url = LegacyInitializer.getFullURL
-            (Initializer.NEWUSER_PAGE_KEY, state.getRequest());
+            (LegacyInitializer.NEWUSER_PAGE_KEY, state.getRequest());
         
         ParameterMap map = new ParameterMap();
         map.setParameter(LoginHelper.RETURN_URL_PARAM_NAME,

ccm-core/src/com/arsdigita/ui/login/package.html

@@ -3,7 +3,7 @@
 <head> 
 <title>Package com.arsdigita.ui.login</title>
 </head>
-<body bgcolor="white">
+<body>
     
 <p>
       

ccm-core/src/com/arsdigita/ui/permissions/IndexPanel.java

@@ -37,7 +37,7 @@ import com.arsdigita.kernel.permissions.PermissionService;
 import com.arsdigita.kernel.permissions.PermissionService;
 import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
 import com.arsdigita.kernel.permissions.PrivilegeDescriptor;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 import com.arsdigita.persistence.DataQuery;
 import com.arsdigita.persistence.SessionManager;
 import com.arsdigita.util.LockableImpl;
@@ -69,8 +69,8 @@ class IndexPanel extends SimpleContainer implements PermissionsConstants  {
         setClassAttr("PERMISSIONS");
         m_navbar = new DimensionalNavbar();
         m_navbar.add(new Link(PERSONAL_SITE.localize()+"", 
-                              "/" + Initializer.getURL(
+                              "/" + LegacyInitializer.getURL(
-                                  Initializer.WORKSPACE_PAGE_KEY)));
+                                  LegacyInitializer.WORKSPACE_PAGE_KEY)));
         m_navbar.add(new Link(MAIN_SITE.localize()+"", "/"));
         m_navbar.add(new Label(PERMISSIONS_INDEX_NAVBAR.localize()+""));
         m_navbar.setClassAttr("permNavBar");

ccm-core/src/com/arsdigita/ui/permissions/PermissionsHeader.java

@@ -27,7 +27,7 @@ import com.arsdigita.bebop.PageState;
 import com.arsdigita.bebop.event.PrintEvent;
 import com.arsdigita.bebop.event.PrintListener;
 import com.arsdigita.kernel.ACSObject;
-import com.arsdigita.kernel.security.Initializer;
+import com.arsdigita.kernel.security.LegacyInitializer;
 
 /**
  *
@@ -68,8 +68,8 @@ class PermissionsHeader extends BoxPanel implements PermissionsConstants {
 
         DimensionalNavbar navbar = new DimensionalNavbar();
         navbar.add(new Link(PERSONAL_SITE.localize()+"", 
-                            "/" + Initializer.getURL(
+                            "/" + LegacyInitializer.getURL(
-                                Initializer.WORKSPACE_PAGE_KEY)));
+                                LegacyInitializer.WORKSPACE_PAGE_KEY)));
         navbar.add(new Link(MAIN_SITE.localize()+"", "/"));
         navbar.add(new Link(PERMISSIONS_INDEX.localize()+"", "/permissions/"));
         navbar.add(objectName);

ccm-core/src/com/arsdigita/util/URLRewriter.java

@@ -39,12 +39,10 @@ import org.apache.log4j.Logger;
  */
 public class URLRewriter {
 
-    private static final Logger s_log =
+    /** Creates a s_logging category with name = to the full name of class  */
-        Logger.getLogger(URLRewriter.class);
+    private static final Logger s_log = Logger.getLogger(URLRewriter.class);
 
-    /**
+    /** The parameter providers for the system. Client classes are registered here. */
-     * The parameter providers for the system.
-     **/
     private static LinkedList s_providers = new LinkedList();
 
     /**

ccm-core/src/com/arsdigita/web/URL.java

@@ -888,6 +888,7 @@ public class URL {
      *
      * @return a <code>String</code> URL
      */
+    @Override
     public final String toString() {
         if (m_params == null) {
             return m_url.substring(m_serverPortEnd);
@@ -924,14 +925,17 @@ public class URL {
 
     private static class EmptyParameterMap extends InternalRequestLocal {
 
+        @Override
         protected final Object initialValue() {
             return new ParameterMap();
         }
 
+        @Override
         protected final void prepareValue(final HttpServletRequest sreq) {
             ((ParameterMap) get()).runListeners(sreq);
         }
 
+        @Override
         protected final void clearValue() {
             ((ParameterMap) get()).clear();
         }

ccm-core/web/index.jsp

@@ -1,12 +1,12 @@
 <jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="1.2">
 
-  <jsp:directive.page import="com.arsdigita.kernel.security.Initializer"/>
+  <jsp:directive.page import="com.arsdigita.kernel.security.LegacyInitializer"/>
   <jsp:directive.page import="com.arsdigita.web.URL"/>
   <jsp:directive.page import="com.arsdigita.web.RedirectSignal"/>
   <jsp:directive.page extends="com.arsdigita.web.BaseJSP"/>
 
   <jsp:scriptlet>
     throw new RedirectSignal(URL.there(request, 
-        Initializer.getFullURL(Initializer.LOGIN_REDIRECT_PAGE_KEY, request)), false);
+        LegacyInitializer.getFullURL(LegacyInitializer.LOGIN_REDIRECT_PAGE_KEY, request)), false);
   </jsp:scriptlet>
 </jsp:root>