Index: build.xml
===================================================================
RCS file: /cvs/appfuse/build.xml,v
retrieving revision 1.98
diff -u -r1.98 build.xml
--- build.xml	19 Aug 2005 10:58:40 -0000	1.98
+++ build.xml	28 Aug 2005 21:32:50 -0000
@@ -324,8 +324,6 @@
                 servletspec="2.3" sessiontimeout="10"
                 destdir="${webapp.target}/WEB-INF" distributable="false"
                 displayname="${ant.project.name}">
-                <configParam name="httpPort" value="${http.port}"/>
-                <configParam name="httpsPort" value="${https.port}"/>
                 <configParam name="daoType" value="${dao.type}"/>
             </deploymentdescriptor>
             <jsptaglib validateXML="true"
Index: properties.xml
===================================================================
RCS file: /cvs/appfuse/properties.xml,v
retrieving revision 1.34
diff -u -r1.34 properties.xml
--- properties.xml	10 Aug 2005 15:21:42 -0000	1.34
+++ properties.xml	28 Aug 2005 21:33:24 -0000
@@ -10,20 +10,13 @@
     <property file="build.properties"/>
     
     <!-- Application options that will likely vary between applications -->
-    <property name="form.auth.action" value="j_security_check"/>
-    <property name="encrypt.password" value="true"/>
-    <property name="encrypt.algorithm" value="SHA"/>
-    <property name="secure.login" value="false"/> <!-- SSL for login -->
-    <property name="secure.application" value="false"/> <!-- SSL for all -->
-    <property name="rememberMe.enabled" value="true"/>
     <property name="http.port" value="8080"/>
-    <property name="https.port" value="8443"/>
     <property name="dao.type" value="hibernate"/>
     <property name="jsp.2" value="false"/>
     
     <!-- Properties for running unit tests with tomcat -->
     <property name="tomcat.server" value="localhost"/>
-    <property name="tomcat.manager.url" value="http://${tomcat.server}:8080/manager"/>
+    <property name="tomcat.manager.url" value="http://${tomcat.server}:${http.port}/manager"/>
     <property name="tomcat.username" value="admin"/>
     <property name="tomcat.password" value="admin"/>
 
Index: extras/ibatis/src/dao/org/appfuse/dao/ibatis/UserDAOiBatis.java
===================================================================
RCS file: /cvs/appfuse/extras/ibatis/src/dao/org/appfuse/dao/ibatis/UserDAOiBatis.java,v
retrieving revision 1.6
diff -u -r1.6 UserDAOiBatis.java
--- extras/ibatis/src/dao/org/appfuse/dao/ibatis/UserDAOiBatis.java	6 Oct 2004 08:09:14 -0000	1.6
+++ extras/ibatis/src/dao/org/appfuse/dao/ibatis/UserDAOiBatis.java	28 Aug 2005 22:47:00 -0000
@@ -9,7 +9,6 @@
 import org.appfuse.dao.UserDAO;
 import org.appfuse.model.Role;
 import org.appfuse.model.User;
-import org.appfuse.model.UserCookie;
 import org.springframework.orm.ObjectRetrievalFailureException;
 import org.springframework.orm.ibatis.support.SqlMapClientDaoSupport;
 
@@ -29,15 +28,13 @@
      * @return a populated user object
      */
     public User getUser(String username) {
-        User user =
-            (User) getSqlMapClientTemplate().queryForObject("getUser", username);
+        User user = (User) getSqlMapClientTemplate().queryForObject("getUser", username);
 
         if (user == null) {
             logger.warn("uh oh, user not found...");
             throw new ObjectRetrievalFailureException(User.class, username);
         } else {
-            List roles =
-                getSqlMapClientTemplate().queryForList("getUserRoles", user);
+            List roles = getSqlMapClientTemplate().queryForList("getUserRoles", user);
             user.setRoles(new HashSet(roles));
         }
 
@@ -54,8 +51,7 @@
         for (int i = 0; i < users.size(); i++) {
             user = (User) users.get(i);
 
-            List roles =
-                getSqlMapClientTemplate().queryForList("getUserRoles", user);
+            List roles =  getSqlMapClientTemplate().queryForList("getUserRoles", user);
             user.setRoles(new HashSet(roles));
             users.set(i, user);
         }
@@ -79,9 +75,7 @@
                 newRole.put("username", user.getUsername());
                 newRole.put("roleName", role.getName());
 
-                List userRoles =
-                    getSqlMapClientTemplate().queryForList("getUserRoles",
-                                                           user.getUsername());
+                List userRoles = getSqlMapClientTemplate().queryForList("getUserRoles", user.getUsername());
 
                 if (userRoles.isEmpty()) {
                     getSqlMapClientTemplate().update("addUserRole", newRole);
@@ -111,53 +105,7 @@
      */
     public void removeUser(String username) {
         User user = getUser(username);
-        removeUserCookies(user.getUsername());
         deleteUserRoles(user);
         getSqlMapClientTemplate().update("deleteUser", user);
-    }
-
-    /**
-     * @see org.appfuse.dao.UserDAO#getUserCookie(java.lang.String)
-     */
-    public UserCookie getUserCookie(UserCookie userCookie) {
-        List cookies =
-            getSqlMapClientTemplate().queryForList("getUserCookies", userCookie);
-
-        if (cookies.size() == 0) {
-            return null;
-        }
-
-        return (UserCookie) cookies.get(0);
-    }
-
-    /**
-     * @see org.appfuse.dao.UserDAO#removeUserCookies(java.lang.String)
-     */
-    public void removeUserCookies(String username) {
-        // delete any cookies associated with this user
-        UserCookie c = new UserCookie();
-        c.setUsername(username);
-
-        getSqlMapClientTemplate().update("deleteUserCookies", c);
-    }
-
-    /**
-     * @see org.appfuse.dao.UserDAO#saveUserCookie(org.appfuse.model.UserCookie)
-     */
-    public void saveUserCookie(UserCookie cookie) {
-        if (cookie.getId() == null) {
-            Long pk =
-                (Long) getSqlMapClientTemplate().queryForObject("getUserCookieId",
-                                                                null);
-
-            if (pk == null) {
-                pk = new Long(0);
-            }
-
-            cookie.setId(new Long(pk.longValue() + 1));
-            getSqlMapClientTemplate().update("addUserCookie", cookie);
-        } else {
-            getSqlMapClientTemplate().update("updateUserCookie", cookie);
-        }
     }
 }
Index: extras/ibatis/src/dao/org/appfuse/dao/ibatis/sql/UserSQL.xml
===================================================================
RCS file: /cvs/appfuse/extras/ibatis/src/dao/org/appfuse/dao/ibatis/sql/UserSQL.xml,v
retrieving revision 1.8
diff -u -r1.8 UserSQL.xml
--- extras/ibatis/src/dao/org/appfuse/dao/ibatis/sql/UserSQL.xml	7 Jan 2005 20:59:48 -0000	1.8
+++ extras/ibatis/src/dao/org/appfuse/dao/ibatis/sql/UserSQL.xml	28 Aug 2005 22:47:36 -0000
@@ -99,41 +99,4 @@
         delete from user_role where username = #username#;
     ]]>
     </delete>
-    
-	<select id="getUserCookies" parameterClass="userCookie" resultClass="userCookie">
-    <![CDATA[
-        select id, username, cookie_id as cookieId, date_created as dateCreated
-        from user_cookie where username = #username# and cookie_id = #cookieId#;
-    ]]>
-    </select>
-    
-	<delete id="deleteUserCookies" parameterClass="userCookie">
-    <![CDATA[
-        delete from user_cookie where username = #username#;
-    ]]>
-    </delete>
-    
-	<insert id="addUserCookie" parameterClass="userCookie">
-    <![CDATA[
-        insert into 
-            user_cookie (id, username, cookie_id, date_created)
-        values (#id#, #username#, #cookieId#, #dateCreated#);
-    ]]>
-    </insert>
-    
-	<select id="getUserCookieId" resultClass="long">
-    <![CDATA[
-        select max(id) from user_cookie;
-    ]]>
-    </select>
-    
-	<update id="updateUserCookie" parameterClass="userCookie">
-    <![CDATA[
-        update user_cookie SET
-            username = #username#,
-            cookie_id = #cookieId#,
-            date_created = #dateCreated#
-        where id = #id#;
-    ]]>
-    </update>
 </sqlMap>
Index: extras/jsf/build.xml
===================================================================
RCS file: /cvs/appfuse/extras/jsf/build.xml,v
retrieving revision 1.18
diff -u -r1.18 build.xml
--- extras/jsf/build.xml	10 Aug 2005 15:21:44 -0000	1.18
+++ extras/jsf/build.xml	29 Aug 2005 00:02:07 -0000
@@ -376,8 +376,6 @@
                 servletspec="2.3" sessiontimeout="10"
                 destdir="${webapp.target}/WEB-INF" distributable="false"
                 displayname="${ant.project.name}">
-                <configParam name="httpPort" value="${http.port}"/>
-                <configParam name="httpsPort" value="${https.port}"/>
                 <configParam name="daoType" value="${dao.type}"/>
             </deploymentdescriptor>
             <jsptaglib validateXML="true"
@@ -406,8 +404,6 @@
                 servletspec="2.3" sessiontimeout="10"
                 destdir="${webapp.target}/WEB-INF" distributable="false"
                 displayname="${ant.project.name}">
-                <configParam name="httpPort" value="${http.port}"/>
-                <configParam name="httpsPort" value="${https.port}"/>
                 <configParam name="daoType" value="${dao.type}"/>
             </deploymentdescriptor>
             <jsptaglib validateXML="true"
Index: extras/jsf/src/web/org/appfuse/webapp/action/SignupForm.java
===================================================================
RCS file: /cvs/appfuse/extras/jsf/src/web/org/appfuse/webapp/action/SignupForm.java,v
retrieving revision 1.3
diff -u -r1.3 SignupForm.java
--- extras/jsf/src/web/org/appfuse/webapp/action/SignupForm.java	7 Jan 2005 21:00:46 -0000	1.3
+++ extras/jsf/src/web/org/appfuse/webapp/action/SignupForm.java	28 Aug 2005 22:22:31 -0000
@@ -1,88 +1,86 @@
-package org.appfuse.webapp.action;
-
-import java.io.Serializable;
-
-import org.appfuse.Constants;
-import org.appfuse.model.User;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
-import org.appfuse.webapp.util.RequestUtil;
-
-/**
- * JSF Page class to handle signing up a new user.
- *
- * @author mraible
- */
-public class SignupForm extends BasePage implements Serializable {
-    private User user = new User();
-    private RoleManager roleManager;
-
-    public User getUser() {
-        return user;
-    }
-
-    public void setUser(User user) {
-        this.user = user;
-    }
-    
-    public void setRoleManager(RoleManager roleManager) {
-        this.roleManager = roleManager;
-    }
-
-    public String save() throws Exception {
-        
-        String algorithm =
-            (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
-        if (algorithm == null) { // should only happen for test case
-            if (log.isDebugEnabled()) {
-                log.debug("assuming testcase, setting algorithm to 'SHA'");
-            }
-            algorithm = "SHA";
-        }
-        
-        user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
-        user.setEnabled(Boolean.TRUE);
-        
-        // Set the default user role on this new user
-        user.addRole(roleManager.getRole(Constants.USER_ROLE));
-
-        try {
-            userManager.saveUser(user);
-        } catch (UserExistsException e) {
-            log.warn(e.getMessage());
-            addMessage("errors.existing.user", 
-                    new Object[] { user.getUsername(), user.getEmail() });
-
-            // redisplay the unencrypted passwords
-            user.setPassword(user.getConfirmPassword());
-            return null;
-        }
-
-        // Set cookies for auto-magical login ;-)
-        String loginCookie = userManager.createLoginCookie(user.getUsername());
-        RequestUtil.setCookie(getResponse(), Constants.LOGIN_COOKIE, loginCookie,
-                              getRequest().getContextPath());
-
-        addMessage("user.registered");
-        getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
-
-        // Send an account information e-mail
-        message.setSubject(getText("signup.email.subject"));
-        sendUserMessage(user, getText("signup.email.message"), 
-                        RequestUtil.getAppURL(getRequest()));
-        
-        return "mainMenu";
-    }
-    
-    public String getCountry() {
-        return getUser().getAddress().getCountry();
-    }
-    
-    // for some reason, the country drop-down won't do 
-    // getUser().getAddress().setCountry(value)
-    public void setCountry(String country) {
-        getUser().getAddress().setCountry(country);
-    }
-}
+package org.appfuse.webapp.action;
+
+import java.io.Serializable;
+
+import org.appfuse.Constants;
+import org.appfuse.model.User;
+import org.appfuse.service.RoleManager;
+import org.appfuse.service.UserExistsException;
+import org.appfuse.util.StringUtil;
+import org.appfuse.webapp.util.RequestUtil;
+
+/**
+ * JSF Page class to handle signing up a new user.
+ *
+ * @author mraible
+ */
+public class SignupForm extends BasePage implements Serializable {
+    private User user = new User();
+    private RoleManager roleManager;
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setUser(User user) {
+        this.user = user;
+    }
+    
+    public void setRoleManager(RoleManager roleManager) {
+        this.roleManager = roleManager;
+    }
+
+    public String save() throws Exception {
+        Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+        
+        if (encrypt != null && encrypt.booleanValue()) {
+            String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
+    
+            if (algorithm == null) { // should only happen for test case
+                if (log.isDebugEnabled()) {
+                    log.debug("assuming testcase, setting algorithm to 'SHA'");
+                }
+                algorithm = "SHA";
+            }
+            
+            user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
+        }
+        
+        user.setEnabled(Boolean.TRUE);
+        
+        // Set the default user role on this new user
+        user.addRole(roleManager.getRole(Constants.USER_ROLE));
+
+        try {
+            userManager.saveUser(user);
+        } catch (UserExistsException e) {
+            log.warn(e.getMessage());
+            addMessage("errors.existing.user", 
+                    new Object[] { user.getUsername(), user.getEmail() });
+
+            // redisplay the unencrypted passwords
+            user.setPassword(user.getConfirmPassword());
+            return null;
+        }
+
+        addMessage("user.registered");
+        getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
+
+        // Send an account information e-mail
+        message.setSubject(getText("signup.email.subject"));
+        sendUserMessage(user, getText("signup.email.message"), 
+                        RequestUtil.getAppURL(getRequest()));
+        
+        return "mainMenu";
+    }
+    
+    public String getCountry() {
+        return getUser().getAddress().getCountry();
+    }
+    
+    // for some reason, the country drop-down won't do 
+    // getUser().getAddress().setCountry(value)
+    public void setCountry(String country) {
+        getUser().getAddress().setCountry(country);
+    }
+}
Index: extras/jsf/src/web/org/appfuse/webapp/action/UserForm.java
===================================================================
RCS file: /cvs/appfuse/extras/jsf/src/web/org/appfuse/webapp/action/UserForm.java,v
retrieving revision 1.2
diff -u -r1.2 UserForm.java
--- extras/jsf/src/web/org/appfuse/webapp/action/UserForm.java	5 Dec 2004 23:03:02 -0000	1.2
+++ extras/jsf/src/web/org/appfuse/webapp/action/UserForm.java	28 Aug 2005 22:20:53 -0000
@@ -1,239 +1,238 @@
-package org.appfuse.webapp.action;
-
-import java.io.Serializable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.lang.StringUtils;
-import org.appfuse.Constants;
-import org.appfuse.model.Role;
-import org.appfuse.model.User;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserExistsException;
-import org.appfuse.util.ConvertUtil;
-import org.appfuse.util.StringUtil;
-import org.appfuse.webapp.util.RequestUtil;
-
-/**
- * JSF Page class to handle editing a user with a form.
- *
- * @author mraible
- */
-public class UserForm extends BasePage implements Serializable {
-    private RoleManager roleManager;
-    private String from;
-    private String username;
-    private User user = new User();
-    private Map availableRoles;
-    private String[] userRoles;
-    
-    public void setUsername(String username) {
-        this.username = username;
-    }
-
-    public String getUsername() {
-        return username;
-    }
-
-    public User getUser() {
-        return user;
-    }
-
-    public void setUser(User user) {
-        this.user = user;
-    }
-
-    public void setRoleManager(RoleManager roleManager) {
-        this.roleManager = roleManager;
-    }
-
-    public String cancel() {
-        if (log.isDebugEnabled()) {
-            log.debug("Entering 'cancel' method");
-        }
-
-        if (!StringUtils.equals(getParameter("from"), "list")) {
-            return "mainMenu";
-        } else {
-            return "cancel";
-        }
-    }
-
-    public String edit() {
-        HttpServletRequest request = getRequest();
-
-        // if a user's username is passed in
-        if (username != null) {
-            // lookup the user using that id
-            user = userManager.getUser(username);
-        } else if (username == null) {
-            user = userManager.getUser(request.getRemoteUser());
-        } else {
-            user = new User();
-            user.addRole(new Role(Constants.USER_ROLE));
-        }
-
-        if (user.getUsername() != null) {
-            user.setConfirmPassword(user.getPassword());
-
-            // if user logged in with a cookie, display a warning that they
-            // can't change passwords
-            if (log.isDebugEnabled()) {
-                log.debug("checking for cookieLogin...");
-            }
-
-            if (getSession().getAttribute("cookieLogin") != null) {
-                log.trace("User '" + user.getUsername() + "' logged in with cookie");
-                addMessage("userProfile.cookieLogin");
-            }
-        }
-
-        return "editProfile";
-    }
-
-    public String save() {
-        String password = user.getPassword();
-        String originalPassword = getParameter("userForm:originalPassword");
-
-        if (StringUtils.equals(getParameter("encryptPass"), "true") ||
-                !StringUtils.equals(password, originalPassword)) {
-            String algorithm =
-                (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
-            if (algorithm == null) { // should only happen for test case
-                log.debug("assuming testcase, setting algorigthm to 'SHA'");
-                algorithm = "SHA";
-            }
-
-            user.setPassword(StringUtil.encodePassword(password, algorithm));
-        }
-        
-        // workaround for plain ol' HTML input tags that don't seem to set
-        // properties on the managed bean
-        setUserRoles(getRequest().getParameterValues("userForm:userRoles"));
-
-        for (int i = 0; (userRoles != null) && (i < userRoles.length); i++) {
-            String roleName = userRoles[i];
-            user.addRole(roleManager.getRole(roleName));
-        }
-
-        try {
-            userManager.saveUser(user);
-        } catch (UserExistsException e) {
-            log.warn(e.getMessage());
-            addError("errors.existing.user",
-                     new Object[] { user.getUsername(), user.getEmail() });
-
-            return "editProfile";
-        }
-
-        if (!StringUtils.equals(getParameter("from"), "list")) {
-            HttpSession session = getSession();
-            HttpServletRequest request = getRequest();
-
-            session.setAttribute(Constants.USER_KEY, user);
-
-            // update the user's remember me cookie if they didn't login
-            // with a cookie
-            if ((RequestUtil.getCookie(request, Constants.LOGIN_COOKIE) != null) &&
-                    (session.getAttribute("cookieLogin") == null)) {
-                // delete all user cookies and add a new one
-                userManager.removeLoginCookies(user.getUsername());
-
-                String autoLogin =
-                    userManager.createLoginCookie(user.getUsername());
-                RequestUtil.setCookie(getResponse(),
-                                      Constants.LOGIN_COOKIE, autoLogin,
-                                      request.getContextPath());
-            }
-
-            // add success messages
-            addMessage("user.saved");
-
-            // return a forward to main Menu
-            return "mainMenu";
-        } else {
-            // add success messages
-            if ("".equals(getParameter("userForm:version"))) {
-                addMessage("user.added", user.getFullName());
-
-                sendUserMessage(user,
-                                getText("newuser.email.message",
-                                              user.getFullName()),
-                                RequestUtil.getAppURL(getRequest()));
-
-                return "list"; // return to list screen
-            } else {
-                addMessage("user.updated.byAdmin", user.getFullName());
-
-                return "editProfile"; // return to current page
-            }
-        }
-    }
-
-    public String delete() {
-        userManager.removeUser(getUser().getUsername());
-        addMessage("user.deleted", getUser().getFullName());
-
-        return "list";
-    }
-
-    /**
-     * Convenience method to determine if the user came from the list screen
-     * @return String
-     */
-    public String getFrom() {
-        if ((username != null) || (getParameter("editUser:add") != null) ||
-                ("list".equals(getParameter("from")))) {
-            return "list";
-        }
-
-        return "";
-    }
-
-    // Form Controls ==========================================================
-    public Map getAvailableRoles() {
-        if (availableRoles == null) {
-            List roles =
-                (List) getServletContext().getAttribute(Constants.AVAILABLE_ROLES);
-            availableRoles = ConvertUtil.convertListToMap(roles);
-        }
-
-        return availableRoles;
-    }
-
-    public String[] getUserRoles() {
-        userRoles = new String[user.getRoles().size()];
-
-        int i = 0;
-
-        if (userRoles.length > 0) {
-            for (Iterator it = user.getRoles().iterator(); it.hasNext();) {
-                Role role = (Role) it.next();
-
-                userRoles[i] = role.getName();
-                i++;
-            }
-        }
-
-        return userRoles;
-    }
-
-    public void setUserRoles(String[] userRoles) {
-        this.userRoles = userRoles;
-    }
-    
-    public String getCountry() {
-        return getUser().getAddress().getCountry();
-    }
-    
-    // for some reason, the country drop-down won't do 
-    // getUser().getAddress().setCountry(value)
-    public void setCountry(String country) {
-        getUser().getAddress().setCountry(country);
-    }
-}
+package org.appfuse.webapp.action;
+
+import java.io.Serializable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.AuthenticationTrustResolver;
+import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
+import net.sf.acegisecurity.context.ContextHolder;
+import net.sf.acegisecurity.context.security.SecureContext;
+
+import org.apache.commons.lang.StringUtils;
+import org.appfuse.Constants;
+import org.appfuse.model.Role;
+import org.appfuse.model.User;
+import org.appfuse.service.RoleManager;
+import org.appfuse.service.UserExistsException;
+import org.appfuse.util.ConvertUtil;
+import org.appfuse.util.StringUtil;
+import org.appfuse.webapp.util.RequestUtil;
+
+/**
+ * JSF Page class to handle editing a user with a form.
+ *
+ * @author mraible
+ */
+public class UserForm extends BasePage implements Serializable {
+    private RoleManager roleManager;
+    private String from;
+    private String username;
+    private User user = new User();
+    private Map availableRoles;
+    private String[] userRoles;
+    
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public User getUser() {
+        return user;
+    }
+
+    public void setUser(User user) {
+        this.user = user;
+    }
+
+    public void setRoleManager(RoleManager roleManager) {
+        this.roleManager = roleManager;
+    }
+
+    public String cancel() {
+        if (log.isDebugEnabled()) {
+            log.debug("Entering 'cancel' method");
+        }
+
+        if (!StringUtils.equals(getParameter("from"), "list")) {
+            return "mainMenu";
+        } else {
+            return "cancel";
+        }
+    }
+
+    public String edit() {
+        HttpServletRequest request = getRequest();
+
+        // if a user's username is passed in
+        if (username != null) {
+            // lookup the user using that id
+            user = userManager.getUser(username);
+        } else if (username == null) {
+            user = userManager.getUser(request.getRemoteUser());
+        } else {
+            user = new User();
+            user.addRole(new Role(Constants.USER_ROLE));
+        }
+
+        if (user.getUsername() != null) {
+            user.setConfirmPassword(user.getPassword());
+
+            // if user logged in with remember me, display a warning that they can't change passwords
+            log.debug("checking for remember me login...");
+
+            AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
+            SecureContext ctx = (SecureContext) ContextHolder.getContext();
+
+            if (ctx != null) {
+                Authentication auth = ctx.getAuthentication();
+
+                if (resolver.isRememberMe(auth)) {
+                    getSession().setAttribute("cookieLogin", "true");
+                    log.trace("User '" + user.getUsername() + "' logged in with cookie");
+                    addMessage("userProfile.cookieLogin");
+                }
+            }
+        }
+
+        return "editProfile";
+    }
+
+    public String save() {
+        String password = user.getPassword();
+        String originalPassword = getParameter("userForm:originalPassword");
+
+        Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+        boolean doEncrypt = (encrypt != null) ? encrypt.booleanValue() : false;
+        
+        if (doEncrypt && (StringUtils.equals(getParameter("encryptPass"), "true") ||
+                !StringUtils.equals(password, originalPassword))) {
+            String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
+
+            if (algorithm == null) { // should only happen for test case
+                log.debug("assuming testcase, setting algorigthm to 'SHA'");
+                algorithm = "SHA";
+            }
+
+            user.setPassword(StringUtil.encodePassword(password, algorithm));
+        }
+        
+        // workaround for plain ol' HTML input tags that don't seem to set
+        // properties on the managed bean
+        setUserRoles(getRequest().getParameterValues("userForm:userRoles"));
+
+        for (int i = 0; (userRoles != null) && (i < userRoles.length); i++) {
+            String roleName = userRoles[i];
+            user.addRole(roleManager.getRole(roleName));
+        }
+
+        try {
+            userManager.saveUser(user);
+        } catch (UserExistsException e) {
+            log.warn(e.getMessage());
+            addError("errors.existing.user",
+                     new Object[] { user.getUsername(), user.getEmail() });
+
+            return "editProfile";
+        }
+
+        if (!StringUtils.equals(getParameter("from"), "list")) {
+            HttpSession session = getSession();
+            HttpServletRequest request = getRequest();
+
+            session.setAttribute(Constants.USER_KEY, user);
+
+            // add success messages
+            addMessage("user.saved");
+
+            // return a forward to main Menu
+            return "mainMenu";
+        } else {
+            // add success messages
+            if ("".equals(getParameter("userForm:version"))) {
+                addMessage("user.added", user.getFullName());
+
+                sendUserMessage(user,
+                                getText("newuser.email.message",
+                                              user.getFullName()),
+                                RequestUtil.getAppURL(getRequest()));
+
+                return "list"; // return to list screen
+            } else {
+                addMessage("user.updated.byAdmin", user.getFullName());
+
+                return "editProfile"; // return to current page
+            }
+        }
+    }
+
+    public String delete() {
+        userManager.removeUser(getUser().getUsername());
+        addMessage("user.deleted", getUser().getFullName());
+
+        return "list";
+    }
+
+    /**
+     * Convenience method to determine if the user came from the list screen
+     * @return String
+     */
+    public String getFrom() {
+        if ((username != null) || (getParameter("editUser:add") != null) ||
+                ("list".equals(getParameter("from")))) {
+            return "list";
+        }
+
+        return "";
+    }
+
+    // Form Controls ==========================================================
+    public Map getAvailableRoles() {
+        if (availableRoles == null) {
+            List roles =
+                (List) getServletContext().getAttribute(Constants.AVAILABLE_ROLES);
+            availableRoles = ConvertUtil.convertListToMap(roles);
+        }
+
+        return availableRoles;
+    }
+
+    public String[] getUserRoles() {
+        userRoles = new String[user.getRoles().size()];
+
+        int i = 0;
+
+        if (userRoles.length > 0) {
+            for (Iterator it = user.getRoles().iterator(); it.hasNext();) {
+                Role role = (Role) it.next();
+
+                userRoles[i] = role.getName();
+                i++;
+            }
+        }
+
+        return userRoles;
+    }
+
+    public void setUserRoles(String[] userRoles) {
+        this.userRoles = userRoles;
+    }
+    
+    public String getCountry() {
+        return getUser().getAddress().getCountry();
+    }
+    
+    // for some reason, the country drop-down won't do 
+    // getUser().getAddress().setCountry(value)
+    public void setCountry(String country) {
+        getUser().getAddress().setCountry(country);
+    }
+}
Index: extras/jsf/test/web/web-tests.xml
===================================================================
RCS file: /cvs/appfuse/extras/jsf/test/web/web-tests.xml,v
retrieving revision 1.6
diff -u -r1.6 web-tests.xml
--- extras/jsf/test/web/web-tests.xml	28 Aug 2005 21:15:52 -0000	1.6
+++ extras/jsf/test/web/web-tests.xml	29 Aug 2005 00:34:38 -0000
@@ -1,237 +1,237 @@
-<!-- ======================================================================= -->
-<!-- $Id: web-tests.xml,v 1.6 2005/08/28 21:15:52 mraible Exp $               -->
-<!-- ======================================================================= -->
-<!DOCTYPE project [
-    <!ENTITY config SYSTEM "file:./config.xml">
-    <!ENTITY login SYSTEM "file:./login.xml">
-]>
-<project basedir="." default="run-all-tests"> 
-    <!-- Include ApplicationResources.properties so we can test against 
-         keys, rather than values -->
-    <property file="web/WEB-INF/classes/ApplicationResources.properties"/>
-
-    <!-- runs all targets -->
-    <target name="run-all-tests" 
-        depends="Login,Logout,PasswordHint,Signup,UserTests,FlushCache,FileUpload"
-        description="Call and executes all test cases (targets)"/>
-    
-    <!-- runs user-related tests -->
-    <!-- depends="EditUser,SearchUser,SaveUser,AddUser,ActiveUsers" -->
-    <target name="UserTests" 
-        depends="SearchUser,SaveUser,AddUser,ActiveUsers"
-        description="Call and executes all person test cases (targets)">
-        <echo>Successfully ran all User JSP tests!</echo>
-    </target>
-    
-    <!-- Login to the application -->
-    <target name="Login" 
-        description="Runs login test and verifies Main Menu's Title">
-        <canoo name="login">
-            &config;
-            <steps>
-                &login;
-            </steps>
-        </canoo>
-    </target>
-
-    <!-- Logout of the application -->
-    <target name="Logout"
-        description="Runs logout test and verifies Login's Title">
-        <canoo name="login">
-            &config;
-            <steps>
-                &login;
-                <invoke description="get Logout Page" url="/logout.jsp"/>
-                <verifytitle description="we should see the login title"
-                    text="${webapp.prefix}${login.title}"/>
-            </steps>
-        </canoo>
-    </target>
-
-    <!-- Retrieve Password Hint -->
-    <target name="PasswordHint" 
-        description="Gets the user's password hint">
-        <canoo name="passwordHint">
-            &config;
-            <steps>
-                <invoke description="get Login Page" url="/"/>
-                <verifytitle description="we should see the login title" 
-                    text="${webapp.prefix}${login.title}"/>
-                <invoke description="click password hint link"
-                    url="/passwordHint.html?username=mraible"/>
-                <verifytitle description="we should see the login title again"
-                    text="${webapp.prefix}${login.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Verify the edit user screen displays without errors -->
-    <target name="EditUser" 
-        description="Tests selecting the 'Edit Profile' forward">
-        <canoo name="editUser">
-            &config;
-            <steps>
-                &login;
-                <clicklink description="click Edit Profile link" label="${menu.user}"/>
-                <verifytitle description="we should see the user profile title" 
-                    text="${webapp.prefix}${userProfile.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Verify the user list screen displays without errors -->
-    <target name="SearchUser" 
-        description="Tests search for and displaying all users">
-        <canoo name="searchUser">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click View Users link" url="/users.html"/>
-                <verifytitle description="we should see the user list title" 
-                    text="${webapp.prefix}${userList.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Edit a user and then save -->
-    <target name="SaveUser" 
-        description="Tests editing and saving a user">
-        <canoo name="saveUser">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click Edit Profile link" url="/editProfile.html"/>
-                <verifytitle description="we should see the user profile title" 
-                    text="${webapp.prefix}${userProfile.title}"/>
-                <setinputfield description="set address" name="userForm:address" value="2255 Lane Avenue"/>
-                <setinputfield description="set zipcode" name="userForm:postalCode" value="59826"/>
-                <clickbutton label="${button.save}" description="Click Save"/>
-                <verifytitle description="display Main Menu if save OK"
-                     text="${webapp.prefix}${mainMenu.title}" />
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Add a new user after logging in -->
-    <target name="AddUser"
-        description="Adds a new user profile">
-        <canoo name="addUser">
-            &config;
-            <steps>
-                &login;
-                <invoke description="View User List" url="/users.html"/>
-                <clickbutton description="Click 'Add' button'" label="${button.add}"/>
-                
-                <verifytitle description="view user profile title" text="${webapp.prefix}${userProfile.title}"/>
-                <setinputfield description="set username" name="userForm:username" value="newuser"/>
-                <setinputfield description="set password" name="userForm:password" value="test"/>
-                <setinputfield description="set confirmPassword" name="userForm:confirmPassword" value="test"/>
-                <setinputfield description="set firstName" name="userForm:firstName" value="Test"/>
-                <setinputfield description="set lastName" name="userForm:lastName" value="Name"/>
-                <setinputfield description="set city" name="userForm:city" value="Denver"/>
-                <setinputfield description="select province" name="userForm:province" value="CO"/>
-                <setselectfield description="select country" name="userForm:country" value="US"/>
-                <setinputfield description="set postalCode" name="userForm:postalCode" value="80210"/>
-                <setinputfield description="set email" name="userForm:email" value="newuser@raibledesigns.com"/>
-                <setinputfield description="set website" name="userForm:website" value="http://raibledesigns.com"/>
-                <setinputfield description="set passwordHint" name="userForm:passwordHint" value="test"/>
-                <setcheckbox description="select roles" name="userForm:userRoles" checked="user"/>
-                
-                <clickbutton label="${button.save}" description="Click button 'Save'"/>
-                <verifytitle description="view user list screen" text="${webapp.prefix}${userList.title}"/>
-                <verifytext description="verify success message" regex="true"
-                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
-                    
-                <!-- Delete user -->
-                <clicklink description="Click edit user link" label="newuser"/>
-                <clickbutton label="${button.delete}" description="Click button 'Delete'"/>
-                <!--verifyDialogText description="check alert" type="confirm" regex="true" text=".*"/>
-                <setConfirmDialogDefaults description="click OK" keeptext="true" response="true"/-->
-                <verifytext description="verify success message" regex="true"
-                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
-                <verifytitle description="display user list" 
-                    text="${webapp.prefix}${userList.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Sign up a new user (no login) -->
-    <target name="Signup"
-        description="Signup a new user">
-        <canoo name="signup">
-            &config;
-            <steps>
-                <invoke description="click signup link" url="/signup.html"/>
-                <verifytitle description="we should signup title" text="${webapp.prefix}${signup.title}"/>
-                
-                <setinputfield description="set username" name="signupForm:username" value="signup-user"/>
-                <setinputfield description="set password" name="signupForm:password" value="test"/>
-                <setinputfield description="set confirmPassword" name="signupForm:confirmPassword" value="test"/>
-                <setinputfield description="set firstName" name="signupForm:firstName" value="Test"/>
-                <setinputfield description="set lastName" name="signupForm:lastName" value="Name"/>
-                <setinputfield description="set city" name="signupForm:city" value="Denver"/>
-                <setinputfield description="set state" name="signupForm:province" value="CO"/>
-                <setselectfield description="Select country" name="signupForm:country" value="US"/>
-                <setinputfield description="set postalCode" name="signupForm:postalCode" value="80210"/>
-                <setinputfield description="set email" name="signupForm:email" value="signup-user@raibledesigns.com"/>
-                <setinputfield description="set website" name="signupForm:website" value="http://raibledesigns.com"/>
-                <setinputfield description="set passwordHint" name="signupForm:passwordHint" value="test"/>
-                
-                <clickbutton label="${button.register}" description="Click button 'Signup'"/>
-                <verifytitle text="${webapp.prefix}${mainMenu.title}"/>
-                <verifytext description="verify success message" text="${user.registered}"/>
-            </steps>
-        </canoo>
-    </target>
-
-    <!-- View Active Users -->
-    <target name="ActiveUsers" 
-        description="View Active Users List">
-        <canoo name="activeUsers">
-            &config;
-            <steps>
-                &login;
-                <invoke description="get activeUsers URL" url="/activeUsers.html"/>
-                <verifytitle description="we should see the activeUsers title" 
-                    text="${webapp.prefix}${activeUsers.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Flush OSCache -->
-    <target name="FlushCache" 
-        description="opens JSP to Flush Page Cache">
-        <canoo name="flushCache">
-            &config;
-            <steps>
-                &login;
-                <invoke description="get flushCache URL" url="/flushCache.html"/>
-                <verifytitle description="we should see the flush cache title" 
-                    text="${webapp.prefix}${flushCache.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- File Upload -->
-    <target name="FileUpload" 
-        description="Tests uploading a file">
-        <canoo name="fileUpload">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click Upload a File link" url="/selectFile.html"/>
-                <verifytitle description="we should see file upload form" 
-                    text="${webapp.prefix}${upload.title}"/>
-                <!--setinputfield description="set name" name="name" 
-                    value="Canoo Test File"/>
-                <setinputfield description="set file" name="file" 
-                    value="${basedir}/build.properties"/>
-                <clickbutton label="${button.upload}" description="Click Upload"/>
-                <verifytitle description="show file data if upload OK"
-                     text="${webapp.prefix}${display.title}" />
-                <verifytext description="verify original file name displayed on page"
-                     text="build.properties" /-->
-            </steps>
-        </canoo>
-    </target>
-</project>
+<!-- ======================================================================= -->
+<!-- $Id: web-tests.xml,v 1.6 2005/08/28 21:15:52 mraible Exp $               -->
+<!-- ======================================================================= -->
+<!DOCTYPE project [
+    <!ENTITY config SYSTEM "file:./config.xml">
+    <!ENTITY login SYSTEM "file:./login.xml">
+]>
+<project basedir="." default="run-all-tests"> 
+    <!-- Include ApplicationResources.properties so we can test against 
+         keys, rather than values -->
+    <property file="web/WEB-INF/classes/ApplicationResources.properties"/>
+
+    <!-- runs all targets -->
+    <target name="run-all-tests" 
+        depends="Login,Logout,PasswordHint,Signup,UserTests,FlushCache,FileUpload"
+        description="Call and executes all test cases (targets)"/>
+    
+    <!-- runs user-related tests -->
+    <!-- depends="EditUser,SearchUser,SaveUser,AddUser,ActiveUsers" -->
+    <target name="UserTests" 
+        depends="SearchUser,SaveUser,AddUser,ActiveUsers"
+        description="Call and executes all person test cases (targets)">
+        <echo>Successfully ran all User JSP tests!</echo>
+    </target>
+    
+    <!-- Login to the application -->
+    <target name="Login" 
+        description="Runs login test and verifies Main Menu's Title">
+        <canoo name="login">
+            &config;
+            <steps>
+                &login;
+            </steps>
+        </canoo>
+    </target>
+
+    <!-- Logout of the application -->
+    <target name="Logout"
+        description="Runs logout test and verifies Login's Title">
+        <canoo name="login">
+            &config;
+            <steps>
+                &login;
+                <invoke description="get Logout Page" url="/logout.jsp"/>
+                <verifytitle description="we should see the login title"
+                    text="${webapp.prefix}${login.title}"/>
+            </steps>
+        </canoo>
+    </target>
+
+    <!-- Retrieve Password Hint -->
+    <target name="PasswordHint" 
+        description="Gets the user's password hint">
+        <canoo name="passwordHint">
+            &config;
+            <steps>
+                <invoke description="get Login Page" url="/"/>
+                <verifytitle description="we should see the login title" 
+                    text="${webapp.prefix}${login.title}"/>
+                <invoke description="click password hint link"
+                    url="/passwordHint.html?username=mraible"/>
+                <verifytitle description="we should see the login title again"
+                    text="${webapp.prefix}${login.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Verify the edit user screen displays without errors -->
+    <target name="EditUser" 
+        description="Tests selecting the 'Edit Profile' forward">
+        <canoo name="editUser">
+            &config;
+            <steps>
+                &login;
+                <clicklink description="click Edit Profile link" label="${menu.user}"/>
+                <verifytitle description="we should see the user profile title" 
+                    text="${webapp.prefix}${userProfile.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Verify the user list screen displays without errors -->
+    <target name="SearchUser" 
+        description="Tests search for and displaying all users">
+        <canoo name="searchUser">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click View Users link" url="/users.html"/>
+                <verifytitle description="we should see the user list title" 
+                    text="${webapp.prefix}${userList.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Edit a user and then save -->
+    <target name="SaveUser" 
+        description="Tests editing and saving a user">
+        <canoo name="saveUser">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click Edit Profile link" url="/editProfile.html"/>
+                <verifytitle description="we should see the user profile title" 
+                    text="${webapp.prefix}${userProfile.title}"/>
+                <setinputfield description="set address" name="userForm:address" value="2255 Lane Avenue"/>
+                <setinputfield description="set zipcode" name="userForm:postalCode" value="59826"/>
+                <clickbutton label="${button.save}" description="Click Save"/>
+                <verifytitle description="display Main Menu if save OK"
+                     text="${webapp.prefix}${mainMenu.title}" />
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Add a new user after logging in -->
+    <target name="AddUser"
+        description="Adds a new user profile">
+        <canoo name="addUser">
+            &config;
+            <steps>
+                &login;
+                <invoke description="View User List" url="/users.html"/>
+                <clickbutton description="Click 'Add' button'" label="${button.add}"/>
+                
+                <verifytitle description="view user profile title" text="${webapp.prefix}${userProfile.title}"/>
+                <setinputfield description="set username" name="userForm:username" value="newuser"/>
+                <setinputfield description="set password" name="userForm:password" value="test"/>
+                <setinputfield description="set confirmPassword" name="userForm:confirmPassword" value="test"/>
+                <setinputfield description="set firstName" name="userForm:firstName" value="Test"/>
+                <setinputfield description="set lastName" name="userForm:lastName" value="Name"/>
+                <setinputfield description="set city" name="userForm:city" value="Denver"/>
+                <setinputfield description="select province" name="userForm:province" value="CO"/>
+                <setselectfield description="select country" name="userForm:country" value="US"/>
+                <setinputfield description="set postalCode" name="userForm:postalCode" value="80210"/>
+                <setinputfield description="set email" name="userForm:email" value="newuser@raibledesigns.com"/>
+                <setinputfield description="set website" name="userForm:website" value="http://raibledesigns.com"/>
+                <setinputfield description="set passwordHint" name="userForm:passwordHint" value="test"/>
+                <setcheckbox description="select roles" name="userForm:userRoles" checked="user"/>
+                
+                <clickbutton label="${button.save}" description="Click button 'Save'"/>
+                <verifytitle description="view user list screen" text="${webapp.prefix}${userList.title}"/>
+                <verifytext description="verify success message" regex="true"
+                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
+                    
+                <!-- Delete user -->
+                <clicklink description="Click edit user link" label="newuser"/>
+                <clickbutton label="${button.delete}" description="Click button 'Delete'"/>
+                <!--verifyDialogText description="check alert" type="confirm" regex="true" text=".*"/>
+                <setConfirmDialogDefaults description="click OK" keeptext="true" response="true"/-->
+                <verifytext description="verify success message" regex="true"
+                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
+                <verifytitle description="display user list" 
+                    text="${webapp.prefix}${userList.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Sign up a new user (no login) -->
+    <target name="Signup"
+        description="Signup a new user">
+        <canoo name="signup">
+            &config;
+            <steps>
+                <invoke description="click signup link" url="/signup.html"/>
+                <verifytitle description="we should signup title" text="${webapp.prefix}${signup.title}"/>
+                
+                <setinputfield description="set username" name="signupForm:username" value="signup-user"/>
+                <setinputfield description="set password" name="signupForm:password" value="test"/>
+                <setinputfield description="set confirmPassword" name="signupForm:confirmPassword" value="test"/>
+                <setinputfield description="set firstName" name="signupForm:firstName" value="Test"/>
+                <setinputfield description="set lastName" name="signupForm:lastName" value="Name"/>
+                <setinputfield description="set city" name="signupForm:city" value="Denver"/>
+                <setinputfield description="set state" name="signupForm:province" value="CO"/>
+                <setselectfield description="Select country" name="signupForm:country" value="US"/>
+                <setinputfield description="set postalCode" name="signupForm:postalCode" value="80210"/>
+                <setinputfield description="set email" name="signupForm:email" value="signup-user@raibledesigns.com"/>
+                <setinputfield description="set website" name="signupForm:website" value="http://raibledesigns.com"/>
+                <setinputfield description="set passwordHint" name="signupForm:passwordHint" value="test"/>
+                
+                <clickbutton label="${button.register}" description="Click button 'Signup'"/>
+                <verifytitle text="${webapp.prefix}${login.title}"/>
+                <verifytext description="verify success message" text="${user.registered}"/>
+            </steps>
+        </canoo>
+    </target>
+
+    <!-- View Active Users -->
+    <target name="ActiveUsers" 
+        description="View Active Users List">
+        <canoo name="activeUsers">
+            &config;
+            <steps>
+                &login;
+                <invoke description="get activeUsers URL" url="/activeUsers.html"/>
+                <verifytitle description="we should see the activeUsers title" 
+                    text="${webapp.prefix}${activeUsers.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Flush OSCache -->
+    <target name="FlushCache" 
+        description="opens JSP to Flush Page Cache">
+        <canoo name="flushCache">
+            &config;
+            <steps>
+                &login;
+                <invoke description="get flushCache URL" url="/flushCache.html"/>
+                <verifytitle description="we should see the flush cache title" 
+                    text="${webapp.prefix}${flushCache.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- File Upload -->
+    <target name="FileUpload" 
+        description="Tests uploading a file">
+        <canoo name="fileUpload">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click Upload a File link" url="/selectFile.html"/>
+                <verifytitle description="we should see file upload form" 
+                    text="${webapp.prefix}${upload.title}"/>
+                <!--setinputfield description="set name" name="name" 
+                    value="Canoo Test File"/>
+                <setinputfield description="set file" name="file" 
+                    value="${basedir}/build.properties"/>
+                <clickbutton label="${button.upload}" description="Click Upload"/>
+                <verifytitle description="show file data if upload OK"
+                     text="${webapp.prefix}${display.title}" />
+                <verifytext description="verify original file name displayed on page"
+                     text="build.properties" /-->
+            </steps>
+        </canoo>
+    </target>
+</project>
Index: extras/jsf/web/loginForm.jsp
===================================================================
RCS file: /cvs/appfuse/extras/jsf/web/loginForm.jsp,v
retrieving revision 1.2
diff -u -r1.2 loginForm.jsp
--- extras/jsf/web/loginForm.jsp	18 Mar 2005 23:13:01 -0000	1.2
+++ extras/jsf/web/loginForm.jsp	29 Aug 2005 00:07:42 -0000
@@ -1,73 +1,68 @@
-<%@ include file="/common/taglibs.jsp"%>
-
-<div id="loginTable">
-<%-- If you don't want to encrypt passwords programmatically, or you don't
-     care about using SSL for the login, you can change this form's action
-     to "j_security_check" --%>
-<form method="post" id="loginForm" action="<c:url value="/authorize"/>" 
-    onsubmit="saveUsername(this);return validateForm(this)">
-<table width="100%">
-    <tr>
-        <td colspan="2">
-            <c:if test="${param.error != null}">
-            <div class="error" 
-                style="margin-right: 0; margin-bottom: 3px; margin-top: 3px">
-                    <img src="<c:url value="/images/iconWarning.gif"/>"
-                        alt="<fmt:message key="icon.warning"/>" class="icon" />
-                    <fmt:message key="errors.password.mismatch"/>
-                </div>
-            </c:if>
-        </td>
-    </tr>
-    <tr>
-        <th>
-            <label for="j_username" class="required">
-                * <fmt:message key="label.username"/>:
-            </label>
-        </th>
-        <td>
-            <input type="text" name="j_username" id="j_username" size="25" tabindex="1" />
-        </td>
-    </tr>
-    <tr>
-        <th>
-            <label for="j_password" class="required">
-                * <fmt:message key="label.password"/>:
-            </label>
-        </th>
-        <td>
-            <input type="password" name="j_password" id="j_password" size="20" tabindex="2" />
-        </td>
-    </tr>
-    <c:if test="${rememberMeEnabled}">
-    <tr>
-        <td></td>
-        <td>
-            <input type="checkbox" name="rememberMe" id="rememberMe" tabindex="3"/>
-            <label for="rememberMe"><fmt:message key="login.rememberMe"/></label>
-        </td>
-    </tr>
-    </c:if>
-    <tr>
-        <td></td>
-        <td>
-            <!-- for Resin -->
-            <input type="hidden" name="j_uri" value="" />
-            <input type="submit" class="button" name="login" value="<fmt:message key="button.login"/>" tabindex="4" />
-            <input type="reset" class="button" name="reset" value="<fmt:message key="button.reset"/>" tabindex="5" 
-                onclick="document.getElementById('j_username').focus()" />
-        </td>
-    </tr>
-    <tr>
-		<td></td>
-		<td><br />
-            <fmt:message key="login.signup">
-                <fmt:param><c:url value="/signup.html"/></fmt:param>
-            </fmt:message>
-        </td>
-	</tr>
-</table>
-</form>
-</div>
-
-<%@ include file="/scripts/login.js"%>
+<%@ include file="/common/taglibs.jsp"%>
+
+<div id="loginTable">
+<form method="post" id="loginForm" action="<c:url value="/j_security_check"/>" 
+    onsubmit="saveUsername(this);return validateForm(this)">
+<table width="100%">
+    <tr>
+        <td colspan="2">
+            <c:if test="${param.error != null}">
+            <div class="error" 
+                style="margin-right: 0; margin-bottom: 3px; margin-top: 3px">
+                    <img src="<c:url value="/images/iconWarning.gif"/>"
+                        alt="<fmt:message key="icon.warning"/>" class="icon" />
+                    <fmt:message key="errors.password.mismatch"/>
+                </div>
+            </c:if>
+        </td>
+    </tr>
+    <tr>
+        <th>
+            <label for="j_username" class="required">
+                * <fmt:message key="label.username"/>:
+            </label>
+        </th>
+        <td>
+            <input type="text" name="j_username" id="j_username" size="25" tabindex="1" />
+        </td>
+    </tr>
+    <tr>
+        <th>
+            <label for="j_password" class="required">
+                * <fmt:message key="label.password"/>:
+            </label>
+        </th>
+        <td>
+            <input type="password" name="j_password" id="j_password" size="20" tabindex="2" />
+        </td>
+    </tr>
+    <c:if test="${appConfig['rememberMeEnabled']}">
+    <tr>
+        <td></td>
+        <td>
+            <input type="checkbox" name="rememberMe" id="rememberMe" tabindex="3"/>
+            <label for="rememberMe" style="vertical-align: bottom"><fmt:message key="login.rememberMe"/></label>
+        </td>
+    </tr>
+    </c:if>
+    <tr>
+        <td></td>
+        <td>
+            <input type="submit" class="button" name="login" value="<fmt:message key="button.login"/>" tabindex="4" />
+            <input type="reset" class="button" name="reset" value="<fmt:message key="button.reset"/>" tabindex="5" 
+                onclick="document.getElementById('j_username').focus()" />
+        </td>
+    </tr>
+    <tr>
+		<td></td>
+		<td><br />
+            <fmt:message key="login.signup">
+                <fmt:param><c:url value="/signup.html"/></fmt:param>
+            </fmt:message>
+        </td>
+	</tr>
+</table>
+</form>
+</div>
+
+<%@ include file="/scripts/login.js"%>
Index: extras/spring/build.xml
===================================================================
RCS file: /cvs/appfuse/extras/spring/build.xml,v
retrieving revision 1.59
diff -u -r1.59 build.xml
--- extras/spring/build.xml	10 Aug 2005 15:21:44 -0000	1.59
+++ extras/spring/build.xml	29 Aug 2005 00:02:07 -0000
@@ -271,8 +271,6 @@
                 servletspec="2.3" sessiontimeout="10"
                 destdir="${webapp.target}/WEB-INF" distributable="false"
                 displayname="${ant.project.name}">
-                <configParam name="httpPort" value="${http.port}"/>
-                <configParam name="httpsPort" value="${https.port}"/>
                 <configParam name="daoType" value="${dao.type}"/>
             </deploymentdescriptor>
             <jsptaglib validateXML="true"
@@ -302,8 +300,6 @@
                 servletspec="2.3" sessiontimeout="10"
                 destdir="${webapp.target}/WEB-INF" distributable="false"
                 displayname="${ant.project.name}">
-                <configParam name="httpPort" value="${http.port}"/>
-                <configParam name="httpsPort" value="${https.port}"/>
                 <configParam name="daoType" value="${dao.type}"/>
             </deploymentdescriptor>
             <jsptaglib validateXML="true"
Index: extras/spring/src/web/org/appfuse/webapp/action/SignupController.java
===================================================================
RCS file: /cvs/appfuse/extras/spring/src/web/org/appfuse/webapp/action/SignupController.java,v
retrieving revision 1.17
diff -u -r1.17 SignupController.java
--- extras/spring/src/web/org/appfuse/webapp/action/SignupController.java	4 May 2005 07:43:05 -0000	1.17
+++ extras/spring/src/web/org/appfuse/webapp/action/SignupController.java	28 Aug 2005 22:30:32 -0000
@@ -1,106 +1,101 @@
-package org.appfuse.webapp.action;
-
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.appfuse.Constants;
-import org.appfuse.model.User;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
-import org.appfuse.webapp.util.RequestUtil;
-import org.springframework.validation.BindException;
-import org.springframework.web.servlet.ModelAndView;
-
-
-/**
- * Controller to signup new users.
- *
- * <p>
- * <a href="SignupController.java.html"><i>View Source</i></a>
- * </p>
- *
- * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a>
- */
-public class SignupController extends BaseFormController {
-    private RoleManager roleManager;
-
-    /**
-     * @param roleManager The roleManager to set.
-     */
-    public void setRoleManager(RoleManager roleManager) {
-        this.roleManager = roleManager;
-    }
-    
-    public ModelAndView onSubmit(HttpServletRequest request,
-                                 HttpServletResponse response, Object command,
-                                 BindException errors)
-    throws Exception {
-        if (log.isDebugEnabled()) {
-            log.debug("entering 'onSubmit' method...");
-        }
-
-        User user = (User) command;
-        Locale locale = request.getLocale();
-
-        String algorithm =
-        	(String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
-        if (algorithm == null) { // should only happen for test case
-            if (log.isDebugEnabled()) {
-                log.debug("assuming testcase, setting algorithm to 'SHA'");
-            }
-            algorithm = "SHA";
-        }
-        
-        user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
-        user.setEnabled(Boolean.TRUE);
-        
-        // Set the default user role on this new user
-        user.addRole(roleManager.getRole(Constants.USER_ROLE));
-
-        try {
-            this.getUserManager().saveUser(user);
-        } catch (UserExistsException e) {
-            log.warn(e.getMessage());
-
-            errors.rejectValue("username", "errors.existing.user",
-                               new Object[] {
-                                   user.getUsername(), user.getEmail()
-                               }, "duplicate user");
-
-            // redisplay the unencrypted passwords
-            user.setPassword(user.getConfirmPassword());
-            return showForm(request, response, errors);
-        }
-
-        // Set cookies for auto-magical login ;-)
-        String loginCookie = this.getUserManager().createLoginCookie(user.getUsername());
-        RequestUtil.setCookie(response, Constants.LOGIN_COOKIE, loginCookie,
-                              request.getContextPath());
-
-        saveMessage(request, getText("user.registered", user.getUsername(), locale));
-
-        request.getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
-
-        // Send user an e-mail
-        if (log.isDebugEnabled()) {
-            log.debug("Sending user '" + user.getUsername()
-                    + "' an account information e-mail");
-        }
-
-        // Send an account information e-mail
-        message.setSubject(getText("signup.email.subject", locale));
-        sendUserMessage(user, getText("signup.email.message", locale), 
-                        RequestUtil.getAppURL(request));
-        
-        return new ModelAndView(getSuccessView());
-    }
-
-    protected Object formBackingObject(HttpServletRequest request)
-    throws Exception {
-        return new User();
-    }
-}
+package org.appfuse.webapp.action;
+
+import java.util.Locale;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.appfuse.Constants;
+import org.appfuse.model.User;
+import org.appfuse.service.RoleManager;
+import org.appfuse.service.UserExistsException;
+import org.appfuse.util.StringUtil;
+import org.appfuse.webapp.util.RequestUtil;
+import org.springframework.validation.BindException;
+import org.springframework.web.servlet.ModelAndView;
+
+
+/**
+ * Controller to signup new users.
+ *
+ * <p>
+ * <a href="SignupController.java.html"><i>View Source</i></a>
+ * </p>
+ *
+ * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a>
+ */
+public class SignupController extends BaseFormController {
+    private RoleManager roleManager;
+
+    /**
+     * @param roleManager The roleManager to set.
+     */
+    public void setRoleManager(RoleManager roleManager) {
+        this.roleManager = roleManager;
+    }
+    
+    public ModelAndView onSubmit(HttpServletRequest request,
+                                 HttpServletResponse response, Object command,
+                                 BindException errors)
+    throws Exception {
+        if (log.isDebugEnabled()) {
+            log.debug("entering 'onSubmit' method...");
+        }
+
+        User user = (User) command;
+        Locale locale = request.getLocale();
+
+        Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+        
+        if (encrypt != null && encrypt.booleanValue()) {
+            String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
+    
+            if (algorithm == null) { // should only happen for test case
+                log.debug("assuming testcase, setting algorithm to 'SHA'");
+                algorithm = "SHA";
+            }
+            
+            user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
+        }
+        
+        user.setEnabled(Boolean.TRUE);
+        
+        // Set the default user role on this new user
+        user.addRole(roleManager.getRole(Constants.USER_ROLE));
+
+        try {
+            this.getUserManager().saveUser(user);
+        } catch (UserExistsException e) {
+            log.warn(e.getMessage());
+
+            errors.rejectValue("username", "errors.existing.user",
+                               new Object[] {
+                                   user.getUsername(), user.getEmail()
+                               }, "duplicate user");
+
+            // redisplay the unencrypted passwords
+            user.setPassword(user.getConfirmPassword());
+            return showForm(request, response, errors);
+        }
+
+        saveMessage(request, getText("user.registered", user.getUsername(), locale));
+        request.getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
+
+        // Send user an e-mail
+        if (log.isDebugEnabled()) {
+            log.debug("Sending user '" + user.getUsername() + "' an account information e-mail");
+        }
+
+        // Send an account information e-mail
+        message.setSubject(getText("signup.email.subject", locale));
+        sendUserMessage(user, getText("signup.email.message", locale), 
+                        RequestUtil.getAppURL(request));
+        
+        return new ModelAndView(getSuccessView());
+    }
+
+    protected Object formBackingObject(HttpServletRequest request)
+    throws Exception {
+        return new User();
+    }
+}
Index: extras/spring/src/web/org/appfuse/webapp/action/UserFormController.java
===================================================================
RCS file: /cvs/appfuse/extras/spring/src/web/org/appfuse/webapp/action/UserFormController.java,v
retrieving revision 1.24
diff -u -r1.24 UserFormController.java
--- extras/spring/src/web/org/appfuse/webapp/action/UserFormController.java	21 Apr 2005 05:13:26 -0000	1.24
+++ extras/spring/src/web/org/appfuse/webapp/action/UserFormController.java	29 Aug 2005 02:33:44 -0000
@@ -1,231 +1,231 @@
-package org.appfuse.webapp.action;
-
-import java.util.Locale;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.lang.StringUtils;
-import org.appfuse.Constants;
-import org.appfuse.model.Role;
-import org.appfuse.model.User;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserManager;
-import org.appfuse.service.UserExistsException;
-import org.appfuse.util.StringUtil;
-import org.appfuse.webapp.util.RequestUtil;
-import org.springframework.validation.BindException;
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.view.RedirectView;
-
-/**
- * Implementation of <strong>SimpleFormController</strong> that interacts with
- * the {@link UserManager} to retrieve/persist values to the database.
- *
- * <p><a href="UserFormController.java.html"><i>View Source</i></a></p>
- *
- * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a>
- */
-public class UserFormController extends BaseFormController {
-    private RoleManager roleManager;
-
-    /**
-     * @param roleManager The roleManager to set.
-     */
-    public void setRoleManager(RoleManager roleManager) {
-        this.roleManager = roleManager;
-    }
-
-    public ModelAndView processFormSubmission(HttpServletRequest request,
-                                              HttpServletResponse response,
-                                              Object command,
-                                              BindException errors)
-    throws Exception {
-        if (request.getParameter("cancel") != null) {
-            if (!StringUtils.equals(request.getParameter("from"), "list")) {
-                return new ModelAndView(getCancelView());
-            } else {
-                return new ModelAndView(getSuccessView());
-            }
-        }
-
-        return super.processFormSubmission(request, response, command, errors);
-    }
-
-    public ModelAndView onSubmit(HttpServletRequest request,
-                                 HttpServletResponse response, Object command,
-                                 BindException errors)
-    throws Exception {
-        if (log.isDebugEnabled()) {
-            log.debug("entering 'onSubmit' method...");
-        }
-
-        User user = (User) command;
-        Locale locale = request.getLocale();
-
-        if (request.getParameter("delete") != null) {
-            this.getUserManager().removeUser(user.getUsername());
-            saveMessage(request, getText("user.deleted", user.getFullName(), locale));
-
-            return new ModelAndView(getSuccessView());
-        } else {
-            if ("true".equals(request.getParameter("encryptPass"))) {
-                String algorithm =
-                    (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
-                if (algorithm == null) { // should only happen for test case
-
-                    if (log.isDebugEnabled()) {
-                        log.debug("assuming testcase, setting algorithm to 'SHA'");
-                    }
-
-                    algorithm = "SHA";
-                }
-
-                user.setPassword(StringUtil.encodePassword(user.getPassword(),
-                                                           algorithm));
-            }
-
-            String[] userRoles = request.getParameterValues("userRoles");
-
-            if (userRoles != null) {
-                // for some reason, Spring seems to hang on to the roles in
-                // the User object, even though isSessionForm() == false
-                user.getRoles().clear();
-                for (int i = 0; i < userRoles.length; i++) {
-                    String roleName = userRoles[i];
-                    user.addRole(roleManager.getRole(roleName));
-                }
-            }
-
-            try {
-                this.getUserManager().saveUser(user);
-            } catch (UserExistsException e) {
-                log.warn(e.getMessage());
-
-                errors.rejectValue("username", "errors.existing.user",
-                                   new Object[] {
-                                       user.getUsername(), user.getEmail()
-                                   }, "duplicate user");
-
-                // redisplay the unencrypted passwords
-                user.setPassword(user.getConfirmPassword());
-
-                return showForm(request, response, errors);
-            }
-
-            if (!StringUtils.equals(request.getParameter("from"), "list")) {
-                HttpSession session = request.getSession();
-                session.setAttribute(Constants.USER_KEY, user);
-
-                // update the user's remember me cookie if they didn't login
-                // with a cookie
-                if ((RequestUtil.getCookie(request, Constants.LOGIN_COOKIE) != null) &&
-                        (session.getAttribute("cookieLogin") == null)) {
-                    // delete all user cookies and add a new one
-                    this.getUserManager().removeLoginCookies(user.getUsername());
-
-                    String autoLogin =
-                        this.getUserManager().createLoginCookie(user.getUsername());
-                    RequestUtil.setCookie(response, Constants.LOGIN_COOKIE,
-                                          autoLogin, request.getContextPath());
-                }
-
-                saveMessage(request, getText("user.saved", user.getFullName(), locale));
-
-                // return to main Menu
-                return new ModelAndView(new RedirectView("mainMenu.html"));
-            } else {
-                if (StringUtils.isBlank(request.getParameter("version"))) {
-                    saveMessage(request,
-                                getText("user.added", user.getFullName(), locale));
-
-                    // Send an account information e-mail
-                    message.setSubject(getText("signup.email.subject", locale));
-                    sendUserMessage(user,
-                                    getText("newuser.email.message",
-                                            user.getFullName(), locale),
-                                    RequestUtil.getAppURL(request));
-
-                    return showNewForm(request, response);
-                } else {
-                    saveMessage(request,
-                                getText("user.updated.byAdmin",
-                                        user.getFullName(), locale));
-                }
-            }
-        }
-
-        return showForm(request, response, errors);
-    }
-
-    protected ModelAndView showForm(HttpServletRequest request,
-                                    HttpServletResponse response,
-                                    BindException errors)
-    throws Exception {
-        if (request.getRequestURI().indexOf("editProfile") > -1) {
-            // if URL is "editProfile" - make sure it's the current user
-            // reject if username passed in or "list" parameter passed in
-            // someone that is trying this probably knows the AppFuse code
-            // but it's a legitimate bug, so I'll fix it. ;-)
-            if ((request.getParameter("username") != null) ||
-                    (request.getParameter("from") != null)) {
-                response.sendError(HttpServletResponse.SC_FORBIDDEN);
-                log.warn("User '" + request.getRemoteUser() +
-                         "' is trying to edit user '" +
-                         request.getParameter("username") + "'");
-
-                return null;
-            }
-        }
-
-        // prevent ordinary users from calling a GET on editUser.html
-        // unless a bind error exists.
-        if ((request.getRequestURI().indexOf("editUser") > -1) &&
-                (!request.isUserInRole(Constants.ADMIN_ROLE) &&
-                (errors.getErrorCount() == 0) && // be nice to server-side validation for editProfile
-                (request.getRemoteUser() != null))) { // be nice to unit tests
-            response.sendError(HttpServletResponse.SC_FORBIDDEN);
-
-            return null;
-        }
-
-        return super.showForm(request, response, errors);
-    }
-
-    protected Object formBackingObject(HttpServletRequest request)
-    throws Exception {
-        String username = request.getParameter("username");
-
-        if (request.getSession().getAttribute("cookieLogin") != null) {
-            saveMessage(request, getText("userProfile.cookieLogin", request.getLocale()));
-        }
-
-        User user = null;
-
-        if (request.getRequestURI().indexOf("editProfile") > -1) {
-            user = this.getUserManager().getUser(getUser(request).getUsername());
-        } else if (!StringUtils.isBlank(username) &&
-                       !"".equals(request.getParameter("version"))) {
-            user = this.getUserManager().getUser(username);
-        } else {
-            user = new User();
-            user.addRole(new Role(Constants.USER_ROLE));
-        }
-
-        user.setConfirmPassword(user.getPassword());
-
-        return user;
-    }
-
-    protected void onBind(HttpServletRequest request, Object command)
-    throws Exception {
-        // if the user is being deleted, turn off validation
-        if (request.getParameter("delete") != null) {
-            super.setValidateOnBinding(false);
-        } else {
-            super.setValidateOnBinding(true);
-        }
-    }
-}
+package org.appfuse.webapp.action;
+
+import java.util.Locale;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.AuthenticationTrustResolver;
+import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
+import net.sf.acegisecurity.context.ContextHolder;
+import net.sf.acegisecurity.context.security.SecureContext;
+
+import org.apache.commons.lang.StringUtils;
+import org.appfuse.Constants;
+import org.appfuse.model.Role;
+import org.appfuse.model.User;
+import org.appfuse.service.RoleManager;
+import org.appfuse.service.UserManager;
+import org.appfuse.service.UserExistsException;
+import org.appfuse.util.StringUtil;
+import org.appfuse.webapp.util.RequestUtil;
+import org.springframework.validation.BindException;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.view.RedirectView;
+
+/**
+ * Implementation of <strong>SimpleFormController</strong> that interacts with
+ * the {@link UserManager} to retrieve/persist values to the database.
+ *
+ * <p><a href="UserFormController.java.html"><i>View Source</i></a></p>
+ *
+ * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a>
+ */
+public class UserFormController extends BaseFormController {
+    private RoleManager roleManager;
+
+    /**
+     * @param roleManager The roleManager to set.
+     */
+    public void setRoleManager(RoleManager roleManager) {
+        this.roleManager = roleManager;
+    }
+
+    public ModelAndView processFormSubmission(HttpServletRequest request,
+                                              HttpServletResponse response,
+                                              Object command,
+                                              BindException errors)
+    throws Exception {
+        if (request.getParameter("cancel") != null) {
+            if (!StringUtils.equals(request.getParameter("from"), "list")) {
+                return new ModelAndView(getCancelView());
+            } else {
+                return new ModelAndView(getSuccessView());
+            }
+        }
+
+        return super.processFormSubmission(request, response, command, errors);
+    }
+
+    public ModelAndView onSubmit(HttpServletRequest request,
+                                 HttpServletResponse response, Object command,
+                                 BindException errors)
+    throws Exception {
+        if (log.isDebugEnabled()) {
+            log.debug("entering 'onSubmit' method...");
+        }
+
+        User user = (User) command;
+        Locale locale = request.getLocale();
+
+        if (request.getParameter("delete") != null) {
+            this.getUserManager().removeUser(user.getUsername());
+            saveMessage(request, getText("user.deleted", user.getFullName(), locale));
+
+            return new ModelAndView(getSuccessView());
+        } else {
+            Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+
+            if (StringUtils.equals(request.getParameter("encryptPass"), "true") 
+                    && (encrypt != null && encrypt.booleanValue())) {
+
+                String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
+
+                if (algorithm == null) { // should only happen for test case
+
+                    if (log.isDebugEnabled()) {
+                        log.debug("assuming testcase, setting algorithm to 'SHA'");
+                    }
+
+                    algorithm = "SHA";
+                }
+
+                user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
+            }
+
+            String[] userRoles = request.getParameterValues("userRoles");
+
+            if (userRoles != null) {
+                // for some reason, Spring seems to hang on to the roles in
+                // the User object, even though isSessionForm() == false
+                user.getRoles().clear();
+                for (int i = 0; i < userRoles.length; i++) {
+                    String roleName = userRoles[i];
+                    user.addRole(roleManager.getRole(roleName));
+                }
+            }
+
+            try {
+                this.getUserManager().saveUser(user);
+            } catch (UserExistsException e) {
+                log.warn(e.getMessage());
+
+                errors.rejectValue("username", "errors.existing.user",
+                                   new Object[] {
+                                       user.getUsername(), user.getEmail()
+                                   }, "duplicate user");
+
+                // redisplay the unencrypted passwords
+                user.setPassword(user.getConfirmPassword());
+
+                return showForm(request, response, errors);
+            }
+
+            if (!StringUtils.equals(request.getParameter("from"), "list")) {
+                HttpSession session = request.getSession();
+                session.setAttribute(Constants.USER_KEY, user);
+
+                saveMessage(request, getText("user.saved", user.getFullName(), locale));
+
+                // return to main Menu
+                return new ModelAndView(new RedirectView("mainMenu.html"));
+            } else {
+                if (StringUtils.isBlank(request.getParameter("version"))) {
+                    saveMessage(request,
+                                getText("user.added", user.getFullName(), locale));
+
+                    // Send an account information e-mail
+                    message.setSubject(getText("signup.email.subject", locale));
+                    sendUserMessage(user, getText("newuser.email.message", user.getFullName(), locale),
+                                    RequestUtil.getAppURL(request));
+
+                    return showNewForm(request, response);
+                } else {
+                    saveMessage(request, getText("user.updated.byAdmin", user.getFullName(), locale));
+                }
+            }
+        }
+
+        return showForm(request, response, errors);
+    }
+
+    protected ModelAndView showForm(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    BindException errors)
+    throws Exception {
+        if (request.getRequestURI().indexOf("editProfile") > -1) {
+            // if URL is "editProfile" - make sure it's the current user
+            // reject if username passed in or "list" parameter passed in
+            // someone that is trying this probably knows the AppFuse code
+            // but it's a legitimate bug, so I'll fix it. ;-)
+            if ((request.getParameter("username") != null) || (request.getParameter("from") != null)) {
+                response.sendError(HttpServletResponse.SC_FORBIDDEN);
+                log.warn("User '" + request.getRemoteUser() + "' is trying to edit user '" +
+                         request.getParameter("username") + "'");
+
+                return null;
+            }
+        }
+
+        // prevent ordinary users from calling a GET on editUser.html
+        // unless a bind error exists.
+        if ((request.getRequestURI().indexOf("editUser") > -1) && (!request.isUserInRole(Constants.ADMIN_ROLE) &&
+                (errors.getErrorCount() == 0) && // be nice to server-side validation for editProfile
+                (request.getRemoteUser() != null))) { // be nice to unit tests
+            response.sendError(HttpServletResponse.SC_FORBIDDEN);
+
+            return null;
+        }
+
+        return super.showForm(request, response, errors);
+    }
+
+    protected Object formBackingObject(HttpServletRequest request)
+    throws Exception {
+        String username = request.getParameter("username");
+
+        // if user logged in with remember me, display a warning that they can't change passwords
+        log.debug("checking for remember me login...");
+
+        AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
+        SecureContext ctx = (SecureContext) ContextHolder.getContext();
+
+        if (ctx != null) {
+            Authentication auth = ctx.getAuthentication();
+
+            if (resolver.isRememberMe(auth)) {
+                request.getSession().setAttribute("cookieLogin", "true");
+                
+                // add warning message
+                saveMessage(request, getText("userProfile.cookieLogin", request.getLocale()));
+            }
+        }
+
+        User user = null;
+
+        if (request.getRequestURI().indexOf("editProfile") > -1) {
+            user = this.getUserManager().getUser(getUser(request).getUsername());
+        } else if (!StringUtils.isBlank(username) && !"".equals(request.getParameter("version"))) {
+            user = this.getUserManager().getUser(username);
+        } else {
+            user = new User();
+            user.addRole(new Role(Constants.USER_ROLE));
+        }
+
+        user.setConfirmPassword(user.getPassword());
+
+        return user;
+    }
+
+    protected void onBind(HttpServletRequest request, Object command)
+    throws Exception {
+        // if the user is being deleted, turn off validation
+        if (request.getParameter("delete") != null) {
+            super.setValidateOnBinding(false);
+        } else {
+            super.setValidateOnBinding(true);
+        }
+    }
+}
Index: extras/spring/test/web/web-tests.xml
===================================================================
RCS file: /cvs/appfuse/extras/spring/test/web/web-tests.xml,v
retrieving revision 1.15
diff -u -r1.15 web-tests.xml
--- extras/spring/test/web/web-tests.xml	28 Aug 2005 21:15:53 -0000	1.15
+++ extras/spring/test/web/web-tests.xml	29 Aug 2005 02:33:16 -0000
@@ -1,236 +1,234 @@
-<!-- ======================================================================= -->
-<!-- $Id: web-tests.xml,v 1.15 2005/08/28 21:15:53 mraible Exp $               -->
-<!-- ======================================================================= -->
-<!DOCTYPE project [
-    <!ENTITY config SYSTEM "file:./config.xml">
-    <!ENTITY login SYSTEM "file:./login.xml">
-]>
-<project basedir="." default="run-all-tests"> 
-    <!-- Include ApplicationResources.properties so we can test against 
-         keys, rather than values -->
-    <property file="web/WEB-INF/classes/ApplicationResources.properties"/>
-
-    <!-- runs all targets -->
-    <target name="run-all-tests" 
-        depends="Login,Logout,PasswordHint,Signup,UserTests,FlushCache,FileUpload"
-        description="Call and executes all test cases (targets)"/>
-    
-    <!-- runs user-related tests -->
-    <target name="UserTests" 
-        depends="EditUser,SearchUser,SaveUser,AddUser,ActiveUsers"
-        description="Call and executes all person test cases (targets)">
-        <echo>Successfully ran all User JSP tests!</echo>
-    </target>
-    
-    <!-- Login to the application -->
-    <target name="Login" 
-        description="Runs login test and verifies Main Menu's Title">
-        <canoo name="login">
-            &config;
-            <steps>
-                &login;
-            </steps>
-        </canoo>
-    </target>
-
-    <!-- Logout of the application -->
-    <target name="Logout"
-        description="Runs logout test and verifies Login's Title">
-        <canoo name="login">
-            &config;
-            <steps>
-                &login;
-                <invoke description="get Logout Page" url="/logout.jsp"/>
-                <verifytitle description="we should see the login title"
-                    text="${webapp.prefix}${login.title}"/>
-            </steps>
-        </canoo>
-    </target>
-
-    <!-- Retrieve Password Hint -->
-    <target name="PasswordHint" 
-        description="Gets the user's password hint">
-        <canoo name="passwordHint">
-            &config;
-            <steps>
-                <invoke description="get Login Page" url="/"/>
-                <verifytitle description="we should see the login title" 
-                    text="${webapp.prefix}${login.title}"/>
-                <invoke description="click password hint link"
-                    url="/passwordHint.html?username=mraible"/>
-                <verifytitle description="we should see the login title again"
-                    text="${webapp.prefix}${login.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Verify the edit user screen displays without errors -->
-    <target name="EditUser" 
-        description="Tests selecting the 'Edit Profile' forward">
-        <canoo name="editUser">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click Edit Profile link" url="/editProfile.html"/>
-                <verifytitle description="we should see the user profile title" 
-                    text="${webapp.prefix}${userProfile.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Verify the user list screen displays without errors -->
-    <target name="SearchUser" 
-        description="Tests search for and displaying all users">
-        <canoo name="searchUser">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click View Users link" url="/users.html"/>
-                <verifytitle description="we should see the user list title" 
-                    text="${webapp.prefix}${userList.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Edit a user and then save -->
-    <target name="SaveUser" 
-        description="Tests editing and saving a user">
-        <canoo name="saveUser">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click Edit Profile link" url="/editProfile.html"/>
-                <verifytitle description="we should see the user profile title" 
-                    text="${webapp.prefix}${userProfile.title}"/>
-                <setinputfield description="set address" name="address.address" 
-                    value="2255 Lane Avenue"/>
-                <setinputfield description="set zipcode" name="address.postalCode" 
-                    value="59826"/>
-                <clickbutton label="${button.save}" description="Click Save"/>
-                <verifytitle description="display Main Menu if save OK"
-                     text="${webapp.prefix}${mainMenu.title}" />
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Add a new user after logging in -->
-    <target name="AddUser"
-        description="Adds a new user profile">
-        <canoo name="addUser">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click Add Button" 
-                    url="/editUser.html?method=Add&amp;from=list"/>
-                <verifytitle description="we should see the user profile title" 
-                    text="${webapp.prefix}${userProfile.title}"/>
-                    
-                <setinputfield description="set username" name="username" value="newuser"/>
-                <setinputfield description="set password" name="password" value="test"/>
-                <setinputfield description="set confirmPassword" name="confirmPassword" value="test"/>
-                <setinputfield description="set firstName" name="firstName" value="Test"/>
-                <setinputfield description="set lastName" name="lastName" value="Name"/>
-                <setinputfield description="set city" name="address.city" value="Denver"/>
-                <setinputfield description="select province" name="address.province" value="CO"/>
-                <setselectfield description="select country" name="address.country" value="US"/>
-                <setinputfield description="set postalCode" name="address.postalCode" value="80210"/>
-                <setinputfield description="set email" name="email" value="newuser@raibledesigns.com"/>
-                <setinputfield description="set website" name="website" value="http://raibledesigns.com"/>
-                <setinputfield description="set passwordHint" name="passwordHint" value="test"/>
-                <setselectfield description="select roles in user roles list" name="userRoles" value="user"/>
-                <clickbutton label="${button.save}" description="Click button 'Save'"/>
-                
-                <verifytitle description="Redisplay add user page" text="${webapp.prefix}${userProfile.title}"/>
-                <verifytext description="verify success message" regex="true"
-                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
-                    
-                <!-- Delete user -->
-                <invoke description="Click edit user link" url="/editUser.html?username=newuser&amp;from=list"/>
-                <clickbutton label="${button.delete}" description="Click button 'Delete'"/>
-                <verifytext description="verify success message" regex="true"
-                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
-                <verifytitle description="display user list" text="${webapp.prefix}${userList.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Sign up a new user (no login) -->
-    <target name="Signup"
-        description="Signup a new user">
-        <canoo name="signup">
-            &config;
-            <steps>
-                <invoke description="click signup link" url="/signup.html"/>
-                <verifytitle description="view signup title" text="${webapp.prefix}${signup.title}"/>
-                
-                <setinputfield description="set username" name="username" value="signup-user"/>
-                <setinputfield description="set password" name="password" value="test"/>
-                <setinputfield description="set confirmPassword" name="confirmPassword" value="test"/>
-                <setinputfield description="set firstName" name="firstName" value="Test"/>
-                <setinputfield description="set lastName" name="lastName" value="Name"/>
-                <setinputfield description="set city" name="address.city" value="Denver"/>
-                <setinputfield description="set state" name="address.province" value="CO"/>
-                <setselectfield description="select country" name="address.country" value="US"/>
-                <setinputfield description="set postalCode" name="address.postalCode" value="80210"/>
-                <setinputfield description="set email" name="email" value="signup-user@raibledesigns.com"/>
-                <setinputfield description="set website" name="website" value="http://raibledesigns.com"/>
-                <setinputfield description="set passwordHint" name="passwordHint" value="test"/>
-                <clickbutton label="${button.register}" description="Click button 'Signup'"/>
-
-                <verifytitle description="view main menu" text="${webapp.prefix}${mainMenu.title}"/>
-                <verifytext description="verify success message" text="${user.registered}"/>
-            </steps>
-        </canoo>
-    </target>
-
-    <!-- View Active Users -->
-    <target name="ActiveUsers" 
-        description="View Active Users List">
-        <canoo name="activeUsers">
-            &config;
-            <steps>
-                &login;
-                <invoke description="get activeUsers URL" url="/activeUsers.html"/>
-                <verifytitle description="we should see the activeUsers title" 
-                    text="${webapp.prefix}${activeUsers.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- Flush OSCache -->
-    <target name="FlushCache" 
-        description="opens JSP to Flush Page Cache">
-        <canoo name="flushCache">
-            &config;
-            <steps>
-                &login;
-                <invoke description="get flushCache URL" url="/flushCache.html"/>
-                <verifytitle description="we should see the flush cache title" 
-                    text="${webapp.prefix}${flushCache.title}"/>
-            </steps>
-        </canoo>
-    </target>
-    
-    <!-- File Upload -->
-    <target name="FileUpload" 
-        description="Tests uploading a file">
-        <canoo name="fileUpload">
-            &config;
-            <steps>
-                &login;
-                <invoke description="click Upload a File link" url="/selectFile.html"/>
-                <verifytitle description="we should see file upload form" 
-                    text="${webapp.prefix}${upload.title}"/>
-                <!--setinputfield description="set name" name="name" 
-                    value="Canoo Test File"/>
-                <setinputfield description="set file" name="file" 
-                    value="${basedir}/build.properties"/>
-                <clickbutton label="${button.upload}" description="Click Upload"/>
-                <verifytitle description="show file data if upload OK"
-                     text="${webapp.prefix}${display.title}" />
-                <verifytext description="verify original file name displayed on page"
-                     text="build.properties" /-->
-            </steps>
-        </canoo>
-    </target>
-</project>
+<!-- ======================================================================= -->
+<!-- $Id: web-tests.xml,v 1.15 2005/08/28 21:15:53 mraible Exp $               -->
+<!-- ======================================================================= -->
+<!DOCTYPE project [
+    <!ENTITY config SYSTEM "file:./config.xml">
+    <!ENTITY login SYSTEM "file:./login.xml">
+]>
+<project basedir="." default="run-all-tests"> 
+    <!-- Include ApplicationResources.properties so we can test against 
+         keys, rather than values -->
+    <property file="web/WEB-INF/classes/ApplicationResources.properties"/>
+
+    <!-- runs all targets -->
+    <target name="run-all-tests" 
+        depends="Login,Logout,PasswordHint,Signup,UserTests,FlushCache,FileUpload"
+        description="Call and executes all test cases (targets)"/>
+    
+    <!-- runs user-related tests -->
+    <target name="UserTests" 
+        depends="EditUser,SearchUser,SaveUser,AddUser,ActiveUsers"
+        description="Call and executes all person test cases (targets)">
+        <echo>Successfully ran all User JSP tests!</echo>
+    </target>
+    
+    <!-- Login to the application -->
+    <target name="Login" 
+        description="Runs login test and verifies Main Menu's Title">
+        <canoo name="login">
+            &config;
+            <steps>
+                &login;
+            </steps>
+        </canoo>
+    </target>
+
+    <!-- Logout of the application -->
+    <target name="Logout"
+        description="Runs logout test and verifies Login's Title">
+        <canoo name="login">
+            &config;
+            <steps>
+                &login;
+                <invoke description="get Logout Page" url="/logout.jsp"/>
+                <verifytitle description="we should see the login title"
+                    text="${webapp.prefix}${login.title}"/>
+            </steps>
+        </canoo>
+    </target>
+
+    <!-- Retrieve Password Hint -->
+    <target name="PasswordHint" 
+        description="Gets the user's password hint">
+        <canoo name="passwordHint">
+            &config;
+            <steps>
+                <invoke description="get Login Page" url="/"/>
+                <verifytitle description="we should see the login title" 
+                    text="${webapp.prefix}${login.title}"/>
+                <invoke description="click password hint link"
+                    url="/passwordHint.html?username=mraible"/>
+                <verifytitle description="we should see the login title again"
+                    text="${webapp.prefix}${login.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Verify the edit user screen displays without errors -->
+    <target name="EditUser" 
+        description="Tests selecting the 'Edit Profile' forward">
+        <canoo name="editUser">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click Edit Profile link" url="/editProfile.html"/>
+                <verifytitle description="we should see the user profile title" 
+                    text="${webapp.prefix}${userProfile.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Verify the user list screen displays without errors -->
+    <target name="SearchUser" 
+        description="Tests search for and displaying all users">
+        <canoo name="searchUser">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click View Users link" url="/users.html"/>
+                <verifytitle description="we should see the user list title" 
+                    text="${webapp.prefix}${userList.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Edit a user and then save -->
+    <target name="SaveUser" 
+        description="Tests editing and saving a user">
+        <canoo name="saveUser">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click Edit Profile link" url="/editProfile.html"/>
+                <verifytitle description="we should see the user profile title" 
+                    text="${webapp.prefix}${userProfile.title}"/>
+                <setinputfield description="set address" name="address.address" value="2255 Lane Avenue"/>
+                <setinputfield description="set zipcode" name="address.postalCode" value="59826"/>
+                <clickbutton label="${button.save}" description="Click Save"/>
+                <verifytitle description="display Main Menu if save OK"
+                     text="${webapp.prefix}${mainMenu.title}" />
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Add a new user after logging in -->
+    <target name="AddUser"
+        description="Adds a new user profile">
+        <canoo name="addUser">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click Add Button" 
+                    url="/editUser.html?method=Add&amp;from=list"/>
+                <verifytitle description="we should see the user profile title" 
+                    text="${webapp.prefix}${userProfile.title}"/>
+                    
+                <setinputfield description="set username" name="username" value="newuser"/>
+                <setinputfield description="set password" name="password" value="test"/>
+                <setinputfield description="set confirmPassword" name="confirmPassword" value="test"/>
+                <setinputfield description="set firstName" name="firstName" value="Test"/>
+                <setinputfield description="set lastName" name="lastName" value="Name"/>
+                <setinputfield description="set city" name="address.city" value="Denver"/>
+                <setinputfield description="select province" name="address.province" value="CO"/>
+                <setselectfield description="select country" name="address.country" value="US"/>
+                <setinputfield description="set postalCode" name="address.postalCode" value="80210"/>
+                <setinputfield description="set email" name="email" value="newuser@raibledesigns.com"/>
+                <setinputfield description="set website" name="website" value="http://raibledesigns.com"/>
+                <setinputfield description="set passwordHint" name="passwordHint" value="test"/>
+                <setselectfield description="select roles in user roles list" name="userRoles" value="user"/>
+                <clickbutton label="${button.save}" description="Click button 'Save'"/>
+                
+                <verifytitle description="Redisplay add user page" text="${webapp.prefix}${userProfile.title}"/>
+                <verifytext description="verify success message" regex="true"
+                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
+                    
+                <!-- Delete user -->
+                <invoke description="Click edit user link" url="/editUser.html?username=newuser&amp;from=list"/>
+                <clickbutton label="${button.delete}" description="Click button 'Delete'"/>
+                <verifytext description="verify success message" regex="true"
+                    text='&lt;div class="message.*&gt;.*&lt;strong&gt;Test Name&lt;/strong&gt;.*&lt;/div&gt;'/>
+                <verifytitle description="display user list" text="${webapp.prefix}${userList.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Sign up a new user (no login) -->
+    <target name="Signup"
+        description="Signup a new user">
+        <canoo name="signup">
+            &config;
+            <steps>
+                <invoke description="click signup link" url="/signup.html"/>
+                <verifytitle description="view signup title" text="${webapp.prefix}${signup.title}"/>
+                
+                <setinputfield description="set username" name="username" value="signup-user"/>
+                <setinputfield description="set password" name="password" value="test"/>
+                <setinputfield description="set confirmPassword" name="confirmPassword" value="test"/>
+                <setinputfield description="set firstName" name="firstName" value="Test"/>
+                <setinputfield description="set lastName" name="lastName" value="Name"/>
+                <setinputfield description="set city" name="address.city" value="Denver"/>
+                <setinputfield description="set state" name="address.province" value="CO"/>
+                <setselectfield description="select country" name="address.country" value="US"/>
+                <setinputfield description="set postalCode" name="address.postalCode" value="80210"/>
+                <setinputfield description="set email" name="email" value="signup-user@raibledesigns.com"/>
+                <setinputfield description="set website" name="website" value="http://raibledesigns.com"/>
+                <setinputfield description="set passwordHint" name="passwordHint" value="test"/>
+                <clickbutton label="${button.register}" description="Click button 'Signup'"/>
+
+                <verifytitle description="view login screen" text="${webapp.prefix}${login.title}"/>
+                <verifytext description="verify success message" text="${user.registered}"/>
+            </steps>
+        </canoo>
+    </target>
+
+    <!-- View Active Users -->
+    <target name="ActiveUsers" 
+        description="View Active Users List">
+        <canoo name="activeUsers">
+            &config;
+            <steps>
+                &login;
+                <invoke description="get activeUsers URL" url="/activeUsers.html"/>
+                <verifytitle description="we should see the activeUsers title" 
+                    text="${webapp.prefix}${activeUsers.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- Flush OSCache -->
+    <target name="FlushCache" 
+        description="opens JSP to Flush Page Cache">
+        <canoo name="flushCache">
+            &config;
+            <steps>
+                &login;
+                <invoke description="get flushCache URL" url="/flushCache.html"/>
+                <verifytitle description="we should see the flush cache title" 
+                    text="${webapp.prefix}${flushCache.title}"/>
+            </steps>
+        </canoo>
+    </target>
+    
+    <!-- File Upload -->
+    <target name="FileUpload" 
+        description="Tests uploading a file">
+        <canoo name="fileUpload">
+            &config;
+            <steps>
+                &login;
+                <invoke description="click Upload a File link" url="/selectFile.html"/>
+                <verifytitle description="we should see file upload form" 
+                    text="${webapp.prefix}${upload.title}"/>
+                <!--setinputfield description="set name" name="name" 
+                    value="Canoo Test File"/>
+                <setinputfield description="set file" name="file" 
+                    value="${basedir}/build.properties"/>
+                <clickbutton label="${button.upload}" description="Click Upload"/>
+                <verifytitle description="show file data if upload OK"
+                     text="${webapp.prefix}${display.title}" />
+                <verifytext description="verify original file name displayed on page"
+                     text="build.properties" /-->
+            </steps>
+        </canoo>
+    </target>
+</project>
Index: extras/tapestry/build.xml
===================================================================
RCS file: /cvs/appfuse/extras/tapestry/build.xml,v
retrieving revision 1.12
diff -u -r1.12 build.xml
--- extras/tapestry/build.xml	10 Aug 2005 15:21:45 -0000	1.12
+++ extras/tapestry/build.xml	29 Aug 2005 00:02:08 -0000
@@ -386,8 +386,6 @@
                 servletspec="2.3" sessiontimeout="10"
                 destdir="${webapp.target}/WEB-INF" distributable="false"
                 displayname="${ant.project.name}">
-                <configParam name="httpPort" value="${http.port}"/>
-                <configParam name="httpsPort" value="${https.port}"/>
                 <configParam name="daoType" value="${dao.type}"/>
             </deploymentdescriptor>
             <jsptaglib validateXML="true"
@@ -416,8 +414,6 @@
                 servletspec="2.3" sessiontimeout="10"
                 destdir="${webapp.target}/WEB-INF" distributable="false"
                 displayname="${ant.project.name}">
-                <configParam name="httpPort" value="${http.port}"/>
-                <configParam name="httpsPort" value="${https.port}"/>
                 <configParam name="daoType" value="${dao.type}"/>
             </deploymentdescriptor>
             <jsptaglib validateXML="true"
Index: extras/tapestry/src/web/org/appfuse/webapp/action/SignupForm.java
===================================================================
RCS file: /cvs/appfuse/extras/tapestry/src/web/org/appfuse/webapp/action/SignupForm.java,v
retrieving revision 1.3
diff -u -r1.3 SignupForm.java
--- extras/tapestry/src/web/org/appfuse/webapp/action/SignupForm.java	7 Jan 2005 21:00:46 -0000	1.3
+++ extras/tapestry/src/web/org/appfuse/webapp/action/SignupForm.java	29 Aug 2005 04:00:33 -0000
@@ -1,146 +1,140 @@
-package org.appfuse.webapp.action;
-
-import java.io.IOException;
-import java.util.Map;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.tapestry.IRequestCycle;
-import org.apache.tapestry.event.PageEvent;
-import org.apache.tapestry.event.PageRenderListener;
-import org.apache.tapestry.form.IPropertySelectionModel;
-import org.apache.tapestry.valid.IValidationDelegate;
-import org.apache.tapestry.valid.ValidationConstraint;
-import org.appfuse.Constants;
-import org.appfuse.model.User;
-import org.appfuse.service.MailEngine;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserExistsException;
-import org.appfuse.service.UserManager;
-import org.appfuse.util.StringUtil;
-import org.appfuse.webapp.util.RequestUtil;
-import org.springframework.context.ApplicationContext;
-import org.springframework.mail.SimpleMailMessage;
-
-public abstract class SignupForm extends BasePage implements PageRenderListener {
-    private IPropertySelectionModel countries;  
-
-    public abstract UserManager getUserManager();
-    public abstract void setUserManager(UserManager manager);
-    public abstract RoleManager getRoleManager();
-    public abstract void setRoleManager(RoleManager manager);
-    public abstract void setUser(User user);
-    public abstract User getUser();
-    
-    public IPropertySelectionModel getCountries() {
-        if (countries == null) {
-            countries = new CountryModel(getLocale());
-        }
-        return countries;
-    }
-    
-    public void pageBeginRender(PageEvent event) {
-        if (getUser() == null && !event.getRequestCycle().isRewinding()) {
-            setUser(new User());
-        } else if (event.getRequestCycle().isRewinding()) {
-            setUser(new User());
-        }
-     }
-    
-    public void cancel(IRequestCycle cycle) throws IOException {
-        if (log.isDebugEnabled()) {
-            log.debug("entered cancel method");
-        }
-        getResponse().sendRedirect(getRequest().getContextPath());
-    }
-    
-    public void save(IRequestCycle cycle) throws UserExistsException {
-        if (log.isDebugEnabled()) {
-            log.debug("entered save method");
-        }
-        
-        // make sure the password fields match
-        IValidationDelegate delegate = getValidationDelegate();
-        if (!StringUtils.equals(getUser().getPassword(), getUser().getConfirmPassword())) {
-            addError(delegate, "confirmPasswordField", 
-                     format("errors.twofields", getMessage("user.confirmPassword"), 
-                             getMessage("user.password")),
-                     ValidationConstraint.CONSISTENCY);
-        }
-        
-        if (delegate.getHasErrors()) { 
-            return; 
-        }
-        
-        String algorithm =
-            (String) getConfiguration().get(Constants.ENC_ALGORITHM);
-
-        if (algorithm == null) { // should only happen for test case
-            if (log.isDebugEnabled()) {
-                log.debug("assuming testcase, setting algorithm to 'SHA'");
-            }
-            algorithm = "SHA";
-        }
-        
-        User user = getUser();
-        
-        user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
-        user.setEnabled(Boolean.TRUE);
-
-        // Set the default user role on this new user
-        user.addRole(getRoleManager().getRole(Constants.USER_ROLE));
-        
-        getUserManager().saveUser(getUser());
-        
-        try {
-            getUserManager().saveUser(user);
-        } catch (UserExistsException e) {
-            log.warn(e.getMessage());
-            addError(delegate, "usernameField",
-                     format("errors.existing.user", user.getUsername(),
-                            user.getEmail()), ValidationConstraint.CONSISTENCY);
-            // redisplay the unencrypted passwords
-            user.setPassword(user.getConfirmPassword());
-            return;
-        }
-
-        // Set cookies for auto-magical login ;-)
-        String loginCookie = getUserManager().createLoginCookie(user.getUsername());
-        RequestUtil.setCookie(getResponse(), 
-                              Constants.LOGIN_COOKIE, loginCookie,
-                              getRequest().getContextPath());
-
-        getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
-
-        // Send user an e-mail
-        if (log.isDebugEnabled()) {
-            log.debug("Sending user '" + user.getUsername()
-                    + "' an account information e-mail");
-        }
-
-        Map global = (Map) getGlobal();
-        ApplicationContext ctx =
-            (ApplicationContext) global.get(BaseEngine.APPLICATION_CONTEXT_KEY);
-        
-        SimpleMailMessage message = (SimpleMailMessage) ctx.getBean("mailMessage");
-        message.setTo(user.getFullName() + "<" + user.getEmail() + ">");
-        
-        StringBuffer msg = new StringBuffer();
-        msg.append(getMessage("signup.email.message"));
-        msg.append("\n\n" + getMessage("user.username"));
-        msg.append(": " + user.getUsername() + "\n");
-        msg.append(getMessage("user.password") + ": ");
-        msg.append(user.getPassword());
-        msg.append("\n\nLogin at: " + RequestUtil.getAppURL(getRequest()));
-        message.setText(msg.toString());
-        
-        message.setSubject(getMessage("signup.email.subject"));
-        
-        MailEngine engine = (MailEngine) ctx.getBean("mailEngine");
-        engine.send(message);
-        
-        MainMenu nextPage = (MainMenu) cycle.getPage("mainMenu");
-        nextPage.setMessage(getMessage("user.registered"));
-        cycle.activate(nextPage);
-    }
-}
-
+package org.appfuse.webapp.action;
+
+import java.io.IOException;
+import java.util.Map;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.tapestry.IRequestCycle;
+import org.apache.tapestry.event.PageEvent;
+import org.apache.tapestry.event.PageRenderListener;
+import org.apache.tapestry.form.IPropertySelectionModel;
+import org.apache.tapestry.valid.IValidationDelegate;
+import org.apache.tapestry.valid.ValidationConstraint;
+import org.appfuse.Constants;
+import org.appfuse.model.User;
+import org.appfuse.service.MailEngine;
+import org.appfuse.service.RoleManager;
+import org.appfuse.service.UserExistsException;
+import org.appfuse.service.UserManager;
+import org.appfuse.util.StringUtil;
+import org.appfuse.webapp.util.RequestUtil;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mail.SimpleMailMessage;
+
+public abstract class SignupForm extends BasePage implements PageRenderListener {
+    private IPropertySelectionModel countries;  
+
+    public abstract UserManager getUserManager();
+    public abstract void setUserManager(UserManager manager);
+    public abstract RoleManager getRoleManager();
+    public abstract void setRoleManager(RoleManager manager);
+    public abstract void setUser(User user);
+    public abstract User getUser();
+    
+    public IPropertySelectionModel getCountries() {
+        if (countries == null) {
+            countries = new CountryModel(getLocale());
+        }
+        return countries;
+    }
+    
+    public void pageBeginRender(PageEvent event) {
+        if (getUser() == null && !event.getRequestCycle().isRewinding()) {
+            setUser(new User());
+        } else if (event.getRequestCycle().isRewinding()) {
+            setUser(new User());
+        }
+     }
+    
+    public void cancel(IRequestCycle cycle) throws IOException {
+        if (log.isDebugEnabled()) {
+            log.debug("entered cancel method");
+        }
+        getResponse().sendRedirect(getRequest().getContextPath());
+    }
+    
+    public void save(IRequestCycle cycle) throws UserExistsException, IOException {
+        if (log.isDebugEnabled()) {
+            log.debug("entered save method");
+        }
+        
+        // make sure the password fields match
+        IValidationDelegate delegate = getValidationDelegate();
+        if (!StringUtils.equals(getUser().getPassword(), getUser().getConfirmPassword())) {
+            addError(delegate, "confirmPasswordField", 
+                     format("errors.twofields", getMessage("user.confirmPassword"), 
+                             getMessage("user.password")),
+                     ValidationConstraint.CONSISTENCY);
+        }
+        
+        if (delegate.getHasErrors()) { 
+            return; 
+        }
+
+        User user = getUser();
+        
+        Boolean encrypt = (Boolean) getConfiguration().get(Constants.ENCRYPT_PASSWORD);
+        
+        if (encrypt != null && encrypt.booleanValue()) {
+            String algorithm = (String) getConfiguration().get(Constants.ENC_ALGORITHM);
+    
+            if (algorithm == null) { // should only happen for test case
+                if (log.isDebugEnabled()) {
+                    log.debug("assuming testcase, setting algorithm to 'SHA'");
+                }
+                algorithm = "SHA";
+            }
+            user.setPassword(StringUtil.encodePassword(user.getPassword(), algorithm));
+        }        
+        
+        user.setEnabled(Boolean.TRUE);
+
+        // Set the default user role on this new user
+        user.addRole(getRoleManager().getRole(Constants.USER_ROLE));
+        
+        getUserManager().saveUser(getUser());
+        
+        try {
+            getUserManager().saveUser(user);
+        } catch (UserExistsException e) {
+            log.warn(e.getMessage());
+            addError(delegate, "usernameField",
+                     format("errors.existing.user", user.getUsername(),
+                            user.getEmail()), ValidationConstraint.CONSISTENCY);
+            // redisplay the unencrypted passwords
+            user.setPassword(user.getConfirmPassword());
+            return;
+        }
+
+        getSession().setAttribute(Constants.REGISTERED, Boolean.TRUE);
+
+        // Send user an e-mail
+        if (log.isDebugEnabled()) {
+            log.debug("Sending user '" + user.getUsername() + "' an account information e-mail");
+        }
+
+        Map global = (Map) getGlobal();
+        ApplicationContext ctx = (ApplicationContext) global.get(BaseEngine.APPLICATION_CONTEXT_KEY);
+        
+        SimpleMailMessage message = (SimpleMailMessage) ctx.getBean("mailMessage");
+        message.setTo(user.getFullName() + "<" + user.getEmail() + ">");
+        
+        StringBuffer msg = new StringBuffer();
+        msg.append(getMessage("signup.email.message"));
+        msg.append("\n\n" + getMessage("user.username"));
+        msg.append(": " + user.getUsername() + "\n");
+        msg.append(getMessage("user.password") + ": ");
+        msg.append(user.getPassword());
+        msg.append("\n\nLogin at: " + RequestUtil.getAppURL(getRequest()));
+        message.setText(msg.toString());
+        
+        message.setSubject(getMessage("signup.email.subject"));
+        
+        MailEngine engine = (MailEngine) ctx.getBean("mailEngine");
+        engine.send(message);
+
+        getSession().setAttribute("message", getMessage("user.registered"));
+        getResponse().sendRedirect(getRequest().getContextPath());
+    }
+}
+
Index: extras/tapestry/src/web/org/appfuse/webapp/action/UserForm.java
===================================================================
RCS file: /cvs/appfuse/extras/tapestry/src/web/org/appfuse/webapp/action/UserForm.java,v
retrieving revision 1.5
diff -u -r1.5 UserForm.java
--- extras/tapestry/src/web/org/appfuse/webapp/action/UserForm.java	18 Mar 2005 23:13:13 -0000	1.5
+++ extras/tapestry/src/web/org/appfuse/webapp/action/UserForm.java	29 Aug 2005 04:00:09 -0000
@@ -1,251 +1,249 @@
-package org.appfuse.webapp.action;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.tapestry.IRequestCycle;
-import org.apache.tapestry.event.PageEvent;
-import org.apache.tapestry.event.PageRenderListener;
-import org.apache.tapestry.form.IPropertySelectionModel;
-import org.apache.tapestry.valid.IValidationDelegate;
-import org.apache.tapestry.valid.ValidationConstraint;
-import org.appfuse.Constants;
-import org.appfuse.model.Role;
-import org.appfuse.model.User;
-import org.appfuse.service.MailEngine;
-import org.appfuse.service.RoleManager;
-import org.appfuse.service.UserExistsE