From 9ecac0dc0810a3cabf8eb75951f1b7a3c149ae94 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 16 Feb 2011 13:55:52 +0000
Subject: [PATCH] Improve packaging (esp. security)

git-svn-id: https://svn.argeo.org/commons/trunk@4149 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../org.argeo.eclipse.dep.common/pom.xml      |   2 +-
 .../org.argeo.eclipse.dep.rap/pom.xml         |   2 +-
 .../org.argeo.eclipse.dep.rcp/pom.xml         |   2 +-
 eclipse/plugins/org.argeo.eclipse.ui/pom.xml  |   2 +-
 pom.xml                                       |   4 +-
 .../org.argeo.security.equinox/.classpath     |   1 -
 .../build.properties                          |   3 +-
 .../org.argeo.security.equinox/pom.xml        |  21 +--
 .../security/equinox/SpringLoginModule.java   | 127 +++++++++---------
 .../META-INF}/jaas_default.txt                |   0
 .../SecureRCP.product                         |   3 +-
 .../org.argeo.security.ui.application/pom.xml |  78 ++++++-----
 .../AbstractSecureApplication.java            |  22 +--
 .../SecureApplicationActivator.java}          |   9 +-
 .../plugins/org.argeo.security.ui.rap/pom.xml |  54 +++++++-
 .../plugins/org.argeo.security.ui/pom.xml     |  37 +++--
 .../org/argeo/security/ui}/CurrentUser.java   |  35 +----
 .../security/ui/SecurityPerspective.java      |   1 -
 .../security/ui/views/CurrentUserView.java    |  66 ++++-----
 .../argeo/security/ui/views/UsersView.java    |   2 +-
 security/eclipse/plugins/pom.xml              |   5 +
 .../org.argeo.security.activemq/.classpath    |   7 +
 .../org.argeo.security.activemq/.project      |  28 ++++
 .../.settings/org.eclipse.jdt.core.prefs      |   8 ++
 .../.settings/org.eclipse.pde.core.prefs      |   4 +
 .../build.properties                          |   4 +
 .../org.argeo.security.activemq/pom.xml       |  89 ++++++++++++
 .../ActiveMqSecurityBrokerPlugin.java         |   0
 .../ActiveMqSpringSecurityContext.java        |   0
 .../SecuredActiveMqConnectionFactory.java     |   5 +-
 .../activemq}/UserPasswordDialog.java         |   2 +-
 .../org.argeo.security.core/build.properties  |   3 +-
 .../runtime/org.argeo.security.core/pom.xml   |  86 +++---------
 .../org.argeo.security.ldap/.classpath        |   7 +
 .../runtime/org.argeo.security.ldap/.project  |  28 ++++
 .../.settings/org.eclipse.jdt.core.prefs      |   8 ++
 .../.settings/org.eclipse.pde.core.prefs      |   4 +
 .../org.argeo.security.ldap/build.properties  |   4 +
 .../runtime/org.argeo.security.ldap/pom.xml   |  69 ++++++++++
 .../security/ldap/ArgeoSecurityDaoLdap.java   |   1 -
 .../ldap/ArgeoUserDetailsContextMapper.java   |   0
 .../argeo/security/ldap/UserNatureMapper.java |   0
 .../ldap/nature/CoworkerUserNatureMapper.java |   0
 .../ldap/nature/SimpleUserNatureMapper.java   |   0
 security/runtime/pom.xml                      |   2 +
 .../pom.xml                                   |  16 ++-
 .../dep/org.argeo.server.dep.tomcat/pom.xml   |  34 +----
 server/runtime/org.argeo.server.core/pom.xml  |   4 -
 .../org.argeo.server.jackrabbit/pom.xml       |   8 +-
 .../jackrabbit/JackrabbitContainer.java       |  20 ++-
 50 files changed, 587 insertions(+), 330 deletions(-)
 rename security/eclipse/plugins/{org.argeo.security.equinox/src/main/resources/org/argeo/security/equinox => org.argeo.security.ui.application/META-INF}/jaas_default.txt (100%)
 rename security/eclipse/plugins/{org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/EquinoxSecurity.java => org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/SecureApplicationActivator.java} (76%)
 rename security/eclipse/plugins/{org.argeo.security.equinox/src/main/java/org/argeo/security/equinox => org.argeo.security.ui/src/main/java/org/argeo/security/ui}/CurrentUser.java (55%)
 create mode 100644 security/runtime/org.argeo.security.activemq/.classpath
 create mode 100644 security/runtime/org.argeo.security.activemq/.project
 create mode 100644 security/runtime/org.argeo.security.activemq/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 security/runtime/org.argeo.security.activemq/.settings/org.eclipse.pde.core.prefs
 create mode 100644 security/runtime/org.argeo.security.activemq/build.properties
 create mode 100644 security/runtime/org.argeo.security.activemq/pom.xml
 rename security/runtime/{org.argeo.security.core => org.argeo.security.activemq}/src/main/java/org/argeo/security/activemq/ActiveMqSecurityBrokerPlugin.java (100%)
 rename security/runtime/{org.argeo.security.core => org.argeo.security.activemq}/src/main/java/org/argeo/security/activemq/ActiveMqSpringSecurityContext.java (100%)
 rename security/runtime/{org.argeo.security.core => org.argeo.security.activemq}/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java (97%)
 rename security/runtime/{org.argeo.security.core/src/main/java/org/argeo/security/core => org.argeo.security.activemq/src/main/java/org/argeo/security/activemq}/UserPasswordDialog.java (98%)
 create mode 100644 security/runtime/org.argeo.security.ldap/.classpath
 create mode 100644 security/runtime/org.argeo.security.ldap/.project
 create mode 100644 security/runtime/org.argeo.security.ldap/.settings/org.eclipse.jdt.core.prefs
 create mode 100644 security/runtime/org.argeo.security.ldap/.settings/org.eclipse.pde.core.prefs
 create mode 100644 security/runtime/org.argeo.security.ldap/build.properties
 create mode 100644 security/runtime/org.argeo.security.ldap/pom.xml
 rename security/runtime/{org.argeo.security.core => org.argeo.security.ldap}/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java (99%)
 rename security/runtime/{org.argeo.security.core => org.argeo.security.ldap}/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java (100%)
 rename security/runtime/{org.argeo.security.core => org.argeo.security.ldap}/src/main/java/org/argeo/security/ldap/UserNatureMapper.java (100%)
 rename security/runtime/{org.argeo.security.core => org.argeo.security.ldap}/src/main/java/org/argeo/security/ldap/nature/CoworkerUserNatureMapper.java (100%)
 rename security/runtime/{org.argeo.security.core => org.argeo.security.ldap}/src/main/java/org/argeo/security/ldap/nature/SimpleUserNatureMapper.java (100%)

diff --git a/eclipse/features/org.argeo.eclipse.dep.common/pom.xml b/eclipse/features/org.argeo.eclipse.dep.common/pom.xml
index 8562cf092..3bc6845e1 100644
--- a/eclipse/features/org.argeo.eclipse.dep.common/pom.xml
+++ b/eclipse/features/org.argeo.eclipse.dep.common/pom.xml
@@ -8,7 +8,7 @@
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>org.argeo.eclipse.dep.common</artifactId>
-	<name>Argeo Commons RCP Dependencies</name>
+	<name>Commons Eclipse Dependencies</name>
 	<build>
 		<plugins>
 			<plugin>
diff --git a/eclipse/features/org.argeo.eclipse.dep.rap/pom.xml b/eclipse/features/org.argeo.eclipse.dep.rap/pom.xml
index b586a8011..bbbd72407 100644
--- a/eclipse/features/org.argeo.eclipse.dep.rap/pom.xml
+++ b/eclipse/features/org.argeo.eclipse.dep.rap/pom.xml
@@ -8,7 +8,7 @@
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>org.argeo.eclipse.dep.rap</artifactId>
-	<name>Argeo Commons RAP Dependencies</name>
+	<name>Commons RAP Dependencies</name>
 	<build>
 		<plugins>
 			<plugin>
diff --git a/eclipse/features/org.argeo.eclipse.dep.rcp/pom.xml b/eclipse/features/org.argeo.eclipse.dep.rcp/pom.xml
index dbcc14f93..69c731326 100644
--- a/eclipse/features/org.argeo.eclipse.dep.rcp/pom.xml
+++ b/eclipse/features/org.argeo.eclipse.dep.rcp/pom.xml
@@ -8,7 +8,7 @@
 		<relativePath>..</relativePath>
 	</parent>
 	<artifactId>org.argeo.eclipse.dep.rcp</artifactId>
-	<name>Argeo Commons RCP Dependencies</name>
+	<name>Commons RCP Dependencies</name>
 	<build>
 		<plugins>
 			<plugin>
diff --git a/eclipse/plugins/org.argeo.eclipse.ui/pom.xml b/eclipse/plugins/org.argeo.eclipse.ui/pom.xml
index acbba4ea4..6192d795c 100644
--- a/eclipse/plugins/org.argeo.eclipse.ui/pom.xml
+++ b/eclipse/plugins/org.argeo.eclipse.ui/pom.xml
@@ -31,7 +31,7 @@
 					<instructions>
 						<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
 						<Bundle-Activator>org.argeo.eclipse.ui.ArgeoUiPlugin</Bundle-Activator>
-						<Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime,org.springframework.osgi.extender</Require-Bundle>
+						<Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle>
 						<Import-Package>
 							org.springframework.beans.factory,
 							org.springframework.core.io.support,
diff --git a/pom.xml b/pom.xml
index b928bd34e..f67dfdf4c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
 		<version.argeo-commons>0.2.3-SNAPSHOT</version.argeo-commons>
 		<version.argeo-ria>0.12.5</version.argeo-ria>
 		<version.equinox>3.6.1</version.equinox>
-		<version.maven-argeo-osgi>0.1.30</version.maven-argeo-osgi>
+		<version.maven-argeo-osgi>0.1.31-SNAPSHOT</version.maven-argeo-osgi>
 		<version.maven-bundle-plugin>2.2.0</version.maven-bundle-plugin>
 		<version.maven-argeo-qooxdoo>1.1.1</version.maven-argeo-qooxdoo>
 		<site.repoBase>file:///srv/projects/www/commons/site</site.repoBase>
@@ -73,8 +73,8 @@ limitations under the License.
 		<module>basic</module>
 		<module>osgi</module>
 		<module>server</module>
-		<module>security</module>
 		<module>eclipse</module>
+		<module>security</module>
 		<module>sandbox</module>
 	</modules>
 	<build>
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/.classpath b/security/eclipse/plugins/org.argeo.security.equinox/.classpath
index d3d5c8095..92f19d2ff 100644
--- a/security/eclipse/plugins/org.argeo.security.equinox/.classpath
+++ b/security/eclipse/plugins/org.argeo.security.equinox/.classpath
@@ -3,6 +3,5 @@
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
 	<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
 	<classpathentry kind="src" path="src/main/java"/>
-	<classpathentry kind="src" path="src/main/resources"/>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/build.properties b/security/eclipse/plugins/org.argeo.security.equinox/build.properties
index 5e565ebc8..3e2615fae 100644
--- a/security/eclipse/plugins/org.argeo.security.equinox/build.properties
+++ b/security/eclipse/plugins/org.argeo.security.equinox/build.properties
@@ -1,5 +1,4 @@
 bin.includes = META-INF/,\
                plugin.xml
-source.. = src/main/java/,\
-           src/main/resources/
+source.. = src/main/java/
 output.. = target/classes/
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/pom.xml b/security/eclipse/plugins/org.argeo.security.equinox/pom.xml
index 9f662d802..944a6e0df 100644
--- a/security/eclipse/plugins/org.argeo.security.equinox/pom.xml
+++ b/security/eclipse/plugins/org.argeo.security.equinox/pom.xml
@@ -29,9 +29,19 @@
 				<artifactId>maven-bundle-plugin</artifactId>
 				<version>${version.maven-bundle-plugin}</version>
 				<configuration>
+<!--					<instructions>-->
+<!--						<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>-->
+<!--						<Bundle-Activator>org.argeo.security.equinox.EquinoxSecurity</Bundle-Activator>-->
+<!--						<Import-Package>-->
+<!--							org.osgi.framework;version="0.0.0",-->
+<!--							!org.eclipse.equinox.security.auth,-->
+<!--							org.springframework.core,-->
+<!--							org.argeo.eclipse.spring,-->
+<!--							*-->
+<!--						</Import-Package>-->
+<!--						<Require-Bundle>org.eclipse.equinox.security</Require-Bundle>-->
+<!--					</instructions>-->
 					<instructions>
-						<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
-						<Bundle-Activator>org.argeo.security.equinox.EquinoxSecurity</Bundle-Activator>
 						<Import-Package>*,
 							org.springframework.core,
 							org.argeo.eclipse.spring
@@ -65,12 +75,5 @@
 			<groupId>org.springframework.security</groupId>
 			<artifactId>org.springframework.security.core</artifactId>
 		</dependency>
-
-		<!-- Others -->
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
-		</dependency>
-
 	</dependencies>
 </project>
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java b/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
index d4361b2f6..2222faecc 100644
--- a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
+++ b/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/SpringLoginModule.java
@@ -10,8 +10,6 @@ import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.TextOutputCallback;
 import javax.security.auth.login.LoginException;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationManager;
 import org.springframework.security.BadCredentialsException;
@@ -21,10 +19,7 @@ import org.springframework.security.providers.jaas.SecurityContextLoginModule;
 
 /** Login module which caches one subject per thread. */
 public class SpringLoginModule extends SecurityContextLoginModule {
-	private final static Log log = LogFactory.getLog(SpringLoginModule.class);
-
 	private AuthenticationManager authenticationManager;
-//	private ThreadLocal<Subject> subject;
 
 	private CallbackHandler callbackHandler;
 
@@ -36,7 +31,7 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 	public void initialize(Subject subject, CallbackHandler callbackHandler,
 			Map sharedState, Map options) {
 		super.initialize(subject, callbackHandler, sharedState, options);
-//		this.subject.set(subject);
+		// this.subject.set(subject);
 		this.callbackHandler = callbackHandler;
 	}
 
@@ -45,68 +40,66 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 		if (SecurityContextHolder.getContext().getAuthentication() != null)
 			return super.login();
 
-//		if (getSubject().getPrincipals(Authentication.class).size() == 1) {
-//			registerAuthentication(getSubject()
-//					.getPrincipals(Authentication.class).iterator().next());
-//			return super.login();
-//		} else if (getSubject().getPrincipals(Authentication.class).size() > 1) {
-//			throw new LoginException(
-//					"Multiple Authentication principals not supported: "
-//							+ getSubject().getPrincipals(Authentication.class));
-//		} else {
-			// ask for username and password
-			Callback label = new TextOutputCallback(
-					TextOutputCallback.INFORMATION, "Required login");
-			NameCallback nameCallback = new NameCallback("User");
-			PasswordCallback passwordCallback = new PasswordCallback(
-					"Password", false);
-
-			if (callbackHandler == null) {
-				throw new LoginException("No call back handler available");
-				// return false;
-			}
-			try {
-				callbackHandler.handle(new Callback[] { label, nameCallback,
-						passwordCallback });
-			} catch (Exception e) {
-				LoginException le = new LoginException(
-						"Callback handling failed");
-				le.initCause(e);
-				throw le;
-			}
-
-			// Set user name and password
-			String username = nameCallback.getName();
-			String password = "";
-			if (passwordCallback.getPassword() != null) {
-				password = String.valueOf(passwordCallback.getPassword());
-			}
-			UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
-					username, password);
-
-			try {
-				Authentication authentication = authenticationManager
-						.authenticate(credentials);
-				registerAuthentication(authentication);
-				boolean res = super.login();
-//				if (log.isDebugEnabled())
-//					log.debug("User " + username + " logged in");
-				return res;
-			} catch (BadCredentialsException bce) {
-				throw bce;
-			} catch (Exception e) {
-				LoginException loginException = new LoginException(
-						"Bad credentials");
-				loginException.initCause(e);
-				throw loginException;
-			}
-//		}
+		// if (getSubject().getPrincipals(Authentication.class).size() == 1) {
+		// registerAuthentication(getSubject()
+		// .getPrincipals(Authentication.class).iterator().next());
+		// return super.login();
+		// } else if (getSubject().getPrincipals(Authentication.class).size() >
+		// 1) {
+		// throw new LoginException(
+		// "Multiple Authentication principals not supported: "
+		// + getSubject().getPrincipals(Authentication.class));
+		// } else {
+		// ask for username and password
+		Callback label = new TextOutputCallback(TextOutputCallback.INFORMATION,
+				"Required login");
+		NameCallback nameCallback = new NameCallback("User");
+		PasswordCallback passwordCallback = new PasswordCallback("Password",
+				false);
+
+		if (callbackHandler == null) {
+			throw new LoginException("No call back handler available");
+			// return false;
+		}
+		try {
+			callbackHandler.handle(new Callback[] { label, nameCallback,
+					passwordCallback });
+		} catch (Exception e) {
+			LoginException le = new LoginException("Callback handling failed");
+			le.initCause(e);
+			throw le;
+		}
+
+		// Set user name and password
+		String username = nameCallback.getName();
+		String password = "";
+		if (passwordCallback.getPassword() != null) {
+			password = String.valueOf(passwordCallback.getPassword());
+		}
+		UsernamePasswordAuthenticationToken credentials = new UsernamePasswordAuthenticationToken(
+				username, password);
+
+		try {
+			Authentication authentication = authenticationManager
+					.authenticate(credentials);
+			registerAuthentication(authentication);
+			boolean res = super.login();
+			// if (log.isDebugEnabled())
+			// log.debug("User " + username + " logged in");
+			return res;
+		} catch (BadCredentialsException bce) {
+			throw bce;
+		} catch (Exception e) {
+			LoginException loginException = new LoginException(
+					"Bad credentials");
+			loginException.initCause(e);
+			throw loginException;
+		}
+		// }
 	}
 
 	@Override
 	public boolean logout() throws LoginException {
-		if (log.isDebugEnabled())
-			log.debug("Log out "+CurrentUser.getUsername());
 		return super.logout();
 	}
 
@@ -126,8 +119,8 @@ public class SpringLoginModule extends SecurityContextLoginModule {
 		this.authenticationManager = authenticationManager;
 	}
 
-//	protected Subject getSubject() {
-//		return subject.get();
-//	}
+	// protected Subject getSubject() {
+	// return subject.get();
+	// }
 
 }
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/src/main/resources/org/argeo/security/equinox/jaas_default.txt b/security/eclipse/plugins/org.argeo.security.ui.application/META-INF/jaas_default.txt
similarity index 100%
rename from security/eclipse/plugins/org.argeo.security.equinox/src/main/resources/org/argeo/security/equinox/jaas_default.txt
rename to security/eclipse/plugins/org.argeo.security.ui.application/META-INF/jaas_default.txt
diff --git a/security/eclipse/plugins/org.argeo.security.ui.application/SecureRCP.product b/security/eclipse/plugins/org.argeo.security.ui.application/SecureRCP.product
index 50c1f3ca2..574dcc77e 100644
--- a/security/eclipse/plugins/org.argeo.security.ui.application/SecureRCP.product
+++ b/security/eclipse/plugins/org.argeo.security.ui.application/SecureRCP.product
@@ -35,7 +35,6 @@
       <plugin id="com.springsource.org.apache.commons.collections"/>
       <plugin id="com.springsource.org.apache.commons.io"/>
       <plugin id="com.springsource.org.apache.commons.lang"/>
-      <plugin id="com.springsource.org.apache.commons.logging"/>
       <plugin id="com.springsource.org.apache.commons.pool"/>
       <plugin id="com.springsource.org.apache.directory.server.changepw"/>
       <plugin id="com.springsource.org.apache.directory.server.core" fragment="true"/>
@@ -63,6 +62,7 @@
       <plugin id="org.argeo.eclipse.ui"/>
       <plugin id="org.argeo.security.core"/>
       <plugin id="org.argeo.security.equinox"/>
+      <plugin id="org.argeo.security.ldap"/>
       <plugin id="org.argeo.security.manager.ldap"/>
       <plugin id="org.argeo.security.services"/>
       <plugin id="org.argeo.security.ui"/>
@@ -71,6 +71,7 @@
       <plugin id="org.argeo.server.ads.server"/>
       <plugin id="org.argeo.server.core"/>
       <plugin id="org.argeo.server.json"/>
+      <plugin id="org.argeo.slc.demo.log4j" fragment="true"/>
       <plugin id="org.eclipse.core.commands"/>
       <plugin id="org.eclipse.core.contenttype"/>
       <plugin id="org.eclipse.core.databinding"/>
diff --git a/security/eclipse/plugins/org.argeo.security.ui.application/pom.xml b/security/eclipse/plugins/org.argeo.security.ui.application/pom.xml
index 1fd2973a4..e86c48750 100644
--- a/security/eclipse/plugins/org.argeo.security.ui.application/pom.xml
+++ b/security/eclipse/plugins/org.argeo.security.ui.application/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.argeo.commons.security</groupId>
@@ -29,6 +30,7 @@
 				<version>${version.maven-bundle-plugin}</version>
 				<configuration>
 					<instructions>
+						<Bundle-Activator>org.argeo.security.ui.application.SecureApplicationActivator</Bundle-Activator>
 						<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
 						<Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle>
 						<Import-Package>*</Import-Package>
@@ -74,78 +76,84 @@
 		<!-- Argeo Security -->
 		<dependency>
 			<groupId>org.argeo.commons.security</groupId>
-			<artifactId>org.argeo.security.equinox</artifactId>
+			<artifactId>org.argeo.security.ui</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
 		</dependency>
 		<dependency>
 			<groupId>org.argeo.commons.security</groupId>
-			<artifactId>org.argeo.security.ui</artifactId>
+			<artifactId>org.argeo.security.equinox</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
 		</dependency>
+
+		<!-- Argeo Eclipse distribution (common dependencies for both RAP and RCP) -->
 		<dependency>
-			<groupId>org.argeo.commons.server</groupId>
-			<artifactId>org.argeo.server.dep.ads</artifactId>
+			<groupId>org.argeo.commons.eclipse</groupId>
+			<artifactId>org.argeo.eclipse.dep.rcp</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
-			<type>pom</type>
+			<scope>provided</scope>
+		</dependency>
+
+		<!-- Commons -->
+		<dependency>
+			<groupId>org.argeo.commons.basic</groupId>
+			<artifactId>org.argeo.basic.nodeps</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+		</dependency>
+
+
+		<!-- Others -->
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
 		</dependency>
+
+		<!-- For testing and target platform generation -->
 		<dependency>
 			<groupId>org.argeo.commons.server</groupId>
 			<artifactId>org.argeo.server.ads.server</artifactId>
 			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.argeo.commons.security</groupId>
 			<artifactId>org.argeo.security.services</artifactId>
 			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.ldap</artifactId>
+			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.argeo.commons.security</groupId>
 			<artifactId>org.argeo.security.manager.ldap</artifactId>
 			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.argeo.commons.server</groupId>
 			<artifactId>org.argeo.server.ads</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
+			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.argeo.dep.osgi</groupId>
 			<artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+			<scope>test</scope>
 		</dependency>
-
-		<!-- Argeo Eclipse distribution (common dependencies for both RAP and RCP) -->
-		<dependency>
-			<groupId>org.argeo.commons.eclipse</groupId>
-			<artifactId>org.argeo.eclipse.dep.rcp</artifactId>
-			<version>0.2.3-SNAPSHOT</version>
-		</dependency>
-		
-		<!-- TODO: to be removed -->
-		<dependency>
-			<groupId>org.argeo.commons.server</groupId>
-			<artifactId>org.argeo.server.json</artifactId>
-			<version>0.2.3-SNAPSHOT</version>
-		</dependency>
-
-		<!-- Commons -->
-		<dependency>
-			<groupId>org.argeo.commons.basic</groupId>
-			<artifactId>org.argeo.basic.nodeps</artifactId>
-			<version>0.2.3-SNAPSHOT</version>
-		</dependency>
-
-
-		<!-- Others -->
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
-		</dependency>
-		<!-- Commons Dep -->
 		<dependency>
 			<groupId>org.argeo.commons.basic</groupId>
 			<artifactId>org.argeo.basic.dep.log4j</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
 			<type>pom</type>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>net.sourceforge.jdbm</groupId>
+			<artifactId>com.springsource.jdbm</artifactId>
+			<scope>test</scope>
 		</dependency>
 	</dependencies>
 </project>
diff --git a/security/eclipse/plugins/org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/AbstractSecureApplication.java b/security/eclipse/plugins/org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/AbstractSecureApplication.java
index 3a92e5273..a0a2f922b 100644
--- a/security/eclipse/plugins/org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/AbstractSecureApplication.java
+++ b/security/eclipse/plugins/org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/AbstractSecureApplication.java
@@ -6,7 +6,6 @@ import javax.security.auth.Subject;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.security.equinox.CurrentUser;
 import org.eclipse.core.runtime.IStatus;
 import org.eclipse.core.runtime.Status;
 import org.eclipse.equinox.app.IApplication;
@@ -34,12 +33,18 @@ public abstract class AbstractSecureApplication implements IApplication {
 		try {
 			String username = null;
 			Exception loginException = null;
+			Subject subject = null;
 			try {
-				username = CurrentUser.getUsername();
+				SecureApplicationActivator.getLoginContext().login();
+				subject = SecureApplicationActivator.getLoginContext()
+						.getSubject();
+
+				// username = CurrentUser.getUsername();
 			} catch (Exception e) {
 				loginException = e;
+				e.printStackTrace();
 			}
-			if (username == null) {
+			if (subject == null) {
 				IStatus status = new Status(IStatus.ERROR,
 						"org.argeo.security.application", "Login is mandatory",
 						loginException);
@@ -48,9 +53,8 @@ public abstract class AbstractSecureApplication implements IApplication {
 			}
 			if (log.isDebugEnabled())
 				log.debug("Logged in as " + username);
-			returnCode = (Integer) Subject.doAs(CurrentUser.getSubject(),
-					getRunAction(display));
-			CurrentUser.logout();
+			returnCode = (Integer) Subject.doAs(subject, getRunAction(display));
+			SecureApplicationActivator.getLoginContext().logout();
 			return processReturnCode(returnCode);
 		} catch (Exception e) {
 			// e.printStackTrace();
@@ -104,9 +108,9 @@ public abstract class AbstractSecureApplication implements IApplication {
 
 		if (log.isDebugEnabled())
 			log.debug("workbench stopped");
-		String username = CurrentUser.getUsername();
-		if (log.isDebugEnabled())
-			log.debug("workbench stopped, logged in as " + username);
+		// String username = CurrentUser.getUsername();
+		// if (log.isDebugEnabled())
+		// log.debug("workbench stopped, logged in as " + username);
 
 	}
 
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/EquinoxSecurity.java b/security/eclipse/plugins/org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/SecureApplicationActivator.java
similarity index 76%
rename from security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/EquinoxSecurity.java
rename to security/eclipse/plugins/org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/SecureApplicationActivator.java
index 00f9faa18..ec5d625de 100644
--- a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/EquinoxSecurity.java
+++ b/security/eclipse/plugins/org.argeo.security.ui.application/src/main/java/org/argeo/security/ui/application/SecureApplicationActivator.java
@@ -1,4 +1,4 @@
-package org.argeo.security.equinox;
+package org.argeo.security.ui.application;
 
 import java.net.URL;
 
@@ -7,14 +7,14 @@ import org.eclipse.equinox.security.auth.LoginContextFactory;
 import org.osgi.framework.BundleActivator;
 import org.osgi.framework.BundleContext;
 
-public class EquinoxSecurity implements BundleActivator {
+public class SecureApplicationActivator implements BundleActivator {
+
 	public final static String CONTEXT_SPRING = "SPRING";
-	private static final String JAAS_CONFIG_FILE = "org/argeo/security/equinox/jaas_default.txt";
+	private static final String JAAS_CONFIG_FILE = "/META-INF/jaas_default.txt";
 
 	private static ILoginContext loginContext = null;
 
 	public void start(BundleContext bundleContext) throws Exception {
-		// getLoginContext();
 		URL configUrl = bundleContext.getBundle().getEntry(JAAS_CONFIG_FILE);
 		loginContext = LoginContextFactory.createContext(CONTEXT_SPRING,
 				configUrl);
@@ -26,5 +26,4 @@ public class EquinoxSecurity implements BundleActivator {
 	static ILoginContext getLoginContext() {
 		return loginContext;
 	}
-
 }
diff --git a/security/eclipse/plugins/org.argeo.security.ui.rap/pom.xml b/security/eclipse/plugins/org.argeo.security.ui.rap/pom.xml
index 92151771f..764c63f1c 100644
--- a/security/eclipse/plugins/org.argeo.security.ui.rap/pom.xml
+++ b/security/eclipse/plugins/org.argeo.security.ui.rap/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.argeo.commons.security</groupId>
@@ -76,5 +77,56 @@
 			<artifactId>org.argeo.eclipse.dep.rap</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
 		</dependency>
+
+
+		<!-- TODO: factorize with application.ui -->
+		<!-- For testing and target platform generation -->
+		<dependency>
+			<groupId>org.argeo.commons.server</groupId>
+			<artifactId>org.argeo.server.ads.server</artifactId>
+			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.services</artifactId>
+			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.ldap</artifactId>
+			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.manager.ldap</artifactId>
+			<version>${version.argeo-commons}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.server</groupId>
+			<artifactId>org.argeo.server.ads</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.dep.osgi</groupId>
+			<artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.basic</groupId>
+			<artifactId>org.argeo.basic.dep.log4j</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+			<type>pom</type>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>net.sourceforge.jdbm</groupId>
+			<artifactId>com.springsource.jdbm</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 </project>
diff --git a/security/eclipse/plugins/org.argeo.security.ui/pom.xml b/security/eclipse/plugins/org.argeo.security.ui/pom.xml
index f4fb717d4..0d9ed3165 100644
--- a/security/eclipse/plugins/org.argeo.security.ui/pom.xml
+++ b/security/eclipse/plugins/org.argeo.security.ui/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.argeo.commons.security</groupId>
@@ -28,11 +29,33 @@
 				<artifactId>maven-bundle-plugin</artifactId>
 				<version>${version.maven-bundle-plugin}</version>
 				<configuration>
+					<!-- <instructions> -->
+					<!-- <Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy> -->
+					<!-- <Bundle-Activator>org.argeo.security.ui.SecurityUiPlugin</Bundle-Activator> -->
+					<!-- <Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle> -->
+					<!-- <Import-Package> -->
+					<!-- org.argeo.eclipse.spring, -->
+					<!-- org.osgi.framework;version="0.0.0", -->
+					<!-- !org.eclipse.core.runtime, -->
+					<!-- !org.eclipse.core.commands, -->
+					<!-- !org.eclipse.ui.plugin, -->
+					<!-- !org.eclipse.ui, -->
+					<!-- !org.eclipse.ui.commands, -->
+					<!-- !org.eclipse.ui.handlers, -->
+					<!-- !org.eclipse.ui.part, -->
+					<!-- * -->
+					<!-- </Import-Package> -->
+					<!-- <Private-Package>icons</Private-Package> -->
+					<!-- <Export-Package>org.argeo.security.ui.*</Export-Package> -->
+					<!-- </instructions> -->
 					<instructions>
 						<Bundle-ActivationPolicy>lazy</Bundle-ActivationPolicy>
 						<Bundle-Activator>org.argeo.security.ui.SecurityUiPlugin</Bundle-Activator>
 						<Require-Bundle>org.eclipse.ui;resolution:=optional,org.eclipse.rap.ui;resolution:=optional,org.eclipse.core.runtime</Require-Bundle>
-						<Import-Package>*,org.argeo.eclipse.spring</Import-Package>
+						<Import-Package>
+							org.argeo.eclipse.spring,
+							*
+						</Import-Package>
 					</instructions>
 				</configuration>
 			</plugin>
@@ -45,11 +68,6 @@
 			<artifactId>org.argeo.security.core</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
 		</dependency>
-		<dependency>
-			<groupId>org.argeo.commons.security</groupId>
-			<artifactId>org.argeo.security.equinox</artifactId>
-			<version>0.2.3-SNAPSHOT</version>
-		</dependency>
 
 		<!-- Argeo Eclipse -->
 		<dependency>
@@ -70,10 +88,6 @@
 			<groupId>org.argeo.commons.eclipse</groupId>
 			<artifactId>org.argeo.eclipse.dep.rcp</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
-		</dependency>
-		<dependency>
-			<groupId>org.eclipse.ui</groupId>
-			<artifactId>org.eclipse.ui</artifactId>
 			<scope>provided</scope>
 		</dependency>
 
@@ -95,6 +109,5 @@
 			<groupId>org.slf4j</groupId>
 			<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
 		</dependency>
-
 	</dependencies>
 </project>
diff --git a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/CurrentUser.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java
similarity index 55%
rename from security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/CurrentUser.java
rename to security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java
index 12cda5371..a864c3a10 100644
--- a/security/eclipse/plugins/org.argeo.security.equinox/src/main/java/org/argeo/security/equinox/CurrentUser.java
+++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/CurrentUser.java
@@ -1,4 +1,4 @@
-package org.argeo.security.equinox;
+package org.argeo.security.ui;
 
 import java.security.AccessController;
 import java.security.Principal;
@@ -7,10 +7,8 @@ import java.util.HashSet;
 import java.util.Set;
 
 import javax.security.auth.Subject;
-import javax.security.auth.login.LoginException;
 
 import org.argeo.ArgeoException;
-import org.eclipse.equinox.security.auth.ILoginContext;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
 
@@ -34,41 +32,12 @@ public class CurrentUser {
 		return Collections.unmodifiableSet(roles);
 	}
 
-	private final static ILoginContext getLoginContext() {
-		return EquinoxSecurity.getLoginContext();
-		// return LoginContextFactory
-		// .createContext(EquinoxSecurity.CONTEXT_SPRING);
-	}
-
-	// private static void login() {
-	// try {
-	// getLoginContext().login();
-	// } catch (LoginException e) {
-	// throw new RuntimeException("Cannot login", e);
-	// }
-	// }
-
 	public final static Subject getSubject() {
 
 		Subject subject = Subject.getSubject(AccessController.getContext());
-		// subject = Subject.getSubject(AccessController.getContext());
 		if (subject == null)
-			try {
-				getLoginContext().login();
-				subject = getLoginContext().getSubject();
-			} catch (Exception e) {
-				throw new ArgeoException("Cannot retrieve subject", e);
-			}
-
+			throw new ArgeoException("Not authenticated.");
 		return subject;
 
 	}
-
-	public static void logout() {
-		try {
-			getLoginContext().logout();
-		} catch (LoginException e) {
-			throw new ArgeoException("Cannot log out", e);
-		}
-	}
 }
diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
index 9187c7830..3b3b9b840 100644
--- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
+++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/SecurityPerspective.java
@@ -1,6 +1,5 @@
 package org.argeo.security.ui;
 
-import org.argeo.security.equinox.CurrentUser;
 import org.eclipse.jface.dialogs.MessageDialog;
 import org.eclipse.swt.widgets.Display;
 import org.eclipse.ui.IFolderLayout;
diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
index 263a722e7..5b0492828 100644
--- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
+++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/CurrentUserView.java
@@ -1,6 +1,6 @@
 package org.argeo.security.ui.views;
 
-import org.argeo.security.equinox.CurrentUser;
+import org.argeo.security.ui.CurrentUser;
 import org.eclipse.jface.viewers.IStructuredContentProvider;
 import org.eclipse.jface.viewers.ITableLabelProvider;
 import org.eclipse.jface.viewers.LabelProvider;
@@ -46,9 +46,9 @@ public class CurrentUserView extends ViewPart {
 		column.setText("ID");
 		column.setWidth(100);
 
-//		column = new TableColumn(table, SWT.LEFT, 1);
-//		column.setText("Password");
-//		column.setWidth(200);
+		// column = new TableColumn(table, SWT.LEFT, 1);
+		// column.setText("Password");
+		// column.setWidth(200);
 
 		// column = new TableColumn(table, SWT.LEFT, 2);
 		// column.setText("Roles");
@@ -69,26 +69,26 @@ public class CurrentUserView extends ViewPart {
 		}
 
 		public Object[] getChildren(Object parentElement) {
-//			ILoginContext secureContext = LoginContextFactory
-//					.createContext("SPRING");
-//			try {
-//				secureContext.login();
-//			} catch (LoginException e) {
-//				// login failed
-//			}
-//
-//			Subject subject = null;
-//			// subject = Subject.getSubject(AccessController.getContext());
-//			try {
-//				subject = secureContext.getSubject();
-//			} catch (Exception e) {
-//				e.printStackTrace();
-//				throw new ArgeoException("Cannot retrieve subject", e);
-//			}
-//
-//			if (subject == null)
-//				throw new ArgeoException("No subject found");
-//			return subject.getPrincipals().toArray();
+			// ILoginContext secureContext = LoginContextFactory
+			// .createContext("SPRING");
+			// try {
+			// secureContext.login();
+			// } catch (LoginException e) {
+			// // login failed
+			// }
+			//
+			// Subject subject = null;
+			// // subject = Subject.getSubject(AccessController.getContext());
+			// try {
+			// subject = secureContext.getSubject();
+			// } catch (Exception e) {
+			// e.printStackTrace();
+			// throw new ArgeoException("Cannot retrieve subject", e);
+			// }
+			//
+			// if (subject == null)
+			// throw new ArgeoException("No subject found");
+			// return subject.getPrincipals().toArray();
 			return CurrentUser.roles().toArray();
 		}
 
@@ -107,15 +107,15 @@ public class CurrentUserView extends ViewPart {
 	private class UsersLabelProvider extends LabelProvider implements
 			ITableLabelProvider {
 		public String getColumnText(Object element, int columnIndex) {
-//			Principal argeoUser = (Principal) element;
-//			switch (columnIndex) {
-//			case 0:
-//				return argeoUser.getName();
-//			case 1:
-//				return argeoUser.toString();
-//			default:
-//				throw new ArgeoException("Unmanaged column " + columnIndex);
-//			}
+			// Principal argeoUser = (Principal) element;
+			// switch (columnIndex) {
+			// case 0:
+			// return argeoUser.getName();
+			// case 1:
+			// return argeoUser.toString();
+			// default:
+			// throw new ArgeoException("Unmanaged column " + columnIndex);
+			// }
 			return element.toString();
 		}
 
diff --git a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
index d77ad0e07..5d7817827 100644
--- a/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
+++ b/security/eclipse/plugins/org.argeo.security.ui/src/main/java/org/argeo/security/ui/views/UsersView.java
@@ -5,8 +5,8 @@ import java.util.ArrayList;
 import org.argeo.ArgeoException;
 import org.argeo.security.ArgeoSecurityService;
 import org.argeo.security.ArgeoUser;
-import org.argeo.security.equinox.CurrentUser;
 import org.argeo.security.nature.SimpleUserNature;
+import org.argeo.security.ui.CurrentUser;
 import org.argeo.security.ui.SecurityUiPlugin;
 import org.argeo.security.ui.commands.OpenArgeoUserEditor;
 import org.eclipse.core.commands.Command;
diff --git a/security/eclipse/plugins/pom.xml b/security/eclipse/plugins/pom.xml
index e953b71a8..ab837feb5 100644
--- a/security/eclipse/plugins/pom.xml
+++ b/security/eclipse/plugins/pom.xml
@@ -80,5 +80,10 @@
 			<version>0.2.3-SNAPSHOT</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>javax.xml.stream</groupId>
+			<artifactId>com.springsource.javax.xml.stream</artifactId>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 </project>
diff --git a/security/runtime/org.argeo.security.activemq/.classpath b/security/runtime/org.argeo.security.activemq/.classpath
new file mode 100644
index 000000000..92f19d2ff
--- /dev/null
+++ b/security/runtime/org.argeo.security.activemq/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+	<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+	<classpathentry kind="src" path="src/main/java"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/security/runtime/org.argeo.security.activemq/.project b/security/runtime/org.argeo.security.activemq/.project
new file mode 100644
index 000000000..cdc841c57
--- /dev/null
+++ b/security/runtime/org.argeo.security.activemq/.project
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>org.argeo.security.activemq</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.ManifestBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.SchemaBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.pde.PluginNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>
diff --git a/security/runtime/org.argeo.security.activemq/.settings/org.eclipse.jdt.core.prefs b/security/runtime/org.argeo.security.activemq/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..312bbe193
--- /dev/null
+++ b/security/runtime/org.argeo.security.activemq/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,8 @@
+#Wed Feb 16 10:40:27 CET 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.5
diff --git a/security/runtime/org.argeo.security.activemq/.settings/org.eclipse.pde.core.prefs b/security/runtime/org.argeo.security.activemq/.settings/org.eclipse.pde.core.prefs
new file mode 100644
index 000000000..85f20081b
--- /dev/null
+++ b/security/runtime/org.argeo.security.activemq/.settings/org.eclipse.pde.core.prefs
@@ -0,0 +1,4 @@
+#Wed Feb 16 10:40:27 CET 2011
+eclipse.preferences.version=1
+pluginProject.extensions=false
+resolve.requirebundle=false
diff --git a/security/runtime/org.argeo.security.activemq/build.properties b/security/runtime/org.argeo.security.activemq/build.properties
new file mode 100644
index 000000000..5fc538bc8
--- /dev/null
+++ b/security/runtime/org.argeo.security.activemq/build.properties
@@ -0,0 +1,4 @@
+source.. = src/main/java/
+output.. = target/classes/
+bin.includes = META-INF/,\
+               .
diff --git a/security/runtime/org.argeo.security.activemq/pom.xml b/security/runtime/org.argeo.security.activemq/pom.xml
new file mode 100644
index 000000000..0405a5c05
--- /dev/null
+++ b/security/runtime/org.argeo.security.activemq/pom.xml
@@ -0,0 +1,89 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.argeo.commons.security</groupId>
+		<artifactId>runtime</artifactId>
+		<version>0.2.3-SNAPSHOT</version>
+		<relativePath>..</relativePath>
+	</parent>
+	<artifactId>org.argeo.security.activemq</artifactId>
+	<name>Commons Security ActiveMQ</name>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-source-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.felix</groupId>
+				<artifactId>maven-bundle-plugin</artifactId>
+				<version>${version.maven-bundle-plugin}</version>
+				<configuration>
+					<instructions>
+						<Export-Package>
+							org.argeo.security.activemq.*
+						</Export-Package>
+					</instructions>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+	<dependencies>
+		<dependency>
+			<groupId>org.argeo.commons.basic</groupId>
+			<artifactId>org.argeo.basic.nodeps</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.core</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+		</dependency>
+
+		<!-- Spring -->
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>org.springframework.transaction</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>org.springframework.security.core</artifactId>
+		</dependency>
+
+		<!-- Logging -->
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
+		</dependency>
+
+		<!-- JMS -->
+		<dependency>
+			<groupId>org.argeo.dep.osgi</groupId>
+			<artifactId>org.argeo.dep.osgi.activemq</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.jms</groupId>
+			<artifactId>com.springsource.javax.jms</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>org.springframework.jms</artifactId>
+		</dependency>
+
+		<!-- TEST -->
+		<dependency>
+			<groupId>org.junit</groupId>
+			<artifactId>com.springsource.junit</artifactId>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+</project>
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/ActiveMqSecurityBrokerPlugin.java b/security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/ActiveMqSecurityBrokerPlugin.java
similarity index 100%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/ActiveMqSecurityBrokerPlugin.java
rename to security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/ActiveMqSecurityBrokerPlugin.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/ActiveMqSpringSecurityContext.java b/security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/ActiveMqSpringSecurityContext.java
similarity index 100%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/ActiveMqSpringSecurityContext.java
rename to security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/ActiveMqSpringSecurityContext.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java b/security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
similarity index 97%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
rename to security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
index 95e6a6945..4afbd1d8d 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
+++ b/security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/SecuredActiveMqConnectionFactory.java
@@ -33,7 +33,6 @@ import org.apache.activemq.ActiveMQSslConnectionFactory;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.argeo.ArgeoException;
-import org.argeo.security.core.UserPasswordDialog;
 import org.springframework.beans.factory.DisposableBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.core.io.Resource;
@@ -198,8 +197,8 @@ public class SecuredActiveMqConnectionFactory implements ConnectionFactory,
 					.getInstance(KeyManagerFactory.getDefaultAlgorithm());
 			keyManagerFactory.init(keyStoreKs, keyStorePassword.toCharArray());
 
-			connectionFactory.setKeyAndTrustManagers(keyManagerFactory
-					.getKeyManagers(), tmf.getTrustManagers(),
+			connectionFactory.setKeyAndTrustManagers(
+					keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(),
 					new SecureRandom());
 		} catch (Exception e) {
 			throw new ArgeoException(
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/UserPasswordDialog.java b/security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/UserPasswordDialog.java
similarity index 98%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/UserPasswordDialog.java
rename to security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/UserPasswordDialog.java
index 7e76f8746..672507662 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/UserPasswordDialog.java
+++ b/security/runtime/org.argeo.security.activemq/src/main/java/org/argeo/security/activemq/UserPasswordDialog.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.argeo.security.core;
+package org.argeo.security.activemq;
 
 import java.awt.Container;
 import java.awt.GridLayout;
diff --git a/security/runtime/org.argeo.security.core/build.properties b/security/runtime/org.argeo.security.core/build.properties
index a7129a37c..6ebf8f32f 100644
--- a/security/runtime/org.argeo.security.core/build.properties
+++ b/security/runtime/org.argeo.security.core/build.properties
@@ -9,7 +9,8 @@ additional.bundles = org.springframework.transaction,\
                      com.springsource.org.codehaus.jackson.mapper,\
                      com.springsource.org.apache.log4j,\
                      com.springsource.slf4j.api,\
-                     com.springsource.slf4j.org.apache.commons.logging
+                     com.springsource.slf4j.org.apache.commons.logging,\
+                     org.argeo.server.json
 source.. = src/main/java/,\
            src/main/resources/,\
            src/test/java/,\
diff --git a/security/runtime/org.argeo.security.core/pom.xml b/security/runtime/org.argeo.security.core/pom.xml
index b3b53e321..b36f10d56 100644
--- a/security/runtime/org.argeo.security.core/pom.xml
+++ b/security/runtime/org.argeo.security.core/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.argeo.commons.security</groupId>
@@ -31,17 +32,10 @@
 						<Export-Package>
 							org.argeo.security.*
 						</Export-Package>
-						<Import-Package>*,
+						<Import-Package>
 							org.springframework.context,
-							org.argeo.server.json;resolution:=optional,
-							javax.jms;resolution:=optional,
-							org.apache.activemq;resolution:=optional,
-							org.apache.activemq.broker;resolution:=optional,
-							org.apache.activemq.command;resolution:=optional,
-							org.apache.activemq.security;resolution:=optional,
-							org.springframework.jms.connection;resolution:=optional,
-							org.springframework.ldap.core;resolution:=optional,
-							org.springframework.ldap.core.support;resolution:=optional,
+							org.springframework.beans.factory,
+							*
 						</Import-Package>
 					</instructions>
 				</configuration>
@@ -55,21 +49,14 @@
 			<version>0.2.3-SNAPSHOT</version>
 		</dependency>
 
-		<dependency>
-			<!-- Force inclusion of commons.lang to prevent v2.1.0 to be taken by 
-				Spring Security -->
-			<groupId>org.apache.commons</groupId>
-			<artifactId>com.springsource.org.apache.commons.lang</artifactId>
-		</dependency>
-
 		<!-- Spring -->
 		<dependency>
-			<groupId>org.argeo.dep.osgi</groupId>
-			<artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+			<groupId>org.springframework</groupId>
+			<artifactId>org.springframework.beans</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
-			<artifactId>org.springframework.transaction</artifactId>
+			<artifactId>org.springframework.context</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -81,51 +68,6 @@
 			<groupId>org.slf4j</groupId>
 			<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>org.apache.log4j</groupId>
-			<artifactId>com.springsource.org.apache.log4j</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>com.springsource.slf4j.log4j</artifactId>
-		</dependency>
-
-		<!-- JSON -->
-		<dependency>
-			<groupId>org.codehaus.jackson</groupId>
-			<artifactId>com.springsource.org.codehaus.jackson.mapper</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>com.springsource.json</groupId>
-			<artifactId>com.springsource.json</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.antlr</groupId>
-			<artifactId>com.springsource.org.antlr</artifactId>
-		</dependency>
-
-		<!-- JMS -->
-		<dependency>
-			<groupId>org.argeo.dep.osgi</groupId>
-			<artifactId>org.argeo.dep.osgi.activemq</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>javax.jms</groupId>
-			<artifactId>com.springsource.javax.jms</artifactId>
-			<optional>true</optional>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>org.springframework.jms</artifactId>
-			<optional>true</optional>
-		</dependency>
-
-<!--		<dependency>-->
-<!--			<groupId>org.apache.commons</groupId>-->
-<!--			<artifactId>com.springsource.org.apache.commons.codec</artifactId>-->
-<!--		</dependency>-->
 
 		<!-- TEST -->
 		<dependency>
@@ -133,12 +75,24 @@
 			<artifactId>com.springsource.junit</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.basic</groupId>
+			<artifactId>org.argeo.basic.dep.log4j</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+			<type>pom</type>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.argeo.commons.server</groupId>
 			<artifactId>org.argeo.server.json</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>com.springsource.json</groupId>
+			<artifactId>com.springsource.json</artifactId>
+			<scope>test</scope>
+		</dependency>
 
 	</dependencies>
 </project>
diff --git a/security/runtime/org.argeo.security.ldap/.classpath b/security/runtime/org.argeo.security.ldap/.classpath
new file mode 100644
index 000000000..92f19d2ff
--- /dev/null
+++ b/security/runtime/org.argeo.security.ldap/.classpath
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+	<classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/>
+	<classpathentry kind="src" path="src/main/java"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/security/runtime/org.argeo.security.ldap/.project b/security/runtime/org.argeo.security.ldap/.project
new file mode 100644
index 000000000..942f1404d
--- /dev/null
+++ b/security/runtime/org.argeo.security.ldap/.project
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>org.argeo.security.ldap</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.ManifestBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.pde.SchemaBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.pde.PluginNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>
diff --git a/security/runtime/org.argeo.security.ldap/.settings/org.eclipse.jdt.core.prefs b/security/runtime/org.argeo.security.ldap/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 000000000..740ac21b8
--- /dev/null
+++ b/security/runtime/org.argeo.security.ldap/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,8 @@
+#Wed Feb 16 11:23:43 CET 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
+org.eclipse.jdt.core.compiler.compliance=1.5
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.5
diff --git a/security/runtime/org.argeo.security.ldap/.settings/org.eclipse.pde.core.prefs b/security/runtime/org.argeo.security.ldap/.settings/org.eclipse.pde.core.prefs
new file mode 100644
index 000000000..f09f0de0f
--- /dev/null
+++ b/security/runtime/org.argeo.security.ldap/.settings/org.eclipse.pde.core.prefs
@@ -0,0 +1,4 @@
+#Wed Feb 16 11:23:43 CET 2011
+eclipse.preferences.version=1
+pluginProject.extensions=false
+resolve.requirebundle=false
diff --git a/security/runtime/org.argeo.security.ldap/build.properties b/security/runtime/org.argeo.security.ldap/build.properties
new file mode 100644
index 000000000..5fc538bc8
--- /dev/null
+++ b/security/runtime/org.argeo.security.ldap/build.properties
@@ -0,0 +1,4 @@
+source.. = src/main/java/
+output.. = target/classes/
+bin.includes = META-INF/,\
+               .
diff --git a/security/runtime/org.argeo.security.ldap/pom.xml b/security/runtime/org.argeo.security.ldap/pom.xml
new file mode 100644
index 000000000..9c222e9be
--- /dev/null
+++ b/security/runtime/org.argeo.security.ldap/pom.xml
@@ -0,0 +1,69 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.argeo.commons.security</groupId>
+		<artifactId>runtime</artifactId>
+		<version>0.2.3-SNAPSHOT</version>
+		<relativePath>..</relativePath>
+	</parent>
+	<artifactId>org.argeo.security.ldap</artifactId>
+	<name>Commons Security LDAP</name>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-source-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.felix</groupId>
+				<artifactId>maven-bundle-plugin</artifactId>
+				<version>${version.maven-bundle-plugin}</version>
+				<configuration>
+					<instructions>
+						<Export-Package>
+							org.argeo.security.ldap.*
+						</Export-Package>
+						<Import-Package>
+							org.springframework.core,
+							org.springframework.dao,
+							*
+						</Import-Package>
+					</instructions>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+	<dependencies>
+		<dependency>
+			<groupId>org.argeo.commons.basic</groupId>
+			<artifactId>org.argeo.basic.nodeps</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+		</dependency>
+		<dependency>
+			<groupId>org.argeo.commons.security</groupId>
+			<artifactId>org.argeo.security.core</artifactId>
+			<version>0.2.3-SNAPSHOT</version>
+		</dependency>
+
+		<!-- Spring -->
+		<dependency>
+			<groupId>org.argeo.dep.osgi</groupId>
+			<artifactId>org.argeo.dep.osgi.springframework.ldap</artifactId>
+		</dependency>
+
+		<!-- Logging -->
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>com.springsource.slf4j.org.apache.commons.logging</artifactId>
+		</dependency>
+
+	</dependencies>
+</project>
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
similarity index 99%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
rename to security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
index bf4beb0e8..838a3cb97 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
+++ b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoSecurityDaoLdap.java
@@ -260,7 +260,6 @@ public class ArgeoSecurityDaoLdap implements ArgeoSecurityDao, InitializingBean
 
 	public String encodePassword(String raw) {
 		byte[] salt = null;
-		// TODO: check that Linux auth supports SSHA
 		// byte[] salt = new byte[16];
 		// random.nextBytes(salt);
 		return ldapShaPasswordEncoder.encodePassword(raw, salt);
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java
similarity index 100%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java
rename to security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/ArgeoUserDetailsContextMapper.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/UserNatureMapper.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/UserNatureMapper.java
similarity index 100%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/UserNatureMapper.java
rename to security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/UserNatureMapper.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/nature/CoworkerUserNatureMapper.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/nature/CoworkerUserNatureMapper.java
similarity index 100%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/nature/CoworkerUserNatureMapper.java
rename to security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/nature/CoworkerUserNatureMapper.java
diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/nature/SimpleUserNatureMapper.java b/security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/nature/SimpleUserNatureMapper.java
similarity index 100%
rename from security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ldap/nature/SimpleUserNatureMapper.java
rename to security/runtime/org.argeo.security.ldap/src/main/java/org/argeo/security/ldap/nature/SimpleUserNatureMapper.java
diff --git a/security/runtime/pom.xml b/security/runtime/pom.xml
index 0265ea32f..23e8ddd4f 100644
--- a/security/runtime/pom.xml
+++ b/security/runtime/pom.xml
@@ -14,6 +14,8 @@
 	<modules>
 		<module>org.argeo.security.core</module>
 		<module>org.argeo.security.mvc</module>
+		<module>org.argeo.security.ldap</module>
+		<module>org.argeo.security.activemq</module>
 	</modules>
 	<build>
 		<resources>
diff --git a/server/dep/org.argeo.server.dep.jackrabbit.server/pom.xml b/server/dep/org.argeo.server.dep.jackrabbit.server/pom.xml
index 3d48c8e17..84338825a 100644
--- a/server/dep/org.argeo.server.dep.jackrabbit.server/pom.xml
+++ b/server/dep/org.argeo.server.dep.jackrabbit.server/pom.xml
@@ -170,10 +170,6 @@
 			<groupId>org.dom4j</groupId>
 			<artifactId>com.springsource.org.dom4j</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>javax.xml.stream</groupId>
-			<artifactId>com.springsource.javax.xml.stream</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>org.jdom</groupId>
 			<artifactId>com.springsource.org.jdom</artifactId>
@@ -195,11 +191,23 @@
 			<artifactId>com.springsource.org.xmlpull</artifactId>
 		</dependency>
 
+		<!-- OSGi test -->
 		<dependency>
 			<groupId>org.argeo.commons.osgi</groupId>
 			<artifactId>org.argeo.osgi.boot</artifactId>
 			<version>0.2.3-SNAPSHOT</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>javax.xml.stream</groupId>
+			<artifactId>com.springsource.javax.xml.stream</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.xmlcommons</groupId>
+			<artifactId>com.springsource.org.apache.xmlcommons</artifactId>
+			<scope>test</scope>
+		</dependency>
+
 	</dependencies>
 </project>
\ No newline at end of file
diff --git a/server/dep/org.argeo.server.dep.tomcat/pom.xml b/server/dep/org.argeo.server.dep.tomcat/pom.xml
index 58369e6e3..535ef108b 100644
--- a/server/dep/org.argeo.server.dep.tomcat/pom.xml
+++ b/server/dep/org.argeo.server.dep.tomcat/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.argeo.commons.server</groupId>
@@ -10,7 +11,7 @@
 	<packaging>pom</packaging>
 	<name>Dep Apache Tomcat</name>
 	<dependencies>
-		<!--  Commons Dep -->
+		<!-- Commons Dep -->
 		<dependency>
 			<groupId>org.argeo.commons.basic</groupId>
 			<artifactId>org.argeo.basic.dep.log4j</artifactId>
@@ -27,18 +28,10 @@
 			<groupId>javax.servlet</groupId>
 			<artifactId>com.springsource.javax.servlet.jsp</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>javax.annotation</groupId>
-			<artifactId>com.springsource.javax.annotation</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>javax.persistence</groupId>
 			<artifactId>com.springsource.javax.persistence</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>javax.activation</groupId>
-			<artifactId>com.springsource.javax.activation</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>org.apache.geronimo.specs</groupId>
 			<artifactId>com.springsource.javax.management.j2ee</artifactId>
@@ -51,18 +44,6 @@
 			<groupId>javax.xml.rpc</groupId>
 			<artifactId>com.springsource.javax.xml.rpc</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>javax.xml.soap</groupId>
-			<artifactId>com.springsource.javax.xml.soap</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>javax.transaction</groupId>
-			<artifactId>com.springsource.javax.transaction</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>javax.xml.stream</groupId>
-			<artifactId>com.springsource.javax.xml.stream</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>com.springsource.javax.servlet.jsp</artifactId>
@@ -75,14 +56,6 @@
 			<groupId>javax.el</groupId>
 			<artifactId>com.springsource.javax.el</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>javax.xml.ws</groupId>
-			<artifactId>com.springsource.javax.xml.ws</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>javax.xml.bind</groupId>
-			<artifactId>com.springsource.javax.xml.bind</artifactId>
-		</dependency>
 
 		<!-- Taglibs -->
 		<dependency>
@@ -111,5 +84,6 @@
 			<groupId>org.apache.el</groupId>
 			<artifactId>com.springsource.org.apache.el</artifactId>
 		</dependency>
+
 	</dependencies>
 </project>
\ No newline at end of file
diff --git a/server/runtime/org.argeo.server.core/pom.xml b/server/runtime/org.argeo.server.core/pom.xml
index d07d8c19e..5bf5f47a9 100644
--- a/server/runtime/org.argeo.server.core/pom.xml
+++ b/server/runtime/org.argeo.server.core/pom.xml
@@ -65,10 +65,6 @@
 			<groupId>javax.servlet</groupId>
 			<artifactId>com.springsource.javax.servlet</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>javax.xml.stream</groupId>
-			<artifactId>com.springsource.javax.xml.stream</artifactId>
-		</dependency>
 
 		<!-- Logging -->
 		<dependency>
diff --git a/server/runtime/org.argeo.server.jackrabbit/pom.xml b/server/runtime/org.argeo.server.jackrabbit/pom.xml
index 8af625eec..074d07a41 100644
--- a/server/runtime/org.argeo.server.jackrabbit/pom.xml
+++ b/server/runtime/org.argeo.server.jackrabbit/pom.xml
@@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>org.argeo.commons.server</groupId>
@@ -34,9 +35,10 @@
 							org.argeo.server.jcr.*
 						</Export-Package>
 						<Import-Package>
-							*,
+							org.xml.sax;version="0.0.0",
 							org.springframework.security.providers.jaas;resolution:="optional",
-							junit.framework;resolution:="optional"
+							junit.framework;resolution:="optional",
+							*
 						</Import-Package>
 					</instructions>
 				</configuration>
diff --git a/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/server/jackrabbit/JackrabbitContainer.java b/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/server/jackrabbit/JackrabbitContainer.java
index 6bddeefd2..87738a5cd 100644
--- a/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/server/jackrabbit/JackrabbitContainer.java
+++ b/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/server/jackrabbit/JackrabbitContainer.java
@@ -24,6 +24,7 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Properties;
 
 import javax.jcr.Credentials;
 import javax.jcr.LoginException;
@@ -42,12 +43,14 @@ import org.apache.jackrabbit.commons.cnd.CndImporter;
 import org.apache.jackrabbit.core.RepositoryImpl;
 import org.apache.jackrabbit.core.TransientRepository;
 import org.apache.jackrabbit.core.config.RepositoryConfig;
+import org.apache.jackrabbit.core.config.RepositoryConfigurationParser;
 import org.argeo.ArgeoException;
 import org.springframework.beans.factory.DisposableBean;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.context.ResourceLoaderAware;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
+import org.xml.sax.InputSource;
 
 /**
  * Wrapper around a Jackrabbit repository which allows to configure it in Spring
@@ -59,6 +62,7 @@ public class JackrabbitContainer implements InitializingBean, DisposableBean,
 
 	private Resource configuration;
 	private File homeDirectory;
+	private Resource variables;
 
 	private Boolean inMemory = false;
 
@@ -89,13 +93,23 @@ public class JackrabbitContainer implements InitializingBean, DisposableBean,
 
 		RepositoryConfig config;
 		InputStream in = configuration.getInputStream();
+		InputStream propsIn = null;
 		try {
-			config = RepositoryConfig.create(in,
+			Properties vars = new Properties();
+			if (variables != null) {
+				propsIn = variables.getInputStream();
+				vars.load(propsIn);
+			}
+			// override with system properties
+			vars.putAll(System.getProperties());
+			vars.put(RepositoryConfigurationParser.REPOSITORY_HOME_VARIABLE,
 					homeDirectory.getCanonicalPath());
+			config = RepositoryConfig.create(new InputSource(in), vars);
 		} catch (Exception e) {
 			throw new RuntimeException("Cannot read configuration", e);
 		} finally {
 			IOUtils.closeQuietly(in);
+			IOUtils.closeQuietly(propsIn);
 		}
 
 		if (inMemory)
@@ -217,4 +231,8 @@ public class JackrabbitContainer implements InitializingBean, DisposableBean,
 		this.cndFiles = cndFiles;
 	}
 
+	public void setVariables(Resource variables) {
+		this.variables = variables;
+	}
+
 }
-- 
2.39.2