Index: xdocs/guides/guide-ajax-api.xml
===================================================================
--- xdocs/guides/guide-ajax-api.xml	(revision 537111)
+++ xdocs/guides/guide-ajax-api.xml	(working copy)
@@ -846,7 +846,148 @@
 		</td>    
 	</tr>
 </table>
-</subsection>        
+</subsection>
+
+<subsection name='getuseinfo'>
+<table>		
+
+    <tr>
+        <td>API:</td>
+        <td>getuseinfo</td>
+    </tr>
+    <tr>
+        <td>Component:</td>
+        <td>AjaxGetUserInformation</td>
+    </tr>
+    <tr>
+        <td>Description:</td>
+        <td>Returns information about the currently logged in user. Can be used for example in AJAX based portlets to retrieve the userinfo in a more robust way. Will return success only if a user is currenly logged in, otherwise will return false.</td>
+    </tr>
+    <tr>
+        <td>Parameters:</td>
+        <table>
+			<tr>
+				<td>action</td>
+				<td>getuserinfo</td>				
+			</tr>                                   
+		</table>
+    </tr>
+    <tr>
+        <td>API example:</td>
+		<td>
+<source><![CDATA[			
+http://localhost:8080/jetspeed/ajaxapi?action=getuserinfo
+]]></source>			
+		</td>    
+	</tr>
+    <tr>
+        <td>XML Response:</td>
+		<td>
+<source><![CDATA[
+<js>
+    <status>success</status>
+    <action>userinformation</action>
+    <username>admin</username> 
+    <type>org.apache.jetspeed.security.impl.UserPrincipalImpl</type>
+    <userinfo>
+        <user.name.given>Test Dude</user.name.given>
+        <user.name.family>Dudley</user.name.family>
+    </userinfo>
+</js>
+]]></source>		
+		</td>    
+	</tr>
+</table>
+</subsection>
+
+<subsection name='getuserlist'>
+<table>		
+
+    <tr>
+        <td>API:</td>
+        <td>getuseinfo</td>
+    </tr>
+    <tr>
+        <td>Component:</td>
+        <td>AjaxGetUserList</td>
+    </tr>
+    <tr>
+        <td>Description:</td>
+        <td>Provides basic information (username, ip-address, number of sessions and status) about currently logged in users in xml-format. Optionally it can also provide more detailed userinformation, number of guest sessions and include offline users as well.</td>
+    </tr>
+    <tr>
+        <td>Parameters:</td>
+        <table>
+			<tr>
+				<td>action</td>
+				<td>getuserinfo</td>
+			</tr>
+            <tr>
+                <td>userinfo</td>
+                <td>Whether we should include also userinfo (true | false [default])</td>
+            </tr>
+            <tr>
+                <td>offline</td>
+                <td>Whether we should include offline users (true | false [default])</td>
+            </tr>
+            <tr>
+                <td>guest</td>
+                <td>Whether we should return also the guest sessions (true | false [default])</td>
+            </tr>
+            <tr>
+                <td>all</td>
+                <td>If set to true, will return every bits and piece there is (true | false [default])</td>
+            </tr>
+		</table>
+    </tr>
+    <tr>
+        <td>
+            <p>
+                By default the private information (emails, etc..) is protected with
+                RolesSecurityBehavior security, but can be changed in <a href="http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/src/webapp/WEB-INF/assembly/ajax-layout.xml?view=markup">AJAX configuration</a>
+                by altering the protectionScope constructor value to either "all" to protect
+                even the basic information or to "none" when everything will be shown for everyone (not wise on production).
+                The default value "private" will show just the basic information of online/offline users and number of guest sessions,
+                as the "private-offline" will not show even the offline users. Possible protectionScope values are "all",
+                "private-offline", "private" and "none".
+            </p>
+        </td>
+    </tr>
+    <tr>
+        <td>API example:</td>
+		<td>
+<source><![CDATA[			
+http://localhost:8080/jetspeed/ajaxapi?action=getuserlist&userinfo=true&guest=true
+]]></source>			
+		</td>    
+	</tr>
+    <tr>
+        <td>XML Response:</td>
+		<td>
+<source><![CDATA[
+<js>
+    <status>success</status>
+    <action>getuserlist</action>
+    <users>
+        <user>
+            <username>admin</username>
+            <sessions>1</sessions>
+            <status>online</status>
+            <ipaddress>127.0.0.1</ipaddress>
+            <userinfo>
+                <user.name.given>Test Dude</user.name.given>
+                <user.name.family>Dudley</user.name.family>
+            </userinfo>
+        </user>
+        <guests>0</guests>
+    </users>
+</js>
+]]></source>		
+		</td>    
+	</tr>
+</table>
+</subsection>
+        
 </section>
 
 <section name='Spring Assembly'>
@@ -892,9 +1033,27 @@
             <entry key="getpages">
                 <ref bean="AjaxGetPages"/>
             </entry>			
+            <entry key="getfolder">
+                <ref bean="AjaxGetFolder"/>
+            </entry>			            
+            <entry key="getlink">
+                <ref bean="AjaxGetLink"/>
+            </entry>			                        
+            <entry key="getfolderlist">
+                <ref bean="AjaxGetFolderList"/>
+            </entry>			                        
+            <entry key="getfolders">
+                <ref bean="AjaxGetFoldersList"/>
+            </entry>			      						
+            <entry key="getthemes">
+                <ref bean="AjaxGetThemes"/>
+            </entry>
+            <entry key="getactions">
+                <ref bean="AjaxGetActions"/>
+            </entry>
             <entry key="window">
                 <ref bean="AjaxChangeWindow"/>
-            </entry>			            
+            </entry>
             <entry key="getmenus">
                 <ref bean="AjaxGetMenus"/>
             </entry>			            
@@ -904,6 +1063,24 @@
             <entry key="permissions">
                 <ref bean="AjaxSecurityPermissions"/>
             </entry>			                        
+            <entry key="constraints">
+                <ref bean="AjaxSecurityConstraints"/>
+            </entry>			          
+            <entry key="updatefolder">
+                <ref bean="AjaxUpdateFolder"/>                
+            </entry>                          
+            <entry key="updatepage">
+                <ref bean="AjaxUpdatePage"/>                
+            </entry>              
+            <entry key="updatelink">
+                <ref bean="AjaxUpdateLink"/>                
+            </entry>                                                              
+            <entry key="getuserinfo">
+                <ref bean="AjaxGetUserInformation"/>                
+            </entry>
+            <entry key="getuserlist">
+                <ref bean="AjaxGetUserList"/>                
+            </entry>
         </map>
     </constructor-arg>
     <constructor-arg index="1">
Index: components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java
===================================================================
--- components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java	(revision 537111)
+++ components/portal/src/java/org/apache/jetspeed/layout/impl/GetUserListAction.java	(working copy)
@@ -69,6 +69,8 @@
     protected Log log = LogFactory.getLog(GetUserListAction.class);
     private PortalStatistics pstats = null;
     private PortalSessionsManager psm = null;
+    // By default the protection is set to all
+    private String protectionScope = "all";
 
     private final String PARAM_GUEST = "guest";
     private final String PARAM_USERINFO = "userinfo";
@@ -96,23 +98,26 @@
     	this.psm = psm;
     }
     
+    public GetUserListAction(String template, 
+            String errorTemplate, 
+            UserManager um,
+            PortalStatistics pstats,
+            PortalSessionsManager psm, 
+            RolesSecurityBehavior securityBehavior,
+            String protectionScope)
+    {
+    	super(template, errorTemplate, um, securityBehavior); 
+    	this.pstats = pstats;
+    	this.psm = psm;
+    	this.protectionScope = protectionScope;
+    }
+    
     public boolean run(RequestContext requestContext, Map resultMap)
             throws AJAXException
     {
         boolean success = true;
         String status = "success";
         
-    	// Do a security check if a behavior is set
-    	if(securityBehavior != null)
-    	{
-    		if(!checkAccess(requestContext, JetspeedActions.EDIT))
-    		{
-    			success = false;
-                resultMap.put(REASON, "Insufficient access see user details.");                
-                return success;
-    		}
-    	}
-
     	boolean includeGuests;
     	boolean includeUserInfo;
         boolean includeOffline;
@@ -131,6 +136,35 @@
         	includeUserInfo = isTrue(getActionParameter(requestContext, PARAM_USERINFO));
         }
         
+    	// Do a security check if a behavior is set
+    	if(securityBehavior != null)
+    	{
+    		// If protection is set to "none", everything will be allowed
+    		if(!checkAccess(requestContext, JetspeedActions.EDIT) && !this.protectionScope.equals("none"))
+    		{
+    			// If we have set protection to private only and security check failed,
+    			// will return basic information still
+    			if(this.protectionScope.equals("private-offline"))
+    			{
+    				// If private and offline information is protected, disable that and offline users.
+    				includeUserInfo = false;
+    				includeOffline = false;
+    			}
+    			else if(this.protectionScope.equals("private"))
+    			{
+    				// Only private information is protected.
+    				includeUserInfo = false;
+    			}
+    			else
+    			{
+    				
+	    			success = false;
+	                resultMap.put(REASON, "Insufficient access see user details.");                
+	                return success;
+    			}
+    		}
+    	}
+        
         int numberOfCurrentUsers = 0;
         int numberOfCurrentLoggedInUsers = 0;
         
Index: src/webapp/WEB-INF/assembly/ajax-layout.xml
===================================================================
--- src/webapp/WEB-INF/assembly/ajax-layout.xml	(revision 537111)
+++ src/webapp/WEB-INF/assembly/ajax-layout.xml	(working copy)
@@ -507,6 +507,17 @@
     </constructor-arg>
 </bean>
 
+<!-- 
+    == AjaxGetUserList Constructor Arguments ==
+    index 0 = render response VM template, generates XML NORMAL response
+    index 1 = render response VM template, generates XML ERROR response
+    index 2 = User Manager
+    index 3 = Portal statistics
+    index 4 = Portal session manager
+    index 5 = Security behavior
+    index 6 = Protection scope
+    -->
+
 <bean id="AjaxGetUserList"
     class="org.apache.jetspeed.layout.impl.GetUserListAction">
     <constructor-arg index="0">
@@ -527,6 +538,9 @@
 	<constructor-arg index='5'>
         <ref bean="RolesSecurityBehavior"/>
     </constructor-arg>
+    <constructor-arg index='6'>
+        <value>private</value>
+    </constructor-arg>
 </bean>
     
 <bean id="AjaxActionMap" class="java.util.HashMap">

API:	getuseinfo
Component:	AjaxGetUserInformation
Description:	Returns information about the currently logged in user. Can be used for example in AJAX based portlets to retrieve the userinfo in a more robust way. Will return success only if a user is currenly logged in, otherwise will return false.
Parameters:
action	getuserinfo
userinfo	Whether we should include also userinfo (true \| false [default])
offline	Whether we should include offline users (true \| false [default])
guest	Whether we should return also the guest sessions (true \| false [default])
all	If set to true, will return every bits and piece there is (true \| false [default])