Bug fix to allow compilation of JSP pages for the admin console when running with -DdevelopmentMode=true.
Fixed by adding jetty-annotations of appropriate version and using the servlet container initializer inside there.
Includes a change to mark index.html as the welcome page rather than the jsp to avoid bypassing context security in development mode.

* Added: Add a group with role to a chat room
* Added: Occupants endpoint for chat room
* Fixed: Admin and Member list to group endpoint

* Added occupants endpoint to restAPI plugin

Eclipse project: Add extra plugins

Eclipse project: Add as many plugin source directories and their libraries as possible. Unable to add rayo / clustering due to class collisions.

OF-1128: New plugin to resize vCard-based avatars

Added logo's and documentation.

This commit adds a prototype plugin, based on code provided in the
Ignite Realtime community: https://community.igniterealtime.org/thread/58477

Update eclipse project file to reflect changed list of jars. 

Update eclipse project file to reflect changed list of jars. Verified as building and running under Eclipse Luna.

OF-1126: Abstract implemenation should not change signature

The abstract implementation of GroupProvider should not hide the thrown
clause as defined by the createGroup() signature.

OF-1120 Additional fix for the default behavior

OF-836 / OF-941 / OF-777

Various SASL-related changes

Openfire should not need to be restarted after a configuration change for SASL.

The GSSAPI SASL mechanism can be enabled by default. It won't be offered
unless there is a specific gssapi-configuration option present.

Openfire should not offer SASL mechanisms if the JVM has no implementation for them.

The changes for OF-1092 accidentally removed a snippet of code that translates
a non-optional part of the GSSAPI SASL configuration. This commit restores that,
with a difference: the configuration is now checked continuously, intead of just
on server startup. This allows for configuration changes that need not be followed
by an Openfire restart.

OF-1119: Do not depend on ordering of chains

When validating a certificate chain, the provided chain aught to be ordered. If our
own ordering fails, we should use the first certifcate of the (unordered) chain,
instead of failing completely.

Set affiliation to 'none' after removing registration from room.

Fixing NPE in RemoteSession

Fix non-working XEP-0136 for monitoring plugin

Include nickname in actor element when kick a MUC occupant.

OF-1115 Use Java 8 for Debian packaging

OF-1093: Allow for empty/unknown user creation dates.

OF-1118: Don't try to use unsupported encryption settings.

Stored preferences of encryption protocols and/or cipher suites might include
non-supported items. To prevent issues, the list of preferences should be checked
against the currently supported items.

Extending the previous commit, this adds CSRF to a number of high-value target
pages, including user password changing, dleetion, lockout, etc, and also for
the login page (to avoid a class of attack we probably don't care about).

The CSRF mechanism requires manual addition to each form, but has been
design reviewed by Simon Waters (Surevine Ltd).

Reflected XSS in import-keystore-certificate.jsp via the passphrase.

Reported by Florian Nivette of Sysdream.