Sebastian Benthall ha scritto: > Replying to the geonode public list. Comments in-line > > On Thu, Jul 8, 2010 at 7:19 AM, Andrea Aime <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > wondering about the security integration and the GeoServer GUI, > in particular logging in as an administrator. > > Is the GeoServer GUI supposed to be unreachable for administration > tasks in the GeoNode embedding? > > > For this release the use of the embedded GeoServer's admin UI is > unspecified for GeoNode 1.0 > > So, access is not restricted. It is also not supported (all admin > functions should be done through the web application interface). So, > "use at your own risk." > > > > I'm also wondering about RestConfig usage and the administration > role. The protocol designed at > > http://atlas.openplans.org/~dwinslow/geonode-spec/spec/technical/geonode-core/geoserver/permissions.html > only tells which layers a user can access, but does not tell me > if the user is supposed to be an administrator or not. > > This is trouble as normally RestConfig operations are allowed only > to the administrator, so we also need to get one user marked as an > admin, otherwise remote configuration won't be possible. > That may also allow for GUI login, assuming that is desirable > > > My understanding is that the embedded GeoServer instance is assumed to > have an administrative user, the web application is configured with the > credentials for that administrative user, and the web application uses > those credentials when performing RestConfig operations.
Right, but there is a catch: the moment we switch GeoServer to use GeoNode users, GeoNode will have to tell us who the administrator is, otherwise GeoServer will become locked down. Because, you know, once the integration is done, there is no more such a thing as a GeoServer user, there will only be GeoNode users and at least one of them will have to have some GeoServer administration power, otherwise GS rest configuration will be locked down irreparably. Do you have the concept of an administrator user in GeoNode? If so, we need to modify the json exchanges between GeoServer and GeoNode so that the administration flag is communicated. If instead you don't have a concept of administrator... uh... we're in trouble. I guess that at worse you can still the GeoNode security API fake the existance of a GeoServer admin user whose username and password are known to GeoNode only. Cheers Andrea -- Andrea Aime OpenGeo - http://opengeo.org Expert service straight from the developers.
