On Mon, Jul 12, 2010 at 7:20 AM, Andrea Aime <[email protected]> wrote:
> Sebastian Benthall ha scritto: > > Replying to the geonode public list. Comments in-line > > > > On Thu, Jul 8, 2010 at 7:19 AM, Andrea Aime <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi, > > wondering about the security integration and the GeoServer GUI, > > in particular logging in as an administrator. > > > > Is the GeoServer GUI supposed to be unreachable for administration > > tasks in the GeoNode embedding? > > > > > > For this release the use of the embedded GeoServer's admin UI is > > unspecified for GeoNode 1.0 > > > > So, access is not restricted. It is also not supported (all admin > > functions should be done through the web application interface). So, > > "use at your own risk." > > > > > > > > I'm also wondering about RestConfig usage and the administration > > role. The protocol designed at > > > http://atlas.openplans.org/~dwinslow/geonode-spec/spec/technical/geonode-core/geoserver/permissions.html > > only tells which layers a user can access, but does not tell me > > if the user is supposed to be an administrator or not. > > > > This is trouble as normally RestConfig operations are allowed only > > to the administrator, so we also need to get one user marked as an > > admin, otherwise remote configuration won't be possible. > > That may also allow for GUI login, assuming that is desirable > > > > > > My understanding is that the embedded GeoServer instance is assumed to > > have an administrative user, the web application is configured with the > > credentials for that administrative user, and the web application uses > > those credentials when performing RestConfig operations. > > Right, but there is a catch: the moment we switch GeoServer to use > GeoNode users, GeoNode will have to tell us who the administrator is, > otherwise GeoServer will become locked down. > Because, you know, once the integration is done, there is no more > such a thing as a GeoServer user, there will only be GeoNode > users and at least one of them will have to have some GeoServer > administration power, otherwise GS rest configuration will be locked > down irreparably. > > Do you have the concept of an administrator user in GeoNode? > If so, we need to modify the json exchanges between GeoServer and > GeoNode so that the administration flag is communicated. > > If instead you don't have a concept of administrator... uh... > we're in trouble. > I guess that at worse you can still the GeoNode security API > fake the existance of a GeoServer admin user whose username > and password are known to GeoNode only. > > Cheers > Andrea > > -- > Andrea Aime > OpenGeo - http://opengeo.org > Expert service straight from the developers. > There is a concept of the admin user in GeoNode, so we are in the clear. Good catch! -- Sebastian Benthall OpenGeo - http://opengeo.org
