Hi all, during the GSOC 2011 I am working on this issue.. http://jira.codehaus.org/browse/GEOS-4554
I plan to split the architecture into two components, a user/group management and a role authority. As an example, it should be possible to get user/group info form the OS or a Database and storing roles in property files. Many combinations are possible. At the moment, we have a file GEOSERVER_DATA_DIR/security/users.properties with the following syntax user=password,role1,....rolen,[enabled | disabled ] This gives me headaches because password and enabled status belong to user/group management while the roles belong to the role authority. For a clean architecture I need 6 files users.properties // user attributes without roles groups.properties // group attributes without roles roles.properties // roles user_group.properties // "belongs to" relationship user_roles.properties // "user has roles" relationship group_roles.properties // "group has roles" relationship An idea is to put these file in its own subdir GEOSERVER_DATA_DIR/security/propertybased/* The migration would be the following: On first start, read the file GEOSERVER_DATA_DIR/security/users.properties , create the directoy hierarchy and new files, migrate, write a migration message in the log and inform the admin that he can remove the old user.properties. On the following starts, if GEOSERVER_DATA_DIR/security/users.properties exists, I will write a warning in the log to remove that file, since it is no longer used, but contains passwords. Opinions ? ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
