Quoting Justin Deoliveira <[email protected]>: > Hi Christian, > > Any reason why a specific subdir is needed? Is it planned that > other different security configurations would store files under the > "security" base directory?
Yep, configuration files for connecting to other background stores like ldap, jdbc,..... If so maybe a name like "basic" or "default" > might be a little better than "propertybased". "default" is nice, this is the out of the box solution. > > An alternative would be to continue to use that directory but instead look > for the existence of one of the new files... like groups.properties and if > it does't exist then do the upgrade of the config file. This is what we do > when we update the data directory. Looking for the existence of new files is what I want to do. I am unsure if I should migrate users.properties directly or make a backup for the admin for later manual removal. Christian > > 2c. > > -Justin > > On Wed, May 25, 2011 at 2:52 AM, <[email protected]> wrote: > >> >> >> Hi all, during the GSOC 2011 I am working on this issue.. >> http://jira.codehaus.org/browse/GEOS-4554 >> >> I plan to split the architecture into two components, a user/group >> management and a role authority. As an example, it should be possible >> to get user/group info form the OS or a Database and storing roles in >> property files. Many combinations are possible. >> >> At the moment, we have a file >> GEOSERVER_DATA_DIR/security/users.properties >> with the following syntax >> >> user=password,role1,....rolen,[enabled | disabled ] >> >> This gives me headaches because password and enabled status belong to >> user/group management while the roles belong to the role authority. >> >> For a clean architecture I need 6 files >> users.properties // user attributes without roles >> groups.properties // group attributes without roles >> roles.properties // roles >> user_group.properties // "belongs to" relationship >> user_roles.properties // "user has roles" relationship >> group_roles.properties // "group has roles" relationship >> >> An idea is to put these file in its own subdir >> GEOSERVER_DATA_DIR/security/propertybased/* >> >> The migration would be the following: >> On first start, read the file >> GEOSERVER_DATA_DIR/security/users.properties , create the directoy >> hierarchy and new files, migrate, write a migration message in the log >> and inform the admin that he can remove the old user.properties. >> >> On the following starts, if >> GEOSERVER_DATA_DIR/security/users.properties exists, I will write a >> warning in the log to remove that file, since it is no longer used, >> but contains passwords. >> >> Opinions ? >> >> ---------------------------------------------------------------- >> This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> Geoserver-devel mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > > > > -- > Justin Deoliveira > OpenGeo - http://opengeo.org > Enterprise support for open source geospatial. > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
