On Wed, May 25, 2011 at 9:11 AM, <[email protected]> wrote:
> Quoting Justin Deoliveira <[email protected]>:
>
> Hi Christian,
>>
>> Any reason why a specific subdir is needed? Is it planned that
>> other different security configurations would store files under the
>> "security" base directory?
>>
>
> Yep, configuration files for connecting to other background stores like
> ldap, jdbc,.....
>
>
> If so maybe a name like "basic" or "default"
>
>> might be a little better than "propertybased".
>>
>
> "default" is nice, this is the out of the box solution.
>
>
>
>> An alternative would be to continue to use that directory but instead look
>> for the existence of one of the new files... like groups.properties and if
>> it does't exist then do the upgrade of the config file. This is what we do
>> when we update the data directory.
>>
>
> Looking for the existence of new files is what I want to do. I am unsure if
> I
> should migrate users.properties directly or make a backup for the admin for
> later manual removal.
>
> Not sure what makes more sense... but again in the data dir upgrade case we
take the old catalog.xml and services.xml and move them to catalog.xml.old,
etc... so that to leave them in place in case the admin wants to revert...
but put the new ones in place as per the upgrade.
Christian
>
>
>
>> 2c.
>>
>> -Justin
>>
>> On Wed, May 25, 2011 at 2:52 AM, <[email protected]> wrote:
>>
>>
>>>
>>> Hi all, during the GSOC 2011 I am working on this issue..
>>> http://jira.codehaus.org/browse/GEOS-4554
>>>
>>> I plan to split the architecture into two components, a user/group
>>> management and a role authority. As an example, it should be possible
>>> to get user/group info form the OS or a Database and storing roles in
>>> property files. Many combinations are possible.
>>>
>>> At the moment, we have a file
>>> GEOSERVER_DATA_DIR/security/users.properties
>>> with the following syntax
>>>
>>> user=password,role1,....rolen,[enabled | disabled ]
>>>
>>> This gives me headaches because password and enabled status belong to
>>> user/group management while the roles belong to the role authority.
>>>
>>> For a clean architecture I need 6 files
>>> users.properties // user attributes without roles
>>> groups.properties // group attributes without roles
>>> roles.properties // roles
>>> user_group.properties // "belongs to" relationship
>>> user_roles.properties // "user has roles" relationship
>>> group_roles.properties // "group has roles" relationship
>>>
>>> An idea is to put these file in its own subdir
>>> GEOSERVER_DATA_DIR/security/propertybased/*
>>>
>>> The migration would be the following:
>>> On first start, read the file
>>> GEOSERVER_DATA_DIR/security/users.properties , create the directoy
>>> hierarchy and new files, migrate, write a migration message in the log
>>> and inform the admin that he can remove the old user.properties.
>>>
>>> On the following starts, if
>>> GEOSERVER_DATA_DIR/security/users.properties exists, I will write a
>>> warning in the log to remove that file, since it is no longer used,
>>> but contains passwords.
>>>
>>> Opinions ?
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> vRanger cuts backup time in half-while increasing security.
>>> With the market-leading solution for virtual backup and recovery,
>>> you get blazing-fast, flexible, and affordable data protection.
>>> Download your free trial now.
>>> http://p.sf.net/sfu/quest-d2dcopy1
>>> _______________________________________________
>>> Geoserver-devel mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>>
>>>
>>
>>
>> --
>> Justin Deoliveira
>> OpenGeo - http://opengeo.org
>> Enterprise support for open source geospatial.
>>
>>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
