Hi all
During the last weeks I worked on hardening the new security system and
finished some days ago. The result is a big patch and Justin pointed out
that we have to discuss the patch because of the the time frame. The
mistake I did was not splitting the changes into smaller chunks.
What is in the patch:
1) Finishing the role concept. Since it is possible to have more than one
role service, role names must be unique across role services. This is
extremely important concerning access control.
2) Refactoring code marked as deprecated. This was quite a mechanical work.
3) A lot of bug fixes concerning the admin gui. The core code itself is
stable since some weeks.
The patch itself is here
https://github.com/mcrmcr/geoserver-1/commit/3672723e7a5656c0ea0d64cf6b78a34088c71831
At a first look, the patch appears big, but there are no new concepts, a
better description of the role concept is here
http://jira.codehaus.org/browse/GEOS-5101
The question is how to continue, two facts I want to point out
- We cannot make a 2.2.0 release without the changes. The system would not
work correctly.
- My next steps would be to review/complete the security documentation and
during this work, make a next round hardening the code.
Opinions ?.
If there are questions, pleas ask, I will answer ASAP, I spent about one
year of work in the new security architecture.
Thanks in advance
Christian
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
