Hi Mauro
Sorry for the late reply, I was out yesterday.
I think the usage of J2EE isUserInRole() does only make sense if the user
is authenticated in the J2EE Container. If the user is not authenticated in
the container, isUserInRole() will always return false.
There is no j2ee authentication for CAS and any other kinds of proxy
authentication. Unfortunately, this requires a
J2eeBaseAuthenticationConfig with
a new enum.
What do you think ?
On Thu, Oct 10, 2013 at 9:58 AM, Mauro Bartolomeoli <
[email protected]> wrote:
> Hi Christian, see my answers below.
>
>
> 2013/10/9 Christian Mueller <[email protected]>
>
>>
>> GeoServerPreAuthenticationFilter
>> - GeoServerPreAuthenticatedUserNameFilter
>> ---- GeoServerCasAuthenticationFilter
>> ---- GeoServerRequestHeaderAuthenticationFilter
>> ---- GeoServerJ2eeBaseAuthenticationFilter
>> ----------- GeoServerX509CertificateAuthenticationFilter
>> ----------- GeoServerJ2eeAuthenticationFilter
>>
>> There is a new abstract class GeoServerJ2eeBaseAuthenticationFilter
>> adding the J2EE "isUserInRole" stuff and adding a new J2EE RoleSource. I
>> assume the same behavior concerning roles independent of how you
>> authenticate against the J2EE Container.
>>
>
> My only concern with this approach is that since RoleSource is an enum
> defined inside PreAuthenticatedUserNameFilterConfig to have some coherence,
> if I add a new value into it (J2EE) it would make sense to support it
> directly inside GeoServerPreAuthenticatedUserNameFilter as we do with the
> other RoleSource values adding a new getRolesFromJ2EE method and using it
> in the getRoles method. This way also GeoServerCasAuthenticationFilter,
> GeoServerRequestHeaderAuthenticationFilter and so on would get roles from
> J2EE fetching support.
>
> Obviously with this approach the GeoServerJ2eeBaseAuthenticationFilter
> abstract class would be needed anymore.
>
>
> What do you think?
>
> Regards,
> Mauro
>
> --
> ==
> Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
> information.
> ==
>
> Dott. Mauro Bartolomeoli
> @mauro_bart
> Senior Software Engineer
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
