Hi Christian, I prepared a new pull request for this (
https://github.com/geoserver/geoserver/pull/366).
I think that it should work as you suggested now. Please, review it if you
have time.
Regards,
Mauro Bartolomeoli
2013/10/11 Christian Mueller <[email protected]>
> Hi Mauro
>
> Sorry for the late reply, I was out yesterday.
>
> I think the usage of J2EE isUserInRole() does only make sense if the user
> is authenticated in the J2EE Container. If the user is not authenticated in
> the container, isUserInRole() will always return false.
>
> There is no j2ee authentication for CAS and any other kinds of proxy
> authentication. Unfortunately, this requires a J2eeBaseAuthenticationConfig
> with
> a new enum.
>
> What do you think ?
>
>
>
>
>
> On Thu, Oct 10, 2013 at 9:58 AM, Mauro Bartolomeoli <
> [email protected]> wrote:
>
>> Hi Christian, see my answers below.
>>
>>
>> 2013/10/9 Christian Mueller <[email protected]>
>>
>>>
>>> GeoServerPreAuthenticationFilter
>>> - GeoServerPreAuthenticatedUserNameFilter
>>> ---- GeoServerCasAuthenticationFilter
>>> ---- GeoServerRequestHeaderAuthenticationFilter
>>> ---- GeoServerJ2eeBaseAuthenticationFilter
>>> ----------- GeoServerX509CertificateAuthenticationFilter
>>> ----------- GeoServerJ2eeAuthenticationFilter
>>>
>>> There is a new abstract class GeoServerJ2eeBaseAuthenticationFilter
>>> adding the J2EE "isUserInRole" stuff and adding a new J2EE RoleSource. I
>>> assume the same behavior concerning roles independent of how you
>>> authenticate against the J2EE Container.
>>>
>>
>> My only concern with this approach is that since RoleSource is an enum
>> defined inside PreAuthenticatedUserNameFilterConfig to have some coherence,
>> if I add a new value into it (J2EE) it would make sense to support it
>> directly inside GeoServerPreAuthenticatedUserNameFilter as we do with the
>> other RoleSource values adding a new getRolesFromJ2EE method and using it
>> in the getRoles method. This way also GeoServerCasAuthenticationFilter,
>> GeoServerRequestHeaderAuthenticationFilter and so on would get roles from
>> J2EE fetching support.
>>
>> Obviously with this approach the GeoServerJ2eeBaseAuthenticationFilter
>> abstract class would be needed anymore.
>>
>>
>> What do you think?
>>
>> Regards,
>> Mauro
>>
>> --
>> ==
>> Our support, Your Success! Visit http://opensdi.geo-solutions.it for
>> more information.
>> ==
>>
>> Dott. Mauro Bartolomeoli
>> @mauro_bart
>> Senior Software Engineer
>>
>> GeoSolutions S.A.S.
>> Via Poggio alle Viti 1187
>> 55054 Massarosa (LU)
>> Italy
>> phone: +39 0584 962313
>> fax: +39 0584 1660272
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>
>
>
> --
> DI Christian Mueller MSc (GIS), MSc (IT-Security)
> OSS Open Source Solutions GmbH
>
>
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
