Hi Mauro
If I got it right, you want a filter to act as an end point for a pass
through authentication. If this is the case, please create a new filter
class or class hierarchy, your filter should be named
"GeoServerPassThroughAuthEndPointFilter" or similar.
This class or class hierarchy should not be part of the hierarchy of
preauthenticated filters, this would be confusing.
I am against a new community module, I would vote for adding this filter in
the core code.
Cheers
Christian
On Thu, Oct 9, 2014 at 10:55 AM, Simone Giannecchini <
[email protected]> wrote:
> Ciao Mauro,
> please, see my commens inline below...
>
>
> Regards,
> Simone Giannecchini
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/NWWaa2 for more information.
> ==
>
> Ing. Simone Giannecchini
> @simogeo
> Founder/Director
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 333 8128928
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate.
> Il loro utilizzo è consentito esclusivamente al destinatario del
> messaggio, per le finalità indicate nel messaggio stesso. Qualora
> riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
> cortesemente di darcene notizia via e-mail e di procedere alla
> distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
> Conservare il messaggio stesso, divulgarlo anche in parte,
> distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
> diverse, costituisce comportamento contrario ai principi dettati dal
> D.Lgs. 196/2003.
>
> The information in this message and/or attachments, is intended solely
> for the attention and use of the named addressee(s) and may be
> confidential or proprietary in nature or covered by the provisions of
> privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New
> Data Protection Code).Any use not in accord with its purpose, any
> disclosure, reproduction, copying, distribution, or either
> dissemination, either whole or partial, is strictly forbidden except
> previous formal approval of the named addressee(s). If you are not the
> intended recipient, please contact immediately the sender by
> telephone, fax or e-mail and delete the information in this message
> that has been received in error. The sender does not give any warranty
> or accept liability as the content, accuracy or completeness of sent
> messages and accepts no responsibility for changes made after they
> were sent or for other risks which arise as a result of e-mail
> transmission, viruses, etc.
>
>
> On Thu, Oct 9, 2014 at 10:47 AM, Mauro Bartolomeoli
> <[email protected]> wrote:
> > Hi,
> > recently we worked on a custom AuthenticationFilter that uses request
> > headers in a more sophisticated way than the standard request
> authentication
> > filter does.
> >
> > The main differences are:
> > - the credentials (password) is extracted from request headers in
> addition
> > to the username, so the filter is not preauthenticated, but uses the
> > authentication providers chain to do the authentication
> > - username and password can be extracted from a complex header value
> using
> > a regular expression (one for each)
> >
> > Our use case is to use the ability of frontends like Apache to forward
> > credentials to the underlying Tomcat in a session header. This header is
> > usually encrypted in browser to Apache communication, but sent in clear
> to
> > the underlying Tomcat, so it can be easily parsed and used by Geoserver
> to
> > fetch authentication data from Apache itself.
> >
> > We would like to contribute the work done.
> >
> > I was thinking of two possibile options:
> > - a new community module
> > - adding some configuration flags to the existing request header
> > authentication filter to allow for:
> > * optionally extracting the password and using the authentication
> > providers chain to authenticate
> > * specify regular expressions to extract the username (and optionally
> the
> > password) from the header(s)
> >
> > Any thoughts?
>
> I am keen on the secondo option as I am always under the impression
> that we have way too many extension modules and I would suggest to
> avoid adding new one when needed/possible.
>
>
> >
> > Regards,
> > Mauro Bartolomeoli
> >
> > --
> > ==
> > GeoServer Professional Services from the experts! Visit
> > http://goo.gl/NWWaa2 for more information.
> > ==
> >
> > Dott. Mauro Bartolomeoli
> > @mauro_bart
> > Senior Software Engineer
> >
> > GeoSolutions S.A.S.
> > Via Poggio alle Viti 1187
> > 55054 Massarosa (LU)
> > Italy
> > phone: +39 0584 962313
> > fax: +39 0584 1660272
> >
> > http://www.geo-solutions.it
> > http://twitter.com/geosolutions_it
> >
> > -------------------------------------------------------
> >
> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> >
> > Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i
> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> > utilizzo è consentito esclusivamente al destinatario del messaggio, per
> le
> > finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio
> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
> notizia
> > via e-mail e di procedere alla distruzione del messaggio stesso,
> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo
> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo
> per
> > finalità diverse, costituisce comportamento contrario ai principi dettati
> > dal D.Lgs. 196/2003.
> >
> >
> >
> > The information in this message and/or attachments, is intended solely
> for
> > the attention and use of the named addressee(s) and may be confidential
> or
> > proprietary in nature or covered by the provisions of privacy act
> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> > Code).Any use not in accord with its purpose, any disclosure,
> reproduction,
> > copying, distribution, or either dissemination, either whole or partial,
> is
> > strictly forbidden except previous formal approval of the named
> > addressee(s). If you are not the intended recipient, please contact
> > immediately the sender by telephone, fax or e-mail and delete the
> > information in this message that has been received in error. The sender
> does
> > not give any warranty or accept liability as the content, accuracy or
> > completeness of sent messages and accepts no responsibility for changes
> > made after they were sent or for other risks which arise as a result of
> > e-mail transmission, viruses, etc.
> >
> >
> >
> ------------------------------------------------------------------------------
> > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Geoserver-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/geoserver-devel
> >
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
