Hi Mauro
In any case we should avoid code duplication and utility classes. I am fine
with a distinct implementation too. "CredentialsFromHTTPHeader" sounds fine
:-)
Go on, I assume you will make a pull request for discussion.
Cheers
Christian
On Thu, Oct 9, 2014 at 2:57 PM, Mauro Bartolomeoli <
[email protected]> wrote:
> Hi Christian,
>
>
> 2014-10-09 13:18 GMT+02:00 Christian Mueller <
> [email protected]>:
>
>> Hi Mauro
>>
>> If I got it right, you want a filter to act as an end point for a pass
>> through authentication. If this is the case, please create a new filter
>> class or class hierarchy, your filter should be named
>> "GeoServerPassThroughAuthEndPointFilter" or similar.
>>
>>
> Uhm... I am not sure we need another hierarchy. I agree that this filter
> is not preauthenticated, so probably it deserves a distinct implementation.
> Basically what it does is very similar to what BasicAuthentication or
> other filters do: fetch credentials in "some way" and then let the
> authentication manager do the authentication (this is what I meant when I
> said " uses the authentication providers chain to do the authentication").
>
> My only concern is that some functionality could be useful also in the
> existing RequestHeader filter (for example the possibility to extract the
> username using a regular expression). Maybe we can put some common
> functionality in utility classes and use it from both filters, or just
> duplicate the code and don't bother too much :).
>
>
>> I am against a new community module, I would vote for adding this filter
>> in the core code.
>>
>
> Agree, then we need a name to distinguish this filter from the existing
> "HTTP Header", something like "Credentials from HTTP Headers". Ideas are
> welcome.
>
> Cheers,
> Mauro
>
> --
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/NWWaa2 for more information.
> ==
>
> Dott. Mauro Bartolomeoli
> @mauro_bart
> Senior Software Engineer
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
