Strange
Looking at
https://github.com/GeoNode/geoserver-geonode-ext/blob/master/src/main/java/org/geonode/security/AnonymousGeoNodeAuthenticationToken.java
I am asking me two questions
1) Credentials for an anonymous user ?
2) An individual user name for an anonymous user ?
We solve the problem with
GeoServerUser.createAnonymous()
At a minimum I think they should use
org.springframework.security.authentication.AnonymousAuthenticationToken
and we can check with
SecurityContextHolder.getContext().getAuthentication()
Just my 2 cents
On Wed, Oct 22, 2014 at 2:14 PM, Andrea Aime <andrea.a...@geo-solutions.it>
wrote:
> On Wed, Oct 22, 2014 at 1:12 PM, Christian Mueller <
> christian.muel...@os-solutions.at> wrote:
>
>> However sometimes we do have the actual user logging in, in that case
>>> I believe we should use that to drive the limits instead of a cookie.
>>>
>>> However... how does one know if the user is the anonymous one?
>>> Just checking if the authentication is a AnonymousAuthenticationToken
>>> seems a bit weak, I've for example noticed that GeoNode has
>>> its own AnonymousGeoNodeAuthenticationToken which is, for some
>>> strange reason, a subclass of UsernamePasswordAuthenticationToken
>>>
>>
>>
>> Not sure how to understand. Does GeoNeode extend the Geoserver code ?. I
>> do not know Geonode but how is the class
>> AnonymousGeoNodeAuthenticationToken injected into GeoServer ?
>>
>
> Here: https://github.com/GeoNode/geoserver-geonode-ext
> It seems to be they are implementing the standard authentication java
> interfaces
> to have GeoServer use GeoNode as the user and authentication source:
>
> https://github.com/GeoNode/geoserver-geonode-ext/tree/master/src/main/java/org/geonode/security
>
> Cheers
> Andrea
>
> --
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/NWWaa2 for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> -------------------------------------------------------
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
