Re: [Geoserver-devel] [Geowebcache-devel] GSIP-159 GeoWebCache data security API

Thu, 15 Jun 2017 20:27:06 -0700 

If you would like to avoid creating another exception class
AccessControlException
<https://docs.oracle.com/javase/7/docs/api/java/security/AccessControlException.html>
(which
extends SecurityException) may meet your needs.

+1 to the GSIP

--
Jody Garnett

On 15 June 2017 at 15:46, Kevin Smith <smit...@draconic.ca> wrote:

> https://github.com/geoserver/geoserver/wiki/GSIP-159
>
> GeoServer currently uses a rather ugly and brittle mechanism to apply data
> security (Certain users should only be able to view certain layers or
> certain parts of layers) to the service endpoints of its internal GWC
> instance.
>
> This proposal is to add an API to GeoWebCache to do security checks which
> GeoServer can extend to apply its own security rules deeper inside GWC,
> after the service endpoints have parsed the request into a universal
> Conveyor object.
>
>
> Filter to check that the request is allowed.
>
> interface SecurityFilter {
>   public void checkSecurity(TileLayer layer, BoundingBox extent, SRS srs, 
> Object securityContext) throws SecurityException;
> }
>
> Extension point that the GeoWebCacheDispatcher can call to generate
> appropriate security context object to be stored on the resulting Conveyor
>
> interface SecurityContextProvider<Context> {
>   public Context getSecurityContext(HttpRequest request)
> }
>
> Add accessors for a securityContext property to Conveyor.
> GeoWebCacheDispatcher calls Service.getConveyor to get a Conveyor, then
> handles it. The context would be attached in between those steps.
>
> conv = service.getConveyor(request, response);
> securityContext = securityContextProvider.getSecurityContext(request);
> conv.setSecurityContext(securityContext);
>
> Add a SecurityException class. Allow it to wrap another exception so it
> can wrap the GeoServer one, which might then be extracted if need be. Amend
> method signatures to allow throwing this exception.
>
>
> --
> Kevin Michael Smith<smit...@draconic.ca> <smit...@draconic.ca>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Geowebcache-devel mailing list
> geowebcache-de...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geowebcache-devel
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to