On Sat, Feb 11, 2012 at 7:05 AM, <[email protected]> wrote:
> Hmm, I think a rest-config like extension would not help either because
> the caller needs administrative privileges.
>
As far as I know it's possible to expose rest services without requiring
administrative privileges,
but they have to be outside of the /rest path
>
> The only solution I see at the moment is to send back the role list for
> the authenticated user using a http response header attribute.
>
> This could be implemented in the new security patch using an optional
> servlet filter, default is NOT sending the role list.
>
> Does this make sense ?, need some votes here.
>
Makes sense, especially since the user already authenticated, and makes
also sense to keep
that off by default, as the user roles is something the security
administrator might not want to
expose to end users.
Just one word of caution, the HTTP header is normally size-capped by the
http servers, for example
Tomcat limits it to 4KB by default. I don't believe this will pose
practical limits, a user is normally
associated with a small number of roles, but something to keep in mind
Cheers
Andrea
--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
-------------------------------------------------------
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
