Hi,
I've been reading the 2.2.4 manual about authentication and security for
the master or root account.
And since the security or authentication has been re-engineered as of 2.2
(and we were using 2.1.1), the way we were using geoserver needs to change.
In 2.1.1, since the password was not being encrypted, our geoserver had
been customized at the GeoServerUserDao level, we injected a password
encoder bean into this and encrypted the password using the Spring encoder.
Now looking at 2.2.4, I see that the a lot of thing has changed.
There are two things that we need:
1.) we need to use create or use a ROLE_ADMINISTRATOR with a name other
than "root" -- for example, "myappadmin"
2.) we need to keep the password encrypted on the hard drive -- we dont
need LDAP or other external systems. Since I see that encrypted
passwords are not supported in 2.2.4, I figure this should be easier.
If I want to zip up the entire geoserver web app with the all these
changes, what are my best approaches? (I figure that I could change the
source code again or the spring context files but I think I would prefer to
avoid that to avoid future upgrade issues.)
I tried to use the users.properties with content that looks like this:
myappadmin=digest1:YgaweuS60t+mJNobGlf9hzUC6g7gGTtPEu0TlnUxFlv0fYtBuTsQDzZcBM4AfZHd,ROLE_ADMINISTRATOR,enabled
And I restarted my geoserver, but that did not work.
Any guidance or suggestions would be appreciated.
--
Sean
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
