The new security sub sytem is focused on authentication, not
authorization. But
SecurityContextHolder.getSecurityContext().getAuthentication()
should work as expected.
Cheers
Chrstian
2013/3/20 Andrea Aime <[email protected]>
> On Wed, Mar 20, 2013 at 1:38 PM, Rodrigo Antonialli
> <[email protected]> wrote:
> > Our ideia was to use only the session inside geoserver to control users,
> and
> > make the application only to check this session and user roles.
>
> OGC services are stateless, GeoServer won't create a session even if
> you authenticate
> on OGC services (it will do so only in the GUI).
>
> > (For now, the only idea we had was to request a getCapabilities and check
> > for a specific protected namespace . If the namespace is there, the user
> is
> > logged, otherwise, he is not. But we couldn't find a way to check user
> > roles.).
>
> If you are working inside GeoServer there are two extension points you can
> look
> at in order to implement and declare as beans in the spring context:
> * DispatcherCallback, in particular the operationDispatched method, get the
> first parameter from the operation, if it is a WPS Execute it will
> be a ExecuteType
> that you can explore to decide whether to allow or deny the current
> request
> * implement ProcessFilter (maybe just extend ProcessSelector) and
> register it as a bean,
> and then decide which processes to allow in output based on the current
> user,
> which you can get by using
> SecurityContextHolder.getSecurityContext().getAuthentication()
> (this is a standard Spring Security call)
>
> Of course there is also the option of modifying directly the service
> security, it's just that
> after the security subsystem refactor I don't know where it is applied
> now, Christian might
> provide pointers on that.
>
> Cheers
> Andrea
>
>
> --
> ==
> Our support, Your Success! Visit http://opensdi.geo-solutions.it for
> more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
