So who did write it? I'm still trying to come up with a reason to let my database users log into geoserver.
Ian On Wed, 3 Mar 2021, 17:39 Andrea Aime, <andrea.a...@geo-solutions.it> wrote: > Quoting from stack overflow: "After much head scratching and asking the > guys who wrote this stuff on the users mailing list" > > Hell no, I had nothing to do with those modules! :-D > > Cheers > Andrea > > On Wed, Mar 3, 2021 at 6:35 PM Ian Turton <ijtur...@gmail.com> wrote: > >> Thanks to everyone for their help on this I have finally got my head >> around it and have added an answer to the gis.stackoverflow question I >> linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I get >> some time over the weekend I'll see if I can try to make the documentation >> clearer. >> >> Ian >> >> On Wed, 3 Mar 2021 at 15:03, Andrea Aime <andrea.a...@geo-solutions.it> >> wrote: >> >>> Hi Ian, >>> the role handling is a third class: >>> >>> [image: image.png] >>> >>> 1: authentication via database users (tries to connect to the database >>> using the username/password provided in the request) >>> 2: authentication via table contents (looks up a user with the same name >>> provided in the request, and verifies the password) >>> 3: adds role to a given user, after it has been authenticated >>> >>> Cheers >>> Andrea >>> >>> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton <ijtur...@gmail.com> wrote: >>> >>>> >>>> >>>> On Wed, 3 Mar 2021 at 13:33, Andrea Aime <andrea.a...@geo-solutions.it> >>>> wrote: >>>> >>>>> Hi Ian, >>>>> there are both functionalities, they are separate classes and are >>>>> configured in a different way: >>>>> >>>>> >>>>> - Authenticating using the database own users: >>>>> >>>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html >>>>> - Storing credentials in the database, use the table contents for >>>>> authentication: >>>>> >>>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html >>>>> >>>>> >>>> I think (and I may be wrong) that this one only assigns a role to a >>>> postgres user (that is why you can set the password field to empty) - if >>>> it was intended to work that way I can try to find some time to debug it >>>> (when I finish this course). >>>> >>>> >>>> Back when we wrote the training material they were both working, not >>>>> sure about the present. >>>>> >>>> >>>> I'm pretty sure it used to work (when I wrote my training notes too) >>>> but it's been a while since I had a trainee choose the JDBC path instead of >>>> the LDAP path through the course (we have a lot of windows users) so I >>>> can't recall for sure (and if I used ian as my test user then it would have >>>> worked as I have a DB login). >>>> >>>> >>>>> Just a note, one has to be very careful when using the auth subsystem, >>>>> many options, lots of complexity. I know I curse every time :-D >>>>> >>>> >>>> Oh, yes that is for sure! >>>> >>>> Ian >>>> >>>> >>>> >>>>> Cheers >>>>> Andrea >>>>> >>>>> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton <ijtur...@gmail.com> wrote: >>>>> >>>>>> >>>>>> Just to check before I break out the debugger: >>>>>> >>>>>> When you use JDBC Authentication can it allow any user you create in >>>>>> GeoServer (which get written in then tables) login in or does it only >>>>>> allow the user used for the postgis connection (or other postgis users) >>>>>> to >>>>>> log in? >>>>>> >>>>>> It seems like this is a bug, but I may just be missing something (and >>>>>> I think I'm not the only one >>>>>> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem >>>>>> ) >>>>>> >>>>>> I'd be interested if any one is successfully using JDBC >>>>>> authentication in the wild? >>>>>> >>>>>> Cheers >>>>>> >>>>>> Ian >>>>>> >>>>>> -- >>>>>> Ian Turton >>>>>> _______________________________________________ >>>>>> Geoserver-users mailing list >>>>>> >>>>>> Please make sure you read the following two resources before posting >>>>>> to this list: >>>>>> - Earning your support instead of buying it, but Ian Turton: >>>>>> http://www.ianturton.com/talks/foss4g.html#/ >>>>>> - The GeoServer user list posting guidelines: >>>>>> http://geoserver.org/comm/userlist-guidelines.html >>>>>> >>>>>> If you want to request a feature or an improvement, also see this: >>>>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>>>>> >>>>>> >>>>>> Geoserver-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Regards, Andrea Aime >>>>> >>>>> == GeoServer Professional Services from the experts! Visit >>>>> http://goo.gl/it488V for more information. == Ing. Andrea Aime >>>>> @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 >>>>> Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 >>>>> 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it >>>>> ------------------------------------------------------- *Con >>>>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE >>>>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>>>> precisa che ogni circostanza inerente alla presente email (il suo >>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>>>> This email is intended only for the person or entity to which it is >>>>> addressed and may contain information that is privileged, confidential or >>>>> otherwise protected from disclosure. We remind that - as provided by >>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>> this >>>>> e-mail or the information herein by anyone other than the intended >>>>> recipient is prohibited. If you have received this email by mistake, >>>>> please >>>>> notify us immediately by telephone or e-mail.* >>>>> >>>> >>>> >>>> -- >>>> Ian Turton >>>> >>> >>> >>> -- >>> >>> Regards, Andrea Aime >>> >>> == GeoServer Professional Services from the experts! Visit >>> http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf >>> Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa >>> (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 >>> http://www.geo-solutions.it http://twitter.com/geosolutions_it >>> ------------------------------------------------------- *Con >>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE >>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>> precisa che ogni circostanza inerente alla presente email (il suo >>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>> This email is intended only for the person or entity to which it is >>> addressed and may contain information that is privileged, confidential or >>> otherwise protected from disclosure. We remind that - as provided by >>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this >>> e-mail or the information herein by anyone other than the intended >>> recipient is prohibited. If you have received this email by mistake, please >>> notify us immediately by telephone or e-mail.* >>> >> >> >> -- >> Ian Turton >> > > > -- > > Regards, Andrea Aime > > == GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf > Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa > (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 > http://www.geo-solutions.it http://twitter.com/geosolutions_it > ------------------------------------------------------- *Con riferimento > alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - > Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni > circostanza inerente alla presente email (il suo contenuto, gli eventuali > allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i > destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per > errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le > sarei comunque grato se potesse darmene notizia. This email is intended > only for the person or entity to which it is addressed and may contain > information that is privileged, confidential or otherwise protected from > disclosure. We remind that - as provided by European Regulation 2016/679 > “GDPR” - copying, dissemination or use of this e-mail or the information > herein by anyone other than the intended recipient is prohibited. If you > have received this email by mistake, please notify us immediately by > telephone or e-mail.* >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users