The issue is about disabling the login page if no form based login is
possible.
https://jira.codehaus.org/browse/GEOS-5958
All these security configuration issues may be dangerous if a configuration
error happens. At the end of the day, the admin can lock out itself.
IMHO, a dedicated login for the root user with the master password should
always be possible. (The "root" user has administrative privileges).
My idea:
- Add a special filter chain /web/rootlogin (checked before /web/**)
- Force digest authentication, no GUI needed, the browser pops up a login
box
- Upon success, redirect the the request to /web/
This is quite a simple solution and helps fixing GEOS-5958. Additionally,
I can remove a lot of code concerning the root login in the individual
authentication filters and test cases.
Opinions ?
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel
