No, the root login chain is hard coded in Java and will use its own digest
authentication filter (created on startup). The idea is to build the whole
chain on the fly at system startup without using configuration information
from the security directory. The chain itself is injected at first position
in the filter chain list.
I could image a java property like
-DNO_ROOT_LOGIN=true
If somebody wants to deactivate the root login for production systems. (Can
be enabled by a GeoServer restart without this system property).
How does this sound ?
On Thu, Aug 15, 2013 at 3:32 PM, Justin Deoliveira <jdeol...@opengeo.org>wrote:
> So is there anything that will stop the user from misconfiguring the root
> login chain?
>
>
> On Wed, Aug 14, 2013 at 6:01 AM, Christian Mueller <
> christian.muel...@os-solutions.at> wrote:
>
>> Hi Justin
>>
>> Yep, with talked about a constant system filter chain, but it is not
>> implemented yet. At the moment, each authentication filter has the burden
>> to handle the login for the root user.
>>
>> Your understanding of the issue is correct.
>>
>> I would be happy to have a constant URI for the root login and kick out
>> all the root login code and tests scattered over the security code.
>>
>> Christian
>>
>>
>>
>>
>>
>> On Wed, Aug 14, 2013 at 1:27 PM, Justin Deoliveira
>> <jdeol...@opengeo.org>wrote:
>>
>>> Hi Christian,
>>>
>>> I thought this issue was addressed previously with the idea of a
>>> constant filter chain, one that the user could not take away through
>>> misconfiguration. Is that not he case?
>>>
>>> The idea sounds reasonable but i want to make sure i understand the
>>> issue.
>>>
>>> -Justin
>>>
>>>
>>>
>>>
>>> On Thu, Aug 8, 2013 at 9:43 AM, Christian Mueller <
>>> christian.muel...@os-solutions.at> wrote:
>>>
>>>>
>>>> The issue is about disabling the login page if no form based login is
>>>> possible.
>>>>
>>>> https://jira.codehaus.org/browse/GEOS-5958
>>>>
>>>> All these security configuration issues may be dangerous if a
>>>> configuration error happens. At the end of the day, the admin can lock out
>>>> itself.
>>>>
>>>> IMHO, a dedicated login for the root user with the master password
>>>> should always be possible. (The "root" user has administrative privileges).
>>>>
>>>> My idea:
>>>>
>>>> - Add a special filter chain /web/rootlogin (checked before /web/**)
>>>> - Force digest authentication, no GUI needed, the browser pops up a
>>>> login box
>>>> - Upon success, redirect the the request to /web/
>>>>
>>>> This is quite a simple solution and helps fixing GEOS-5958.
>>>> Additionally, I can remove a lot of code concerning the root login in the
>>>> individual authentication filters and test cases.
>>>>
>>>> Opinions ?
>>>>
>>>>
>>>>
>>>> --
>>>> DI Christian Mueller MSc (GIS), MSc (IT-Security)
>>>> OSS Open Source Solutions GmbH
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>>>> It's a free troubleshooting tool designed for production.
>>>> Get down to code-level detail for bottlenecks, with <2% overhead.
>>>> Download for free and get started troubleshooting in minutes.
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> GeoTools-Devel mailing list
>>>> GeoTools-Devel@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/geotools-devel
>>>>
>>>>
>>>
>>>
>>> --
>>> Justin Deoliveira
>>> OpenGeo - http://opengeo.org
>>> Enterprise support for open source geospatial.
>>>
>>
>>
>>
>> --
>> DI Christian Mueller MSc (GIS), MSc (IT-Security)
>> OSS Open Source Solutions GmbH
>>
>>
>
>
> --
> Justin Deoliveira
> OpenGeo - http://opengeo.org
> Enterprise support for open source geospatial.
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel
