[Geoserver-devel] [JIRA] (GEOS-9054) Geoserver object names cannot contain special characters (dot, ...) when the are used in URLs for the REST API.
Title: Message Title Christian Mueller created an issue GeoServer / GEOS-9054 Geoserver object names cannot contain special characters (dot,...) when the are used in URLs for the REST API. Issue Type: Bug Affects Versions: 2.14.1, 2.15-RC Assignee: Unassigned Components: Security Created: 11/Dec/18 12:52 PM Environment: Spring Security Version 4.2.7 Geoserver 2.14.x and master Priority: High Reporter: Christian Mueller The class org.springframework.security.web.FilterChainProxy used by org.geoserver.security.GeoServerSecurityFilterChainProxy changed its default behavior. The proxy uses an instance of org.springframework.security.web.firewall.StrictHttpFirewall instead of org.springframework.security.web.firewall.DefaultHttpFirewall. The class StrictHttpFirewall disallows (as default ) the usage of special characters(dot,colon,...) in an URL. As a consequence the GeoServer Rest API cannot handle GeoServer objects ( layers, featuretypes,...) with a special character in their name. Btw, dots are required by INSPIRE. Restoring the original behavior can be done by adding the following bean definition to applicationSecurityContext.xml Should I prepare a pull request for master and 2.14.x
Re: [Geoserver-devel] [JIRA] (GEOS-9000) Coordinate system definition of EPSG:31259 contains false TOWGS84 transformation parameters
Hi Since I am from Austria I can confirm this. In the past I always had to use my own WKT definitions to get the correct results. Sorry for the late reply. Cheers Chrisitan On Tue, Nov 6, 2018 at 5:44 PM Georg Ramler (JIRA) < j...@osgeo-org.atlassian.net> wrote: > Georg Ramler > <https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?name=georg.ramler> > *created* an issue > > GeoServer > <https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiZjU4OTE5ZjBmNWU4NDBlMjgxOGUzNjQ2NzZlY2NjMDQiLCJwIjoiaiJ9> > / [image: Bug] > <https://osgeo-org.atlassian.net/browse/GEOS-9000?atlOrigin=eyJpIjoiZjU4OTE5ZjBmNWU4NDBlMjgxOGUzNjQ2NzZlY2NjMDQiLCJwIjoiaiJ9> > GEOS-9000 > <https://osgeo-org.atlassian.net/browse/GEOS-9000?atlOrigin=eyJpIjoiZjU4OTE5ZjBmNWU4NDBlMjgxOGUzNjQ2NzZlY2NjMDQiLCJwIjoiaiJ9> > Coordinate system definition of EPSG:31259 contains false TOWGS84 > transformation parameters > <https://osgeo-org.atlassian.net/browse/GEOS-9000?atlOrigin=eyJpIjoiZjU4OTE5ZjBmNWU4NDBlMjgxOGUzNjQ2NzZlY2NjMDQiLCJwIjoiaiJ9> > Issue Type: [image: Bug] Bug > Affects Versions: 2.11.3, 2.14.0 > Assignee: Unassigned > Attachments: geoserver_definition_with_offset.png, > spatialreference_definition_no_offset.png > Created: 06/Nov/18 5:41 PM > Priority: [image: Low] Low > Reporter: Georg Ramler > <https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?name=georg.ramler> > > Coordinate system definition of EPSG:31259 contains false transformation > parameters TOWGS84[601.705, 84.263, 485.227, 4.7354, -1.3145, -5.393, > -2.3887]. Therefore the WMS renders pictures with a small offset (~1 > meter) when transforming to EPSG:3857. > > The correct parameters would be TOWGS84 > [577.326,90.129,463.919,5.137,1.474,5.297,2.4232] ( > http://spatialreference.org/ref/epsg/31259/ogcwkt/). > > When defining a custom coordinate system with the correct transformation > parameters, the offset disappers. > > > <https://osgeo-org.atlassian.net/secure/attachment/33106/33106_geoserver_definition_with_offset.png> > <https://osgeo-org.atlassian.net/secure/attachment/33105/33105_spatialreference_definition_no_offset.png> > [image: Add Comment] > <https://osgeo-org.atlassian.net/browse/GEOS-9000#add-comment?atlOrigin=eyJpIjoiZjU4OTE5ZjBmNWU4NDBlMjgxOGUzNjQ2NzZlY2NjMDQiLCJwIjoiaiJ9> > Add > Comment > <https://osgeo-org.atlassian.net/browse/GEOS-9000#add-comment?atlOrigin=eyJpIjoiZjU4OTE5ZjBmNWU4NDBlMjgxOGUzNjQ2NzZlY2NjMDQiLCJwIjoiaiJ9> > > Get Jira notifications on your phone! Download the Jira Cloud app for > Android > <https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core=utm_source%3DNotificationLink%26utm_medium%3DEmail> > or iOS > <https://itunes.apple.com/app/apple-store/id1006972087?pt=696495=EmailNotificationLink=8> > -- > This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100095- > sha1:e49d174) > [image: Atlassian logo] > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Mosaics with postgis raster and time
Hi Justin and Adrea Sorry for the late On Wed, Nov 14, 2018 at 9:14 PM Justin Deoliveira wrote: > Ok great. Thanks for the info Andrea! > > On Wed, Nov 14, 2018, 11:57 AM Andrea Aime wrote: > >> On Tue, Nov 13, 2018 at 5:30 PM Justin Deoliveira >> wrote: >> >>> One thing you could help me with is a quick sanity check on the >>> approach. I was basically just planning to add a "timeAttribute" element to >>> the mapping file, and when present have the coverage reader declare the >>> appropriate metadata in support of the time domain. Let me know if you >>> think that is the wrong way to go. >>> >> >> Sounds reasonable to me. The situation now is a bit fluid, there are some >> methods accessing dimension domains >> that use the StructuredCoverageGridReader interface to allow for certain >> database optimizations, but the metadata >> entries are still supported and in some cases they are the only ones >> still used. >> >> Some examples of both approaches in this class: >> >> https://github.com/geoserver/geoserver/blob/2e681e2a74f0754e294bbb481ecf7ad33552b3e6/src/main/src/main/java/org/geoserver/catalog/util/ReaderDimensionsAccessor.java >> >> Cheers >> Andrea >> >> == >> >> GeoServer Professional Services from the experts! Visit >> http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf >> Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa >> (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 >> http://www.geo-solutions.it http://twitter.com/geosolutions_it >> --- *Con riferimento >> alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - >> Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni >> circostanza inerente alla presente email (il suo contenuto, gli eventuali >> allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i >> destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per >> errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le >> sarei comunque grato se potesse darmene notizia. This email is intended >> only for the person or entity to which it is addressed and may contain >> information that is privileged, confidential or otherwise protected from >> disclosure. We remind that - as provided by European Regulation 2016/679 >> “GDPR” - copying, dissemination or use of this e-mail or the information >> herein by anyone other than the intended recipient is prohibited. If you >> have received this email by mistake, please notify us immediately by >> telephone or e-mail.* >> > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Mosaics with postgis raster and time
Hi Andreas and Justin Nice to talk with you again. At the time I developed the ImageMosaic-Jdbc module I was focused on Geotools and I did not know about the relation to Geoserver. Maybe my fault. In the meantime it is a problem of time, no chance for me to invest further time. I know that this module is not a "smooth" solution. Sorry, Christian On Mon, Nov 12, 2018 at 6:51 PM Justin Deoliveira wrote: > Thanks for the input Andrea. Yeah I'm a bit weary of putting time into the > image mosaic jdbc plugin if it's falling toward unsupported. But I don't > think the project scope will allow for going the route of trying to update > the core plugin so it's a bit of a catch 22. I'm going to talk to the > project stakeholders and see what they want to do. I'll let the list know > what comes out of that. > > Thanks again! > > - Justin > > On Nov 12, 2018 2:44 AM, "Andrea Aime" > wrote: > > Hi Justin, > I believe your assessment is correct, also in terms of effort, it should > be easier to add time support to the imagemosaic-jdbc module. > > I'm however a bit worried about the module, the history shows very little > changes and most of them are > side effects of refactors happening elsewhere, which makes me wonder how > much "life" still remains in the module: > > > https://github.com/geotools/geotools/commits/master/modules/plugin/imagemosaic-jdbc/src/main > > Cheers > Andrea > > > On Tue, Nov 6, 2018 at 9:04 PM Justin Deoliveira > wrote: > >> Hi folks, >> >> I have a need to publish a mosaic composed of tiles from a postgis raster >> table in a time series. From what I can tell for the two mosaic options the >> situation is: >> >> - the core imagemosaic reader can't read tiles from a postgis raster >> table >> - the imagemosaic-jdbc plugin can't do time >> >> If either of those assumptions are wrong please let me know, I'm basing >> that on what i've found in the docs and mailing lists, and a quick code >> review but could have easily missed something. >> >> Assuming those assumptions are both correct I am thinking going the route >> of adding support for a time dimension to the imagemosaic-jdbc plugin is >> probably the path of least resistance? Before I start down that path I >> thought I would reach out to the experts. Any thoughts much appreciated. >> >> Thanks! >> >> -Justin >> >> >> >> >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> >> > > -- > > Regards, Andrea Aime == GeoServer Professional Services from the experts! > Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime > @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 > Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 > 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it > --- *Con riferimento > alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - > Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni > circostanza inerente alla presente email (il suo contenuto, gli eventuali > allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i > destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per > errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le > sarei comunque grato se potesse darmene notizia. This email is intended > only for the person or entity to which it is addressed and may contain > information that is privileged, confidential or otherwise protected from > disclosure. We remind that - as provided by European Regulation 2016/679 > “GDPR” - copying, dissemination or use of this e-mail or the information > herein by anyone other than the intended recipient is prohibited. If you > have received this email by mistake, please notify us immediately by > telephone or e-mail.* > > > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Decrypting passwords given in REST response
Did you compare the encoded password sent by the REST Api and the encoded
password stored in the datastore.xml file?
Cheers
On Wed, Oct 24, 2018 at 10:36 AM wrote:
> Hello Christian,
>
>
>
> thank you for your response but that was the info I was already aware of.
> I know the master password (I am the admin of that geoserver) but I believe
> that the string I need to pass to the decryption is not exactly the string
> that is returned in API response. Other pages state that the string is
> either a 64 character string or a 44 character string if it is base64
> encoded. The string in the API response has 44 characters so I decoded the
> string with base64decode and tried to decrypt the resulting decoded string
> but it didn’t work either.
>
>
>
> I always get a “javax.crypto.IllegalBlockSizeException: last block
> incomplete in decryption”, no matter if I use crypt1: string with
> PBEWITHMD5ANDDES or crypt2 string with PBEWITHSHA256AND128BITAES-CBC-BC (I
> remove the prefix of course when passing the string).
>
>
>
> I hope anyone can give me a piece of code or advice what I do wrong.
>
>
>
> Regards,
>
>
>
> Michael
>
>
>
> *Von:* Christian Mueller
> *Gesendet:* Mittwoch, 24. Oktober 2018 08:41
> *An:* Härtel, Michael
> *Cc:* geoserver-devel
> *Betreff:* Re: [Geoserver-devel] Decrypting passwords given in REST
> response
>
>
>
> Hi Michael
>
>
>
> Some facts you need to know.
>
>
>
> The master password is used to encrypt the geoserver keystore located in
>
> /security/geoserver.jceks
>
>
>
> This keystore contains an entry with the key used for the encryption of DB
> passwords.
>
>
>
> You need the master password to open the keystore, then you have to fetch
> the key for DB password encryption and finally you can decrypt the DB
> password.
>
> To decrypt the password on the client you have to store this password on
> the client, which is quite insecure.
>
>
>
> Be warned, each GeoServer installation has its individual key for DB
> password encryption.
>
>
>
> Hope this helps
>
>
>
> Cheers
>
> Christian
>
>
>
>
>
> On Tue, Oct 23, 2018 at 12:40 PM wrote:
>
> Hello List,
>
>
>
> even though I am not a GeoServer core developer myself, I think that my
> questions can best be answered by people who are involved in the geoserver
> development.
>
>
>
> I try to reverse the encryption mechanism of the passwords for the DB
> connections that are returned via the REST API. I know the master password
> and therefore expected to be able to decrypt these strings, for example
> with the tool here: https://8gwifi.org/pbe.jsp
>
>
>
> The strings are:
>
>
>
> “crypt2:rvaPmI1USC4jaiPVJlFSWZ8mFHPh9jyMAU9jGfB1ABI=” (Strong PBE)
>
> “crypt1:E1kAaW4HURBcJLDIRahhi3DBBov7r+DG” (Weak PBE)
>
>
>
> As far as I understood for weak PBE the algorithm is “PBEWITHMD5ANDDES”
> and for strong PBR its "PBEWITHSHA256AND128BITAES-CBC-BC".
>
>
>
> But no matter what I try, I seem to miss one step because the services and
> my programming attempts always give me errors. What are the involves steps
> in order to retrieve the plain text password from the string above? The
> string itself obviously can’t serve as an input directly and I only have a
> rough understanding of encryption in general. As far as I understood, I
> only need the master password or did I miss an important part about the
> salt?
>
>
>
> Is there any example code available to decrypt the password? I looked into
> the source code of the GeoServer and came up with this:
>
>
>
> byte[] encPasswordBytes = " ".getBytes();
>
> Charset charset = Charset.forName("UTF-8");
>
> String encPasswordString = new String(encPasswordBytes, charset);
>
> char[] encPasswordChararray = encPasswordString.toCharArray();
>
> StandardPBEStringEncryptor stringEncrypter = new
> StandardPBEStringEncryptor();
>
> stringEncrypter.setPasswordCharArray(encPasswordChararray);
>
> stringEncrypter.setAlgorithm("PBEWITHMD5ANDDES");
>
> StandardPBEByteEncryptor byteEncrypter = new StandardPBEByteEncryptor();
>
> byteEncrypter.setPasswordCharArray(encPasswordChararray);
>
> byteEncrypter.setAlgorithm("PBEWITHMD5ANDDES");
>
> byte[] encPasswordOrig =
> "E1kAaW4HURBcJLDIRahhi3DBBov7r+DG".getBytes(charset);
>
> //byte[] decodedPasswordBytes = Base64.decode(encPasswordOrig);
>
> byte[] decryptedPasswordBytes = byteEncrypter.decrypt(encPasswordOrig);
>
> CharBuffer buff = charset.decode(ByteBuffer.wrap(decryptedPasswordBytes));
>
> char[] tmp = new
Re: [Geoserver-devel] Decrypting passwords given in REST response
Hi Michael
Some facts you need to know.
The master password is used to encrypt the geoserver keystore located in
/security/geoserver.jceks
This keystore contains an entry with the key used for the encryption of DB
passwords.
You need the master password to open the keystore, then you have to fetch
the key for DB password encryption and finally you can decrypt the DB
password.
To decrypt the password on the client you have to store this password on
the client, which is quite insecure.
Be warned, each GeoServer installation has its individual key for DB
password encryption.
Hope this helps
Cheers
Christian
On Tue, Oct 23, 2018 at 12:40 PM wrote:
> Hello List,
>
>
>
> even though I am not a GeoServer core developer myself, I think that my
> questions can best be answered by people who are involved in the geoserver
> development.
>
>
>
> I try to reverse the encryption mechanism of the passwords for the DB
> connections that are returned via the REST API. I know the master password
> and therefore expected to be able to decrypt these strings, for example
> with the tool here: https://8gwifi.org/pbe.jsp
>
>
>
> The strings are:
>
>
>
> “crypt2:rvaPmI1USC4jaiPVJlFSWZ8mFHPh9jyMAU9jGfB1ABI=” (Strong PBE)
>
> “crypt1:E1kAaW4HURBcJLDIRahhi3DBBov7r+DG” (Weak PBE)
>
>
>
> As far as I understood for weak PBE the algorithm is “PBEWITHMD5ANDDES”
> and for strong PBR its "PBEWITHSHA256AND128BITAES-CBC-BC".
>
>
>
> But no matter what I try, I seem to miss one step because the services and
> my programming attempts always give me errors. What are the involves steps
> in order to retrieve the plain text password from the string above? The
> string itself obviously can’t serve as an input directly and I only have a
> rough understanding of encryption in general. As far as I understood, I
> only need the master password or did I miss an important part about the
> salt?
>
>
>
> Is there any example code available to decrypt the password? I looked into
> the source code of the GeoServer and came up with this:
>
>
>
> byte[] encPasswordBytes = " ".getBytes();
>
> Charset charset = Charset.forName("UTF-8");
>
> String encPasswordString = new String(encPasswordBytes, charset);
>
> char[] encPasswordChararray = encPasswordString.toCharArray();
>
> StandardPBEStringEncryptor stringEncrypter = new
> StandardPBEStringEncryptor();
>
> stringEncrypter.setPasswordCharArray(encPasswordChararray);
>
> stringEncrypter.setAlgorithm("PBEWITHMD5ANDDES");
>
> StandardPBEByteEncryptor byteEncrypter = new StandardPBEByteEncryptor();
>
> byteEncrypter.setPasswordCharArray(encPasswordChararray);
>
> byteEncrypter.setAlgorithm("PBEWITHMD5ANDDES");
>
> byte[] encPasswordOrig =
> "E1kAaW4HURBcJLDIRahhi3DBBov7r+DG".getBytes(charset);
>
> //byte[] decodedPasswordBytes = Base64.decode(encPasswordOrig);
>
> byte[] decryptedPasswordBytes = byteEncrypter.decrypt(encPasswordOrig);
>
> CharBuffer buff = charset.decode(ByteBuffer.wrap(decryptedPasswordBytes));
>
> char[] tmp = new char[buff.limit()];
>
> buff.get(tmp);
>
> System.out.println("decrypt:" + new String(tmp));
>
>
>
>
>
> I tried to stick to the example from SecurityUtils.java and
> GeoServerPBEPasswordEncoder.java but I always get a response that complains
> about the last block incomplete in decryption or an incorrect padding.
>
>
>
> Can anybody help?
>
>
>
> Thank you very much,
>
>
>
> Michael
>
>
>
>
> ___
> Geoserver-devel mailing list
> Geoserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] Stepping down from GeoServer PMC
Du to lack of time I think it is time to step down from the PMC and make a slot available for a new and more active PMC member. Thanks to all people supporting me. Within the last years I learned a lot. I will still continue to work with GeoServer and contribute whenever it is possible/necessary or ordered by a by customer. Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] [Geotools-devel] API changes to add AutoCloseable for try-with-resources
;>> once? >>>>>> >>>>>> - Should we rename dispose() to close() in implementers and add a >>>>>> deprecated dispose() that wraps close(), or just add a close() that >>>>>> wraps >>>>>> dispose()? >>>>>> >>>>>> - As we are breaking the API anyway, should we get rid of dispose() >>>>>> entirely by renaming it to close() without adding a deprecated >>>>>> wrapper? >>>>>> >>>>>> - I thought of updating only interfaces and overrides. A more >>>>>> ambitious >>>>>> scope would find every deprecated dispose() and refactor to use >>>>>> try-with-resources. The alternative is to refactor incrementally over >>>>>> time. >>>>>> How do we wish to pay off our technical debt? >>>>>> >>>>>> - Who is interested in participating in this work? >>>>>> >>>>>> Kind regards, >>>>>> >>>>>> -- >>>>>> Ben Caradoc-Davies >>>>>> Director >>>>>> Transient Software Limited <https://transient.nz/> >>>>>> New Zealand >>>>>> >>>>>> >>>>>> -- >>>>>> Check out the vibrant tech community on one of the world's most >>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>>>> ___ >>>>>> Geoserver-devel mailing list >>>>>> Geoserver-devel@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>>>>> >>>>>> >>>>> >>>>> >>>> >>> >> > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] [JIRA] (GEOS-8654) Error during GeoServer bootstrapping (InsufficientAuthenticationException)
Title: Message Title Christian Mueller created an issue GeoServer / GEOS-8654 Error during GeoServer bootstrapping (InsufficientAuthenticationException) Issue Type: Bug Affects Versions: 2.12.1, 2.13.0 Assignee: Unassigned Components: Security Created: 21/Mar/18 9:18 AM Priority: High Reporter: Christian Mueller GeoServer does not load settings of a protected workspace when using Catalog Mode == Mixed Steps to reproduce: Add a role "testrole" Add a workspace "testworkspace" Add the following data access rules: testworkspace.*.r testworkspace.*.w and assign these rules to the role "testrole" Restart GeoServer and have a look at the log file. There is a stack trace caused by org.springframework.security.authentication.InsufficientAuthenticationException As a consequence, GeoServer does not load the workspace settings for "testworkspace" and falls back to the default values. Unfortunately there is no indicator on the admin GUI that something went wrong. A debug session shows that GeoServer uses the SecureCatalog implementation during bootstrapping. During this phase is the current user is null (treated as anonymous). Ideas/questions: 1) Is it possible to use the non secure implementation of the catalog during bootstrapping 2) If not, does it make sense to boostrap
Re: [Geoserver-devel] Commit rights for Devon
+1 from here Christian On Tue, Apr 18, 2017 at 9:51 PM, Jody Garnett <jody.garn...@gmail.com> wrote: > +1 it is a pleasure working with Devon (even if he laughs at my use of > eclipse) > On Tue, Apr 18, 2017 at 2:10 PM Andrea Aime <andrea.a...@geo-solutions.it> > wrote: > >> Hi all, >> Devon has been contributing to Geoserver for a while and has also helped >> setup the rest API switch, and now with a some security fixes. >> >> I would like to propose him for commit rights >> >> Cheers >> Andrea >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot__ >> _ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > -- > -- > Jody Garnett > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Backporting GEOS-8022
zzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > --- > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Introduction
+1 On Tue, Mar 28, 2017 at 9:32 PM, Ben Caradoc-Davies <b...@transient.nz> wrote: > +1. > > On 29/03/17 06:08, David Vick wrote: > > Hello, > > > > My name is David Vick, an employee of Boundless and I am participating > in the > > Code Sprint for the REST-API-REFRESH, may I please have commit access on > this > > branch for submitting my work? > > > > Regards, > > * > > David Vick* > > Professional Services Engineer | Boundless <http://www.boundlessgeo.com/ > > > > dv...@boundlessgeo.com <mailto:dv...@boundlessgeo.com> > > mobile: 1-636-698-3174 > > > > > > > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > > > > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > -- > Ben Caradoc-Davies <b...@transient.nz> > Director > Transient Software Limited <http://transient.nz/> > New Zealand > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Community module for jdbc metrics
*1 from here Christian On Wed, Feb 22, 2017 at 10:20 PM, Jody Garnett <jody.garn...@gmail.com> wrote: > +1 (you know the drill) > > -- > Jody Garnett > > On 22 February 2017 at 15:28, Justin Deoliveira <jdeol...@gmail.com> > wrote: > >> Hi folks, >> >> I would like to add a new community module that utilizes some of the >> newly added metrics stuff in geotools. The code adds a metrics callback >> that captures timings/etc… on a request by request basis and an endpoint to >> get at the info. >> >> Future work on it (yet to be decided) being discussed is adding an >> aggregated form of the metrics as well (probably by utilizing the >> dropwizard metrics library). >> >> Thanks! >> >> -Justin >> >> >> -- >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> >> > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Backporting GEOS-7763 (REST operation to change a user's password)
+1 from my side. This is a quite isolated feature and IMHO has node side effects. Lets wait for the votes of other PSC members. Cheers Christian On Thu, Feb 9, 2017 at 4:59 PM, Emanuele Tajariol <e...@geo-solutions.it> wrote: > Hi list, > > my PR on the master branch (https://github.com/geoserver/ > geoserver/pull/2096) > has been merged today (thanks Christian!). > > What do you think about backporting this to 2.10.x? > Pls note that this is a new feature, not a bugfix, and introduces a new > REST > entrypoint (even if it has to be manually enabled in the rest.properties > file). > > Doc page here: >http://docs.geoserver.org/latest/en/user/rest/api/selfadmin.html > > >Thanks, >Emanuele > > -- > == > GeoServer Professional Services from the experts! > Visit http://goo.gl/NWWaa2 for more information. > == > > Ing. Emanuele Tajariol > Technical Lead > > GeoSolutions S.A.S. > Via di Montramito 3/A > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax:+39 0584 1660272 > mob: +39 380 2116282 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > --- > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 153 - opaque container layer group mode
Added my +1 on the proposal Cheers On Fri, Dec 23, 2016 at 2:28 AM, Jody Garnett <jody.garn...@gmail.com> wrote: > +1 on the proposal > > "single basemap" is an alternate for "opaque container" if you are > interested. > On Thu, Dec 22, 2016 at 3:21 PM Jody Garnett <jody.garn...@gmail.com> > wrote: > >> Reading now, tripping up over the naming "*Opaque Container".* >> >> I usually think of the word opaque as the opposite of transparent. >> >> The main difference in our naming seems to between "single" and "tree". >> This new layer group type is behaving like a single layer, we just wish the >> contained layers were "nameless" and. It available for direct access. >> >> Could I suggest calling this my its purpose "basemap" or "single >> basemap". >> >> What is getting me here is what to call the layers that compose the >> "basemap" that are unlisted in the capabilities document. It feels like >> adding them to a "basemap" changes their default behaviour to unadvertised. >> Is this the case or am I reading the proposal wrong? >> >> On Mon, Dec 19, 2016 at 2:49 AM Andrea Aime <andrea.a...@geo-solutions.it> >> wrote: >> >>> Hi, >>> I've follow up with the previous discussion on layer tree modes and >>> wrote this proposal: >>> >>> https://github.com/geoserver/geoserver/wiki/GSIP-153 >>> >>> As suggested by Ben I've summarized the existing group behavior for >>> current layer groups, >>> in protected and non protected mode. >>> >>> Please vote/discuss >>> >>> Cheers >>> Andrea >>> >>> -- >>> == >>> GeoServer Professional Services from the experts! Visit >>> http://goo.gl/it488V for more information. >>> == >>> >>> Ing. Andrea Aime >>> @geowolf >>> Technical Lead >>> >>> GeoSolutions S.A.S. >>> Via di Montramito 3/A >>> 55054 Massarosa (LU) >>> phone: +39 0584 962313 <+39%200584%20962313> >>> fax: +39 0584 1660272 <+39%200584%20166%200272> >>> mob: +39 339 8844549 <+39%20339%20884%204549> >>> >>> http://www.geo-solutions.it >>> http://twitter.com/geosolutions_it >>> >>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >>> >>> Le informazioni contenute in questo messaggio di posta elettronica e/o >>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >>> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >>> darcene notizia via e-mail e di procedere alla distruzione del messaggio >>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >>> principi dettati dal D.Lgs. 196/2003. >>> >>> >>> >>> The information in this message and/or attachments, is intended solely >>> for the attention and use of the named addressee(s) and may be confidential >>> or proprietary in nature or covered by the provisions of privacy act >>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >>> Code).Any use not in accord with its purpose, any disclosure, reproduction, >>> copying, distribution, or either dissemination, either whole or partial, is >>> strictly forbidden except previous formal approval of the named >>> addressee(s). If you are not the intended recipient, please contact >>> immediately the sender by telephone, fax or e-mail and delete the >>> information in this message that has been received in error. The sender >>> does not give any warranty or accept liability as the content, accuracy or >>> completeness of sent messages and accepts no responsibility for changes >>> made after they were sent or for other risks which arise as a result of >>> e-mail transmission, viruses, etc. >>> >>> --- >>> >>> >>> >>> >>> >>> -- >>> >>> Check out the vibrant tech community on one of the world's most >>
Re: [Geoserver-devel] Fwd: Re: Support for extending REST functionalities; user administration
o ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > --- > > > -- > > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 152, layer group security
e sender by telephone, fax or e-mail and delete the > > information in this message that has been received in error. The sender > does > > not give any warranty or accept liability as the content, accuracy or > > completeness of sent messages and accepts no responsibility for changes > > made after they were sent or for other risks which arise as a result of > > e-mail transmission, viruses, etc. > > > > - > > > > > > On Tue, Nov 22, 2016 at 2:43 PM, Andrea Aime < > andrea.a...@geo-solutions.it> > > wrote: > >> > >> Hi all, > >> as discussed in the last PSC meeting, here is the proposal to add layer > >> group security > >> control in the built-in layer security subsystem: > >> > >> https://github.com/geoserver/geoserver/wiki/GSIP-152 > >> > >> Feedback and votes welcomed > >> > >> Cheers > >> Andrea > >> > >> -- > >> == > >> GeoServer Professional Services from the experts! Visit > >> http://goo.gl/it488V for more information. > >> == > >> > >> Ing. Andrea Aime > >> @geowolf > >> Technical Lead > >> > >> GeoSolutions S.A.S. > >> Via di Montramito 3/A > >> 55054 Massarosa (LU) > >> phone: +39 0584 962313 > >> fax: +39 0584 1660272 > >> mob: +39 339 8844549 > >> > >> http://www.geo-solutions.it > >> http://twitter.com/geosolutions_it > >> > >> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 > >> > >> Le informazioni contenute in questo messaggio di posta elettronica e/o > >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro > >> utilizzo è consentito esclusivamente al destinatario del messaggio, per > le > >> finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio > >> senza esserne il destinatario, Vi preghiamo cortesemente di darcene > notizia > >> via e-mail e di procedere alla distruzione del messaggio stesso, > >> cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo > >> anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per > >> finalità diverse, costituisce comportamento contrario ai principi > dettati > >> dal D.Lgs. 196/2003. > >> > >> > >> > >> The information in this message and/or attachments, is intended solely > for > >> the attention and use of the named addressee(s) and may be confidential > or > >> proprietary in nature or covered by the provisions of privacy act > >> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > >> Code).Any use not in accord with its purpose, any disclosure, > reproduction, > >> copying, distribution, or either dissemination, either whole or > partial, is > >> strictly forbidden except previous formal approval of the named > >> addressee(s). If you are not the intended recipient, please contact > >> immediately the sender by telephone, fax or e-mail and delete the > >> information in this message that has been received in error. The sender > does > >> not give any warranty or accept liability as the content, accuracy or > >> completeness of sent messages and accepts no responsibility for changes > >> made after they were sent or for other risks which arise as a result of > >> e-mail transmission, viruses, etc. > >> > >> > >> --- > >> > >> > >> > -- > >> > >> ___ > >> Geoserver-devel mailing list > >> Geoserver-devel@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel > >> > > > > > > > -- > > > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > > -- > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Mails from build server categorized as SPAM
Hi Andrea The google mail classification is a miracle to me. See the attachment for a mail classified as spam sent by moni...@boundlessgeo.com Cheers On Mon, Nov 7, 2016 at 11:50 AM, Andrea Aime <andrea.a...@geo-solutions.it> wrote: > Hi Christian, > I also use gmail and just checked the list and the spam queue, found no > mail from the moni...@boundlessgeo.com > in there. I had an assortment of other valid mails from several mailing > lists (mapserver, gdal, gt and gs users) > but none of the monitor mails got categorized that way. > > Cheers > Andrea > > > On Fri, Nov 4, 2016 at 9:54 AM, Christian Mueller <christian.mueller@os- > solutions.at> wrote: > >> In the last time many mails sent by moni...@boundlessgeo.com are >> categorized as SPAM in Gmail. >> >> I solved the problem for another customer by installing DKIM. >> >> Are there any other developers having this problem ? >> >> Cheers >> Christian >> >> >> -- >> DI Christian Mueller MSc (GIS), MSc (IT-Security) >> OSS Open Source Solutions GmbH >> >> >> >> -- >> Developer Access Program for Intel Xeon Phi Processors >> Access to Intel Xeon Phi processor-based developer platforms. >> With one year of Intel Parallel Studio XE. >> Training and support from Colfax. >> Order your platform today. http://sdm.link/xeonphi >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> >> > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via di Montramito 3/A > 55054 Massarosa (LU) > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > --- > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] Mails from build server categorized as SPAM
In the last time many mails sent by moni...@boundlessgeo.com are categorized as SPAM in Gmail. I solved the problem for another customer by installing DKIM. Are there any other developers having this problem ? Cheers Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Feedbacks needed on SecurityNamedServiceEditPage logic
ipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > - > > > ------ > The Command Line: Reinvented for Modern Developers > Did the resurgence of CLI tooling catch you by surprise? > Reconnect with the command line and become more productive. > Learn the new .NET and ASP.NET CLI. Get your free copy! > http://sdm.link/telerik > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Old JIRA for CAS extension
Of course Thanks Mauro Cheers On Thu, Oct 20, 2016 at 1:04 PM, Mauro Bartolomeoli < mauro.bartolome...@geo-solutions.it> wrote: > Hi, > > 2016-10-20 12:36 GMT+02:00 Christian Mueller <christian.mueller@os- > solutions.at>: > >> Please merge :-) >> >> Done. > > >> A backport would be nice. >> > > 2.10, 2.9, 2.8 is ok? > > Mauro > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Dott. Mauro Bartolomeoli > @mauro_bart > Senior Software Engineer > > GeoSolutions S.A.S. > Via di Montramito 3/A > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > --- > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Old JIRA for CAS extension
so, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Call for Vote: GSIP 138 - Promote Vector Tiles to Extension
+1 Christian On Wed, Oct 19, 2016 at 9:54 AM, Rahkonen Jukka (MML) < jukka.rahko...@maanmittauslaitos.fi> wrote: > +1 > > > > -Jukka Rahkonen- > > > > Ian Turton wrote: > > Re: [Geoserver-devel] Call for Vote: GSIP 138 - Promote Vector Tiles to > Extension > > > > +1 > > > > Ian > > > > > > On 18 October 2016 at 22:58, Ben Caradoc-Davies <b...@transient.nz> wrote: > > +1 to promote gs-vectortiles to extension. Thanks, Dave, for your > efforts on this one. I changed the title to include "Call for Vote" to > attract attention because you called for a vote in your text below. > > The most recent Cobertura release does not support Java 8 bytecode, and > Cobertura master (2.1.2-SNAPSHOT) does not build from source for me > under OpenJDK 8 (and that is as far down that rabbit hole that I am > prepared to go). > > EclEmma (Eclipse coverage plugin) reports a quite respectable code > coverage of 71.3% for gs-vectortiles. > > Kind regards, > Ben. > > On 19/10/16 07:02, Dave Blasby wrote: > > Hi, > > > > I did some work in the VT community module; > > > > * very very minor code clean up (formatting) > > * integrated one of my old PRs (degenerate geometries filtering) > > * added some documentation pages > > > > https://github.com/geoserver/geoserver/wiki/GSIP-138 > > > > I believe it's now ready to move to an extension - please review/vote. > > > > Thanks a lot, > > David > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > -- > Ben Caradoc-Davies <b...@transient.nz> > Director > Transient Software Limited <http://transient.nz/> > New Zealand > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > > > -- > > Ian Turton > > -------- > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] New Community Module: OneLogin Authentication
+1 Will you use https://wiki.shibboleth.net/confluence/display/OS30/Home ? Cheers Christian On Fri, Sep 23, 2016 at 10:04 PM, Ben Caradoc-Davies <b...@transient.nz> wrote: > +1. That sounds quite useful. > > Kind regards, > Ben. > > On 24/09/16 03:03, Mauro Bartolomeoli wrote: > > Dear All, > > I am asking for the permission to create a new community module for > > GeoServer to allow it to authenticate users against the OneLogin SSO > > service (https://www.onelogin.com/). > > > > OneLogin uses the SAML protocol for its SSO implementation, so this work > > could be used as a base for a more generic SAML provider in the future. > > > > Please, vote. > > > > Thanks > > Mauro > > > > > > > > > > > -- > > > > > > > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > -- > Ben Caradoc-Davies <b...@transient.nz> > Director > Transient Software Limited <http://transient.nz/> > New Zealand > > > ------ > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Permission for new community module: OAuth2 Authtentication
+1 Great to have OAUTH2 integrated in the security subsystem. Christian On Tue, Aug 30, 2016 at 2:54 PM, Justin Deoliveira <jdeol...@gmail.com> wrote: > Great to hear! I know a few users who will be excited to see this work! If > I could give a +1 you would have it :) > > On Tue, Aug 30, 2016 at 6:47 AM Simone Giannecchini < > simone.giannecch...@geo-solutions.it> wrote: > >> Dear All, >> on behalf of alessio, I am asking for the permission to create a new >> community module for GeoServer to allow it to authenticate users >> against an OAuth2 provider. >> The module will contain an implementation for using google accounts >> and will be used also for GeoNode in the near future. >> >> All I need is love (in the form of a +1). >> >> Regards, >> Simone Giannecchini >> == >> GeoServer Professional Services from the experts! >> Visit http://goo.gl/it488V for more information. >> == >> Ing. Simone Giannecchini >> @simogeo >> Founder/Director >> >> GeoSolutions S.A.S. >> Via di Montramito 3/A >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> mob: +39 333 8128928 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> --- >> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. >> Il loro utilizzo è consentito esclusivamente al destinatario del >> messaggio, per le finalità indicate nel messaggio stesso. Qualora >> riceviate questo messaggio senza esserne il destinatario, Vi preghiamo >> cortesemente di darcene notizia via e-mail e di procedere alla >> distruzione del messaggio stesso, cancellandolo dal Vostro sistema. >> Conservare il messaggio stesso, divulgarlo anche in parte, >> distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità >> diverse, costituisce comportamento contrario ai principi dettati dal >> D.Lgs. 196/2003. >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be >> confidential or proprietary in nature or covered by the provisions of >> privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New >> Data Protection Code).Any use not in accord with its purpose, any >> disclosure, reproduction, copying, distribution, or either >> dissemination, either whole or partial, is strictly forbidden except >> previous formal approval of the named addressee(s). If you are not the >> intended recipient, please contact immediately the sender by >> telephone, fax or e-mail and delete the information in this message >> that has been received in error. The sender does not give any warranty >> or accept liability as the content, accuracy or completeness of sent >> messages and accepts no responsibility for changes made after they >> were sent or for other risks which arise as a result of e-mail >> transmission, viruses, etc. >> >> >> -- >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > > > -- > > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Question on GeoServer Security APIs and help understaing how filters work
ase contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > - > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Reminder: call vote for GSIP - 145
Added my +1, nice improvement On Tue, Jul 26, 2016 at 11:37 PM, Ben Caradoc-Davies <b...@transient.nz> wrote: > +1. This is not doubt a useful improvement. > > Kind regards, > Ben. > > On 27/07/16 04:43, Alessio Fabiani wrote: > > Dear devs, > > can you please esxpress your vote for GSIP -145 Back-up and Restore > > Extension for GeoServer Configuration > > > > https://github.com/geoserver/geoserver/wiki/GSIP-145 > > > > also the PR relates to the GSIP is ready if you want to take a look and > > comment > > > > https://github.com/geoserver/geoserver/pull/1668 > > > > consider that there are other PRs related to this one concerning some > > issues/improvements of GeoServer core APIs. > > > > Some of them have been already succesfully merged (GEOS-7611, GEOS-7613 > and > > GEOS-7619) while few of them are still under reviewing (GEOS-7614 and > > GEOS-7616) if you also want to take a look. > > > > Thank you all for you help. > > > > Best Regards, > > Alessio Fabiani. > > > > == > > GeoServer Professional Services from the experts! > > Visit http://goo.gl/it488V for more information. > > == > > > > Ing. Alessio Fabiani > > @alfa7691 > > Founder/Technical Lead > > > > GeoSolutions S.A.S. > > Via di Montramito 3/A > > 55054 Massarosa (LU) > > Italy > > phone: +39 0584 962313 > > fax: +39 0584 1660272 > > mob: +39 331 6233686 > > > > http://www.geo-solutions.it > > http://twitter.com/geosolutions_it > > > > --- > > > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > > > Le informazioni contenute in questo messaggio di posta elettronica e/o > > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > > darcene notizia via e-mail e di procedere alla distruzione del messaggio > > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > > principi dettati dal D.Lgs. 196/2003. > > > > > > > > The information in this message and/or attachments, is intended solely > for > > the attention and use of the named addressee(s) and may be confidential > or > > proprietary in nature or covered by the provisions of privacy act > > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > > Code).Any use not in accord with its purpose, any disclosure, > reproduction, > > copying, distribution, or either dissemination, either whole or partial, > is > > strictly forbidden except previous formal approval of the named > > addressee(s). If you are not the intended recipient, please contact > > immediately the sender by telephone, fax or e-mail and delete the > > information in this message that has been received in error. The sender > > does not give any warranty or accept liability as the content, accuracy > or > > completeness of sent messages and accepts no responsibility for changes > > made after they were sent or for other risks which arise as a result of > > e-mail transmission, viruses, etc. > > > > - > > > > > > > > > -- > > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > > patterns at an interface-level. Reveals which users, apps, and protocols > are > > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning > > reports.http://sdm.link/zohodev2dev > > > > > > > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > -- > Ben Caradoc-Davies <b...@transient.nz> > Director > Transient Software Limited <http://transient.nz/> > New Zealand > > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth an
[Geoserver-devel] Pull Request for GEOS-7642
All test passed, will merge soon https://github.com/geoserver/geoserver/pull/1693 -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Proposal and call for vote: absorb the 2.9 release delay in 2.10 and 2.11
+1 Cheers Christian On Sun, Jun 26, 2016 at 5:32 PM, Simone Giannecchini < simone.giannecch...@geo-solutions.it> wrote: > +1 > Regards, > Simone Giannecchini > == > GeoServer Professional Services from the experts! > Visit http://goo.gl/it488V for more information. > == > Ing. Simone Giannecchini > @simogeo > Founder/Director > > GeoSolutions S.A.S. > Via di Montramito 3/A > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 333 8128928 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > --- > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. > Il loro utilizzo è consentito esclusivamente al destinatario del > messaggio, per le finalità indicate nel messaggio stesso. Qualora > riceviate questo messaggio senza esserne il destinatario, Vi preghiamo > cortesemente di darcene notizia via e-mail e di procedere alla > distruzione del messaggio stesso, cancellandolo dal Vostro sistema. > Conservare il messaggio stesso, divulgarlo anche in parte, > distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità > diverse, costituisce comportamento contrario ai principi dettati dal > D.Lgs. 196/2003. > > The information in this message and/or attachments, is intended solely > for the attention and use of the named addressee(s) and may be > confidential or proprietary in nature or covered by the provisions of > privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New > Data Protection Code).Any use not in accord with its purpose, any > disclosure, reproduction, copying, distribution, or either > dissemination, either whole or partial, is strictly forbidden except > previous formal approval of the named addressee(s). If you are not the > intended recipient, please contact immediately the sender by > telephone, fax or e-mail and delete the information in this message > that has been received in error. The sender does not give any warranty > or accept liability as the content, accuracy or completeness of sent > messages and accepts no responsibility for changes made after they > were sent or for other risks which arise as a result of e-mail > transmission, viruses, etc. > > > On Sat, Jun 25, 2016 at 11:01 PM, Ben Caradoc-Davies <b...@transient.nz> > wrote: > > +1. I think this is the least disruptive option. > > > > Kind regards, > > Ben. > > > > On 26/06/16 03:09, Andrea Aime wrote: > >> Hi, > >> following up the discussion on the release schedule I've put toghether > this > >> proposal: > >> > >> https://github.com/geoserver/geoserver/wiki/GSIP%20148 > >> > >> Discussion/votes wecomed > >> > >> Cheers > >> Andrea > >> > >> > >> > >> > -- > >> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San > >> Francisco, CA to explore cutting-edge tech and listen to tech luminaries > >> present their vision of the future. This family event has something for > >> everyone, including kids. Get more information and register today. > >> http://sdm.link/attshape > >> > >> > >> > >> ___ > >> Geoserver-devel mailing list > >> Geoserver-devel@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel > >> > > > > -- > > Ben Caradoc-Davies <b...@transient.nz> > > Director > > Transient Software Limited <http://transient.nz/> > > New Zealand > > > > > -- > > Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San > > Francisco, CA to explore cutting-edge tech and listen to tech luminaries > > present their vision of the future. This family event has something for > > everyone, including kids. Get more information and register today. > > http://sdm.link/attshape > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > ---------- > Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San > Francisco, CA to explore cutting-edg
Re: [Geoserver-devel] motion: Accept Simone Giannecchini as project officer
+1 Christian On Tue, Jun 7, 2016 at 9:34 AM, Ian Turton <ijtur...@gmail.com> wrote: > +1 > > Ian > > On 6 June 2016 at 23:09, Jody Garnett <jody.garn...@gmail.com> wrote: > >> We have one volunteer to act as project officer, can I make a motion to >> "Accept Simone Giannecchini as GeoServer project officer". >> >> I would like to wrap this up promptly so it can be added to the OSGeo >> board meeting this week. >> -- >> Jody Garnett >> >> >> -- >> What NetFlow Analyzer can do for you? Monitors network bandwidth and >> traffic >> patterns at an interface-level. Reveals which users, apps, and protocols >> are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. >> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> >> > > > -- > Ian Turton > > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] motion: Accept Simone Giannecchini as project officer
+1 On Tue, Jun 7, 2016 at 12:13 AM, Ben Caradoc-Davies <b...@transient.nz> wrote: > +1. > > On 07/06/16 10:09, Jody Garnett wrote: > > We have one volunteer to act as project officer, can I make a motion to > > "Accept Simone Giannecchini as GeoServer project officer". > > > > I would like to wrap this up promptly so it can be added to the OSGeo > board > > meeting this week. > > -- > > Jody Garnett > > > > > > > > > -- > > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > > patterns at an interface-level. Reveals which users, apps, and protocols > are > > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > > J-Flow, sFlow and other flows. Make informed decisions using capacity > > planning reports. > https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > > > > > > > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > -- > Ben Caradoc-Davies <b...@transient.nz> > Director > Transient Software Limited <http://transient.nz/> > New Zealand > > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP-146
Updated the GSIP with +1 On Wed, Jun 1, 2016 at 12:37 PM, Ian Turton <ijtur...@gmail.com> wrote: > +1 > > Ian > On 1 Jun 2016 11:33, "Mauro Bartolomeoli" < > mauro.bartolome...@geo-solutions.it> wrote: > >> Hi, as disussed in a different thread, I think it's time to vote for the >> following GSIP: >> >> https://github.com/geoserver/geoserver/wiki/GSIP-146 >> >> Please, don't be shy. >> >> Regards, >> Mauro >> >> >> >> -- >> == >> GeoServer Professional Services from the experts! Visit >> http://goo.gl/it488V for more information. >> == >> >> Dott. Mauro Bartolomeoli >> @mauro_bart >> Senior Software Engineer >> >> GeoSolutions S.A.S. >> Via di Montramito 3/A >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> --- >> >> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >> >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >> darcene notizia via e-mail e di procedere alla distruzione del messaggio >> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >> principi dettati dal D.Lgs. 196/2003. >> >> >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be confidential >> or proprietary in nature or covered by the provisions of privacy act >> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >> Code).Any use not in accord with its purpose, any disclosure, reproduction, >> copying, distribution, or either dissemination, either whole or partial, is >> strictly forbidden except previous formal approval of the named >> addressee(s). If you are not the intended recipient, please contact >> immediately the sender by telephone, fax or e-mail and delete the >> information in this message that has been received in error. The sender >> does not give any warranty or accept liability as the content, accuracy or >> completeness of sent messages and accepts no responsibility for changes >> made after they were sent or for other risks which arise as a result of >> e-mail transmission, viruses, etc. >> >> >> -- >> What NetFlow Analyzer can do for you? Monitors network bandwidth and >> traffic >> patterns at an interface-level. Reveals which users, apps, and protocols >> are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. >> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> >> > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Introducing Alessandro Parma
+1 from Geotools and GeoServer Cheers Christian On Fri, May 27, 2016 at 12:13 AM, Ben Caradoc-Davies <b...@transient.nz> wrote: > +1 from me for GeoTools and GeoServer. > > Thanks, Alessandro. I have appreciated your work setting up the > GeoSolutions OpenJDK and Windows Jenkins builds. I am pleased that you > are increasing your involvement with these projects. > > Kind regards, > Ben. > > On 27/05/16 01:40, Andrea Aime wrote: > > Hi all, > > I would like to formally introduce the community to Alessandro Parma, our > > devops specialist > > that has been keeping in running form, among the other things, the > official > > windows and openjdk > > build servers, along with the bleeding edge GeoServer demo server from > > GeoSolutions (updated daily from > > 2.9.x nightlies now, see http://demo.geo-solutions.it/geoserver/web/ ). > > > > Alessandro is eager ( :-p ) to help with releases and we would like to > > propose him as the > > release manager for the gt 14.4/gwc 1.8.3/gs 2.8.4 release train. > > > > We are clearly in need of help in this area, however, it also means > > Alessandro needs to be > > given commit rights in all projects involved (thus the 3 way cross > posting, > > apologies for that), > > and admin rights in jira and probably sourceforge. > > So we'll need a +1 from a representative of each of the 3 projects. > > > > Let us know if you have any question > > > > Cheers > > Andrea > > > > > > > > > -- > > Mobile security can be enabling, not merely restricting. Employees who > > bring their own devices (BYOD) to work are irked by the imposition of MDM > > restrictions. Mobile Device Manager Plus allows you to control only the > > apps on BYO-devices by containerizing them, leaving personal data > untouched! > > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > > > > > > > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > -- > Ben Caradoc-Davies <b...@transient.nz> > Director > Transient Software Limited <http://transient.nz/> > New Zealand > > > -- > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] proposal: LDAP UserGroupService
Hi Niels The jdbc implementation uses a propterty file for all sql statements ./main/resources/org/geoserver/security/jdbc/usersdml.xml Do you plan something similar to the ldap implementation. The nice thing is that users can adjust the queries to their environment. Cheers On Mon, May 2, 2016 at 6:08 PM, Niels Charlier <ni...@scitus.be> wrote: > Thanks, Simone. > > Extra information: > It would be implemented in an analogue way to the RoleService. The > different method implementations would execute LDAP search queries to > retrieve the requested user information and translate the data to > user/group objects. Configuration would also be similar to the RoleService > and AuthenticationService but slightly more extended: users could choose > between providing filters for retrieving all/specific users/groups or > simply provide the necessary attribute names (where the filters are > automatically created). > > Regards > Niels > > > On 02-05-16 16:50, Simone Giannecchini wrote: > >> +1 >> >> The proposal is not _tremendously_ detailed but I think this is a >> feature that is needed. >> If you can just elaborate a little on the proposal itself that would be >> great. >> >> As an instance, do you intend to put same caching in between GS and >> LDAP to avoid LDAP sloweness slowing down request serving? >> >> >> Regards, >> Simone Giannecchini >> == >> GeoServer Professional Services from the experts! >> Visit http://goo.gl/it488V for more information. >> == >> Ing. Simone Giannecchini >> @simogeo >> Founder/Director >> >> GeoSolutions S.A.S. >> Via di Montramito 3/A >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> mob: +39 333 8128928 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> --- >> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. >> Il loro utilizzo è consentito esclusivamente al destinatario del >> messaggio, per le finalità indicate nel messaggio stesso. Qualora >> riceviate questo messaggio senza esserne il destinatario, Vi preghiamo >> cortesemente di darcene notizia via e-mail e di procedere alla >> distruzione del messaggio stesso, cancellandolo dal Vostro sistema. >> Conservare il messaggio stesso, divulgarlo anche in parte, >> distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità >> diverse, costituisce comportamento contrario ai principi dettati dal >> D.Lgs. 196/2003. >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be >> confidential or proprietary in nature or covered by the provisions of >> privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New >> Data Protection Code).Any use not in accord with its purpose, any >> disclosure, reproduction, copying, distribution, or either >> dissemination, either whole or partial, is strictly forbidden except >> previous formal approval of the named addressee(s). If you are not the >> intended recipient, please contact immediately the sender by >> telephone, fax or e-mail and delete the information in this message >> that has been received in error. The sender does not give any warranty >> or accept liability as the content, accuracy or completeness of sent >> messages and accepts no responsibility for changes made after they >> were sent or for other risks which arise as a result of e-mail >> transmission, viruses, etc. >> >> >> On Mon, May 2, 2016 at 12:20 PM, Christian Mueller >> <christian.muel...@os-solutions.at> wrote: >> >>> Added my +1 >>> >>> Cheers >>> >>> On Mon, May 2, 2016 at 10:46 AM, Niels Charlier <ni...@scitus.be> wrote: >>> >>>> Hello, >>>> >>>> I was waiting to make this proposal for after the release: >>>> >>>> https://github.com/geoserver/geoserver/wiki/GSIP-144-- >>>> >>>> Basically: There is no LDAP UserGroupService yet. Some people might want >>>> one. For example, to use the integrated geofence with ldap, because the >>>> integrated geofence relies on a UserGroupService. >>>> >>>> Please vote / provide feedback. >>>> >>>> Thanks >>>> Niels >>>> >>>
Re: [Geoserver-devel] proposal: LDAP UserGroupService
Hi @Simone, GeoServer uses caching already. Its the same as if you are using a user group store based on JDBC. No need to implement a special LDAP cache for serving requests. Cheers On Mon, May 2, 2016 at 4:53 PM, Chris Snider <chris.sni...@issinc.com> wrote: > Hi, > > I tried the link below and it wound up on a "Create new wiki" page. > Removing the -- at the end resulted in > https://github.com/geoserver/geoserver/wiki/GSIP-144 > > This page did open. > > Chris Snider > Senior Software Engineer > Intelligent Software Solutions, Inc. > > > > -Original Message- > From: Niels Charlier [mailto:ni...@scitus.be] > Sent: Monday, May 02, 2016 2:46 AM > To: Geoserver-devel <geoserver-devel@lists.sourceforge.net> > Subject: [Geoserver-devel] proposal: LDAP UserGroupService > > Hello, > > I was waiting to make this proposal for after the release: > > https://github.com/geoserver/geoserver/wiki/GSIP-144-- > > Basically: There is no LDAP UserGroupService yet. Some people might want > one. For example, to use the integrated geofence with ldap, because the > integrated geofence relies on a UserGroupService. > > Please vote / provide feedback. > > Thanks > Niels > > > -- > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into multiple > tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > -- > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into multiple > tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] proposal: LDAP UserGroupService
Added my +1 Cheers On Mon, May 2, 2016 at 10:46 AM, Niels Charlier <ni...@scitus.be> wrote: > Hello, > > I was waiting to make this proposal for after the release: > > https://github.com/geoserver/geoserver/wiki/GSIP-144-- > > Basically: There is no LDAP UserGroupService yet. Some people might want > one. For example, to use the integrated geofence with ldap, because the > integrated geofence relies on a UserGroupService. > > Please vote / provide feedback. > > Thanks > Niels > > > -- > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into multiple > tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP-143 Extension Status
Decree June, 30 2003, no.196 - Italy's New Data Protection > >> Code).Any use not in accord with its purpose, any disclosure, > reproduction, > >> copying, distribution, or either dissemination, either whole or > partial, is > >> strictly forbidden except previous formal approval of the named > >> addressee(s). If you are not the intended recipient, please contact > >> immediately the sender by telephone, fax or e-mail and delete the > >> information in this message that has been received in error. The sender > does > >> not give any warranty or accept liability as the content, accuracy or > >> completeness of sent messages and accepts no responsibility for changes > >> made after they were sent or for other risks which arise as a result of > >> e-mail transmission, viruses, etc. > >> > >> > >> --- > >> > >> > >> > -- > >> Transform Data into Opportunity. > >> Accelerate data analysis in your applications with > >> Intel Data Analytics Acceleration Library. > >> Click to learn more. > >> http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140 > >> ___ > >> Geoserver-devel mailing list > >> Geoserver-devel@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel > >> > > > > > > > > -- > > Ian Turton > > > > > -- > > Transform Data into Opportunity. > > Accelerate data analysis in your applications with > > Intel Data Analytics Acceleration Library. > > Click to learn more. > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140 > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > > -- > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140 > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Call for Votes: GSIP 141 - Change GSIP voting rules to 30% positive with 50% quorum
+1 Christian On Tue, Mar 22, 2016 at 11:21 PM, Kevin Smith <smit...@draconic.ca> wrote: > +1 > > -- > Kevin Michael Smith > smit...@draconic.ca > > On Tue, Mar 22, 2016, at 02:12 PM, Ben Caradoc-Davies wrote: > > GeoServer PSC members, please vote: > > > > GSIP 141 - Change GSIP voting rules to 30% positive with 50% quorum > > https://github.com/geoserver/geoserver/wiki/GSIP-141 > > > > Kind regards, > > > > -- > > Ben Caradoc-Davies <b...@transient.nz> > > Director > > Transient Software Limited <http://transient.nz/> > > New Zealand > > > > > -- > > Transform Data into Opportunity. > > Accelerate data analysis in your applications with > > Intel Data Analytics Acceleration Library. > > Click to learn more. > > http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140 > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > -- > Transform Data into Opportunity. > Accelerate data analysis in your applications with > Intel Data Analytics Acceleration Library. > Click to learn more. > http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140 > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785351=/4140___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] spring 4 upgrade
Hi Jody The CAS test setup is a rather complex one. You have to 1) Create a maven project producing a CAS overlay war file 2) Setup HTTPS for the server (Generate key on the server side,import server certificate in cacerts) 3) Setup HTTPS for the client side (CAS server contacts the client using https for proxy granting tickets). Maybe the following cold work Add the overlay CAS war file as test resource. Search for a free TCP/IP port Start the war file using Jetty. Jetty must have the proper truststore and keystore configuration Start the tests with the proper truststore and keystore configuration Shutdown Jetty. Does this make sense ? Christian On Tue, Mar 15, 2016 at 1:02 AM, Jody Garnett <jody.garn...@gmail.com> wrote: > Thanks Christian, I have updated the wiki page to reflect this progress: > > * https://github.com/geoserver/geoserver/wiki/Spring-4-Upgrade > > Trying to get a handle on what is left to do, especially testing. If > security-cas requires any additional testing please add it to the page > above. > > What we have remaining before beta2: > > 3. Migrate tests from mock runner to spring-test >(done) core building >(done) extension building >(volunteer needed) community modules (-PcommunityRelease) could not fix > everything > > 4. GWC - also uses spring and will require update >(done) Upgrade to Servlet 3.0 >(kevin) Migrate from Acegi 1.0.7 to Spring Security > > 5. GeoFence Integration >(volunteer) needed > > 7. community modules (-PcommunityRelease) >need a list of these > > 8. Merge feature branch, release 2.9-beta2 > > > -- > Jody Garnett > > On 13 March 2016 at 09:01, Christian Mueller < > christian.muel...@os-solutions.at> wrote: > >> Hi >> >> I have do done the the CAS Port and pushed the commit to >> the spring4-upgrade branch. >> >> Cheers >> >> >> On Sun, Mar 13, 2016 at 5:20 AM, Jody Garnett <jody.garn...@gmail.com> >> wrote: >> >>> Do not worry about login/logout for GeoExplorer. >>> >>> However I think the endpoint may be used by others so we should supply >>> migration instructions for anyone else affected. >>> >>> >>> >>> >>> On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeol...@gmail.com> >>> wrote: >>> >>>> An update on this one. >>>> >>>> Basically where it stands is that I think everything minus CAS has been >>>> ported over the new spring apis and afaik all tests are passing. I’ve run >>>> the server (with just the core modules) and can confirm that a quick smoke >>>> test doesn’t show any problems. >>>> >>>> In terms of compability issues the only issue I have found thus far is >>>> the issue with the spring security login endpoints changing (ie. >>>> /j_spring_security_check is now /login). It’s on my list to circle back to >>>> see if we can somehow change some config to use the old paths. However when >>>> I looked before it didn’t look possible. I only know of one application >>>> (GeoExplorer) that utilizes the endpoints to login so i am not sure how far >>>> reaching this issue actually is. >>>> >>>> So off the top of my head the remaining tasks are: >>>> >>>> - Port CAS >>>> - Look at the login/logout endpoint issue >>>> - Decide what to do about the login/logout issue if we can’t change >>>> them back >>>> - Do some more general and thorough testing >>>> >>>> >>>> >>>> On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garn...@gmail.com> >>>> wrote: >>>> >>>>> Thanks Christian, I will write up the blog post - and talk to you all >>>>> next week with respect to planning. >>>>> >>>>> -- >>>>> Jody Garnett >>>>> >>>>> On 3 March 2016 at 23:24, Christian Mueller < >>>>> christian.muel...@os-solutions.at> wrote: >>>>> >>>>>> Hi all >>>>>> >>>>>> I think it is necessary to upgrade, +1 here. I have seen Justin >>>>>> created a branch spring4-upgrade fixing the broken security code. >>>>>> >>>>>> For CAS I have an online test scenario. >>>>>> >>>>>> Cheers >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garn..
Re: [Geoserver-devel] spring 4 upgrade
Hi I have do done the the CAS Port and pushed the commit to the spring4-upgrade branch. Cheers On Sun, Mar 13, 2016 at 5:20 AM, Jody Garnett <jody.garn...@gmail.com> wrote: > Do not worry about login/logout for GeoExplorer. > > However I think the endpoint may be used by others so we should supply > migration instructions for anyone else affected. > > > > > On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeol...@gmail.com> > wrote: > >> An update on this one. >> >> Basically where it stands is that I think everything minus CAS has been >> ported over the new spring apis and afaik all tests are passing. I’ve run >> the server (with just the core modules) and can confirm that a quick smoke >> test doesn’t show any problems. >> >> In terms of compability issues the only issue I have found thus far is >> the issue with the spring security login endpoints changing (ie. >> /j_spring_security_check is now /login). It’s on my list to circle back to >> see if we can somehow change some config to use the old paths. However when >> I looked before it didn’t look possible. I only know of one application >> (GeoExplorer) that utilizes the endpoints to login so i am not sure how far >> reaching this issue actually is. >> >> So off the top of my head the remaining tasks are: >> >> - Port CAS >> - Look at the login/logout endpoint issue >> - Decide what to do about the login/logout issue if we can’t change them >> back >> - Do some more general and thorough testing >> >> >> >> On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garn...@gmail.com> >> wrote: >> >>> Thanks Christian, I will write up the blog post - and talk to you all >>> next week with respect to planning. >>> >>> -- >>> Jody Garnett >>> >>> On 3 March 2016 at 23:24, Christian Mueller < >>> christian.muel...@os-solutions.at> wrote: >>> >>>> Hi all >>>> >>>> I think it is necessary to upgrade, +1 here. I have seen Justin created >>>> a branch spring4-upgrade fixing the broken security code. >>>> >>>> For CAS I have an online test scenario. >>>> >>>> Cheers >>>> >>>> >>>> >>>> On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garn...@gmail.com> >>>> wrote: >>>> >>>>> Thanks Simone, updating the page. I will give Christian another day >>>>> and then I would like to start making plans. >>>>> >>>>> -- >>>>> Jody Garnett >>>>> >>>>> On 3 March 2016 at 09:16, Simone Giannecchini < >>>>> simone.giannecch...@geo-solutions.it> wrote: >>>>> >>>>>> Ciao Jody, >>>>>> I am for upgrading to Spring 4 + delaying the release. >>>>>> >>>>>> I already told Andrea we can devote resources to help with the >>>>>> upgrade. >>>>>> >>>>>> >>>>>> Regards, >>>>>> Simone Giannecchini >>>>>> == >>>>>> GeoServer Professional Services from the experts! >>>>>> Visit http://goo.gl/it488V for more information. >>>>>> == >>>>>> Ing. Simone Giannecchini >>>>>> @simogeo >>>>>> Founder/Director >>>>>> >>>>>> GeoSolutions S.A.S. >>>>>> Via di Montramito 3/A >>>>>> 55054 Massarosa (LU) >>>>>> Italy >>>>>> phone: +39 0584 962313 >>>>>> fax: +39 0584 1660272 >>>>>> mob: +39 333 8128928 >>>>>> >>>>>> http://www.geo-solutions.it >>>>>> http://twitter.com/geosolutions_it >>>>>> >>>>>> --- >>>>>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 >>>>>> Le informazioni contenute in questo messaggio di posta elettronica e/o >>>>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. >>>>>> Il loro utilizzo è consentito esclusivamente al destinatario del >>>>>> messaggio, per le finalità indicate nel messaggio stesso. Qualora >>>>>> riceviate questo messaggio senza esserne il destinatario, Vi preghiamo >>>>>> cortesemente di darcene notizia via e-mail e di procedere alla >>>>
Re: [Geoserver-devel] spring 4 upgrade
Hi all I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code. For CAS I have an online test scenario. Cheers On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garn...@gmail.com> wrote: > Thanks Simone, updating the page. I will give Christian another day and > then I would like to start making plans. > > -- > Jody Garnett > > On 3 March 2016 at 09:16, Simone Giannecchini < > simone.giannecch...@geo-solutions.it> wrote: > >> Ciao Jody, >> I am for upgrading to Spring 4 + delaying the release. >> >> I already told Andrea we can devote resources to help with the upgrade. >> >> >> Regards, >> Simone Giannecchini >> == >> GeoServer Professional Services from the experts! >> Visit http://goo.gl/it488V for more information. >> == >> Ing. Simone Giannecchini >> @simogeo >> Founder/Director >> >> GeoSolutions S.A.S. >> Via di Montramito 3/A >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> mob: +39 333 8128928 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> --- >> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. >> Il loro utilizzo è consentito esclusivamente al destinatario del >> messaggio, per le finalità indicate nel messaggio stesso. Qualora >> riceviate questo messaggio senza esserne il destinatario, Vi preghiamo >> cortesemente di darcene notizia via e-mail e di procedere alla >> distruzione del messaggio stesso, cancellandolo dal Vostro sistema. >> Conservare il messaggio stesso, divulgarlo anche in parte, >> distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità >> diverse, costituisce comportamento contrario ai principi dettati dal >> D.Lgs. 196/2003. >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be >> confidential or proprietary in nature or covered by the provisions of >> privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New >> Data Protection Code).Any use not in accord with its purpose, any >> disclosure, reproduction, copying, distribution, or either >> dissemination, either whole or partial, is strictly forbidden except >> previous formal approval of the named addressee(s). If you are not the >> intended recipient, please contact immediately the sender by >> telephone, fax or e-mail and delete the information in this message >> that has been received in error. The sender does not give any warranty >> or accept liability as the content, accuracy or completeness of sent >> messages and accepts no responsibility for changes made after they >> were sent or for other risks which arise as a result of e-mail >> transmission, viruses, etc. >> >> >> On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garn...@gmail.com> >> wrote: >> > Thanks Brad, updated the table accordingly. I probably should of >> phrased >> > this as a yes/no question. >> > >> > We are waiting on two PSC members: >> > - Christian Mueller >> > - Simone Giannecchini >> > >> > -- >> > Jody Garnett >> > >> > On 3 March 2016 at 06:18, Brad Hards <br...@frogmouth.net> wrote: >> >> >> >> On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote: >> >> > Thank you so much Jody for all your work rounding this up. >> >> > >> >> > I am +1 to delay the release and upgrade now to Spring 4. >> >> I'm OK with either solution (with a very slight preference for keeping >> a >> >> Java >> >> 8 solution). Happy for those who understand the implications (in >> >> particular, >> >> the risks and work involved) at a deeper level to make the call on >> this. >> >> >> >> Brad >> >> >> >> >> >> >> >> >> >> >> -- >> >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> >> Monitor end-to-end web transactions and take corrective actions now >> >&
Re: [Geoserver-devel] spring 4 upgrade
Hi all The Spring security API changed since 4.x. GeoServer is relying on getters and setters and this methods are gone. Since 4.x, the instance variables are set using a constructor. Not easy to change. Additionally, the CAS java client also changed the public API, this is the second problem because the CAS jar is a dependency of Spring Security. Will have a look at the problem during the weekend. Do we have a branch where I can start investigating ? Cheers Christian On Wed, Mar 2, 2016 at 4:29 AM, Andrea Aime <andrea.a...@geo-solutions.it> wrote: > Hi Jody, > as said in the meeting, I'm supportive of a delay long enough to switch > everything to Spring 4 and make it solid (2-3 months) > > Cheers > Andrea > > > On Wed, Mar 2, 2016 at 2:49 AM, Jody Garnett <jody.garn...@gmail.com> > wrote: > >> Okay, I respect both options making this a tough decision. I wish we >> could hear back from Christian about the security-cas release, but the same >> spring4 migration needed by both plans. >> >> I would like to go ahead with the release delay (do the spring 4 upgrade >> now), avoids an awkward 50% solution that we would need to support. >> >> >> -- >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> >> > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via di Montramito 3/A > 55054 Massarosa (LU) > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > --- > > > -- > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140 > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christia
Re: [Geoserver-devel] Proposing some more cleanup in the community module section
Hi Justin geoxacml is dead. Cheers Christian On Mon, Feb 1, 2016 at 3:22 PM, Justin Deoliveira <jdeol...@gmail.com> wrote: > istyler was a prototype that never got up and running. Pretty safe it can > be killed. > > On Mon, Feb 1, 2016 at 2:05 AM Andrea Aime <andrea.a...@geo-solutions.it> > wrote: > >> On Mon, Feb 1, 2016 at 9:55 AM, Simone Giannecchini < >> simone.giannecch...@geo-solutions.it> wrote: >> >>> adding to your list: >>> >>> - geoserver-sync ?? >>> >> >> Right, geoserver-sync was in my first version of the mail, and I also >> added jjjtaylor to the cc list because of that, >> but wasn't sure, and I then removed it. >> Still believe it's a good candidate, it has not been touched for over 2 >> years. >> >> >>> - geoxacml ?? >>> >> >> Afaik this one is dead too (as in, not functional at all). Christian, can >> you confirm? >> >> >>> - istyler ?? >>> - FTP ?? >>> >> >> Right, not sure anyone is using these. >> >> I'd be for dropping all of the above if we don't hear complaints. >> >> Cheers >> Andrea >> >> >> -- >> == >> GeoServer Professional Services from the experts! Visit >> http://goo.gl/it488V for more information. >> == >> >> Ing. Andrea Aime >> @geowolf >> Technical Lead >> >> GeoSolutions S.A.S. >> Via Poggio alle Viti 1187 >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> mob: +39 339 8844549 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >> >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >> darcene notizia via e-mail e di procedere alla distruzione del messaggio >> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >> principi dettati dal D.Lgs. 196/2003. >> >> >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be confidential >> or proprietary in nature or covered by the provisions of privacy act >> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >> Code).Any use not in accord with its purpose, any disclosure, reproduction, >> copying, distribution, or either dissemination, either whole or partial, is >> strictly forbidden except previous formal approval of the named >> addressee(s). If you are not the intended recipient, please contact >> immediately the sender by telephone, fax or e-mail and delete the >> information in this message that has been received in error. The sender >> does not give any warranty or accept liability as the content, accuracy or >> completeness of sent messages and accepts no responsibility for changes >> made after they were sent or for other risks which arise as a result of >> e-mail transmission, viruses, etc. >> >> --- >> >> ------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP-136 Resource Notification Dispatcher
0 No time to review Christian On Thu, Jan 14, 2016 at 10:32 AM, Andrea Aime <andrea.a...@geo-solutions.it> wrote: > On Thu, Jan 14, 2016 at 8:30 AM, Ian Turton <ijtur...@gmail.com> wrote: > >> I'm 0 as I don't have time to review this week. >> > > Likewise > > Cheers > Andrea > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > --- > > > -- > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140 > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311=/4140___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] PSC Nomination Kevin Smith
o > > senza esserne il destinatario, Vi preghiamo cortesemente di darcene > notizia > > via e-mail e di procedere alla distruzione del messaggio stesso, > > cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo > > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo > per > > finalità diverse, costituisce comportamento contrario ai principi dettati > > dal D.Lgs. 196/2003. > > > > > > > > The information in this message and/or attachments, is intended solely > for > > the attention and use of the named addressee(s) and may be confidential > or > > proprietary in nature or covered by the provisions of privacy act > > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > > Code).Any use not in accord with its purpose, any disclosure, > reproduction, > > copying, distribution, or either dissemination, either whole or partial, > is > > strictly forbidden except previous formal approval of the named > > addressee(s). If you are not the intended recipient, please contact > > immediately the sender by telephone, fax or e-mail and delete the > > information in this message that has been received in error. The sender > does > > not give any warranty or accept liability as the content, accuracy or > > completeness of sent messages and accepts no responsibility for changes > > made after they were sent or for other risks which arise as a result of > > e-mail transmission, viruses, etc. > > > > > > --- > > > > > -- > > > > ___ > > Geoserver-devel mailing list > > Geoserver-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > > -- > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Upgrading Spring
@Justin, not so far, I hope to get a time gap at the weekend. Christian On Sat, Nov 7, 2015 at 6:14 PM, Justin Deoliveira <jdeol...@gmail.com> wrote: > Circling back on this one. So until the cas issue can be sorted out it > looks like any upgrade to spring security is a no go. I was however able to > update the base spring version to the latest 3.2 version. That at least > gets us onto a version that is currently still being maintained, albeit > probably for not much longer. Here is the pull request. > > https://github.com/geoserver/geoserver/pull/1327 > > @Christian: any luck looking at the cas issue? > > > > On Sun, Oct 25, 2015 at 10:23 AM, Christian Mueller < > christian.muel...@os-solutions.at> wrote: > >> Hi Justin >> >> Currently we use cas-client-core.jar version 3.1.12, the new version of >> spring security needs version 3.3.3. >> >> The API of org.jasig.cas.client.session.SingleSignOutHandler has changed. >> This is the reason for the compile errors. >> >> Not easy to solve, will have a lookt at it. >> >> Cheers >> Christian >> >> >> >> >> >> >> On Sat, Oct 24, 2015 at 6:43 PM, Justin Deoliveira <jdeol...@gmail.com> >> wrote: >> >>> Hey Christian, >>> >>> Yes, I was planning to upgrade spring security as well. Unfortunately >>> that is not proving to be very easy. >>> >>> I tried jumping to 4.x but indeed the deprecated apis we are using are >>> now gone. This impacts two of the most important classes in our security >>> framework, one of them being GeoserverSecurityManager which more or less >>> controls everything. Basically the base classes we are extending no long >>> expose setter methods for various properties, with the only option begin to >>> use constructor injection. Which is a major problem because we rely on >>> those methods to change security configuration after the fact. I am not >>> sure how to solve that… thoughts I have had (none of which are ideal). >>> >>> 1. Update GeoServerSecurityManager and GeoServerFilterChain to be >>> non-singletons so we can re-instantiate them when configuration changes. >>> This would be a pretty far reaching change, especially for the dependencies >>> of GeoServerSecurityManager. >>> >>> 2. Require the user to restart GeoServer after making security >>> configuration changes, or at least some kind of changes, basically when >>> changing a provider or a filter. >>> >>> 3. Copy + modify versions of the base class from spring security into >>> our codebase… and re-instate those method we need. A pretty ugly hack :) >>> >>> Anyways, all things considered that is a little dirtier than I can >>> afford to get my hands :) So I was thinking for now just upgrading to the >>> latest 3.x versions. However that also leads to some issues in the cas >>> module. Knowing nothing about how the cas extensions work I’m not seeing >>> obvious alternatives to the method calls we were using. >>> >>> If you would be willing to take a look that would be awesome in case >>> it’’s obvious what to do. I’ve pushed the current changes up to a branch in >>> my git repo: >>> >>> https://github.com/jdeolive/geoserver/tree/spring-upgrade >>> >>> Everything should compile up to extension/security/cas. >>> >>> Thanks! >>> >>> -Justin >>> >>> >>> >>> On Sat, Oct 24, 2015 at 5:45 AM, Christian Mueller < >>> christian.muel...@os-solutions.at> wrote: >>> >>>> HI Justin >>>> >>>> Do you plan to migrate Spring Security too ? Maybe we are using some >>>> depricated APIs, please let me know. >>>> >>>> Christian >>>> >>>> On Fri, Oct 23, 2015 at 10:07 PM, Justin Deoliveira <jdeol...@gmail.com >>>> > wrote: >>>> >>>>> Great, thanks guys. I’ll report back when I make some progress. >>>>> >>>>> On Fri, Oct 23, 2015 at 1:37 PM, Andrea Aime < >>>>> andrea.a...@geo-solutions.it> wrote: >>>>> >>>>>> On Fri, Oct 23, 2015 at 9:21 PM, Jody Garnett <jody.garn...@gmail.com >>>>>> > wrote: >>>>>> >>>>>>> +1 Now is the time with a fresh master branch. >>>>>>> >>>>>> >>>>>> Agreed, +1 >>>>>> >>>>>&
Re: [Geoserver-devel] Container Authentication
Hi Martin On Tue, Nov 10, 2015 at 3:01 PM, Martin Andersson < martin.anders...@purplescout.se> wrote: > Hi, > > I'm currently looking into various options for username/password-based > container authentication for GeoServer. > GeoServer uses Spring Security for authentication holding the authentication info in a thread local variable. > > The J2EE filter requires fiddling with web.xml and gives me an ugly native > popup from the browser. > The J2EE filter does no authentication, it only tries to get the roles for a user authenticated by the container. The ugly popp is triggered by the container, not from GeoServer > What I would ideally want is for J2EE filter to call > HttpServletReguest.login() and have the container handle the authentication > from the GeoServer form. > This is the other way around, you want GeoServer to trigger a J2EE authentication. > > Is that be something you would be interested in adding to the current J2EE > filter? This would require bumping the servlet-api version to 3.0. > Upgrading to version 3.0 requires a broader discussion. (As an example, 3.0 would break existing GeoServer installations on tomcat 6.x ). You should open a new thread on the mailing list for a further discusion. > I'm willing to provide patches if I get some pointers on where to begin. > > If that's not an option, would it be possible to write an extension for > that? > Both options are possible, but it does not make sense at the moment. You have to start the discussion mentioned about. > > Thanks for a great product! > > Br, > Martin Andersson > Cheers Christian > > > -- > > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] LayergroupInfo changes
eived in error. The sender >>>> does not give any warranty or accept liability as the content, accuracy or >>>> completeness of sent messages and accepts no responsibility for changes >>>> made after they were sent or for other risks which arise as a result of >>>> e-mail transmission, viruses, etc. >>>> >>>> --- >>>> >>> >>> >>> >> >> >> -- >> == >> GeoServer Professional Services from the experts! Visit >> http://goo.gl/it488V for more information. >> == >> >> Ing. Andrea Aime >> @geowolf >> Technical Lead >> >> GeoSolutions S.A.S. >> Via Poggio alle Viti 1187 >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> mob: +39 339 8844549 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >> >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >> darcene notizia via e-mail e di procedere alla distruzione del messaggio >> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >> principi dettati dal D.Lgs. 196/2003. >> >> >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be confidential >> or proprietary in nature or covered by the provisions of privacy act >> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >> Code).Any use not in accord with its purpose, any disclosure, reproduction, >> copying, distribution, or either dissemination, either whole or partial, is >> strictly forbidden except previous formal approval of the named >> addressee(s). If you are not the intended recipient, please contact >> immediately the sender by telephone, fax or e-mail and delete the >> information in this message that has been received in error. The sender >> does not give any warranty or accept liability as the content, accuracy or >> completeness of sent messages and accepts no responsibility for changes >> made after they were sent or for other risks which arise as a result of >> e-mail transmission, viruses, etc. >> >> --- >> > > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > --- > > > -- > > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Yourkit licences
Hi Andrea A license would be nice. Cheers On Mon, Nov 2, 2015 at 10:19 AM, Andrea Aime <andrea.a...@geo-solutions.it> wrote: > Hi, > I asked yourkit to renew our profiler licences to use on GeoServer, they > asked in return: > * A list of developers (with verifiable commits) that might want the > license (lasts a year normally) > * To put their logo on our website (we have space at the bottom) > > So, who wants the licence please let me know, and if you find it > problematic to link > to their site, please discuss here > > Cheers > Andrea > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > --- > > > ------ > > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Upgrading Spring
Hi Justin Currently we use cas-client-core.jar version 3.1.12, the new version of spring security needs version 3.3.3. The API of org.jasig.cas.client.session.SingleSignOutHandler has changed. This is the reason for the compile errors. Not easy to solve, will have a lookt at it. Cheers Christian On Sat, Oct 24, 2015 at 6:43 PM, Justin Deoliveira <jdeol...@gmail.com> wrote: > Hey Christian, > > Yes, I was planning to upgrade spring security as well. Unfortunately that > is not proving to be very easy. > > I tried jumping to 4.x but indeed the deprecated apis we are using are now > gone. This impacts two of the most important classes in our security > framework, one of them being GeoserverSecurityManager which more or less > controls everything. Basically the base classes we are extending no long > expose setter methods for various properties, with the only option begin to > use constructor injection. Which is a major problem because we rely on > those methods to change security configuration after the fact. I am not > sure how to solve that… thoughts I have had (none of which are ideal). > > 1. Update GeoServerSecurityManager and GeoServerFilterChain to be > non-singletons so we can re-instantiate them when configuration changes. > This would be a pretty far reaching change, especially for the dependencies > of GeoServerSecurityManager. > > 2. Require the user to restart GeoServer after making security > configuration changes, or at least some kind of changes, basically when > changing a provider or a filter. > > 3. Copy + modify versions of the base class from spring security into our > codebase… and re-instate those method we need. A pretty ugly hack :) > > Anyways, all things considered that is a little dirtier than I can afford > to get my hands :) So I was thinking for now just upgrading to the latest > 3.x versions. However that also leads to some issues in the cas module. > Knowing nothing about how the cas extensions work I’m not seeing obvious > alternatives to the method calls we were using. > > If you would be willing to take a look that would be awesome in case it’’s > obvious what to do. I’ve pushed the current changes up to a branch in my > git repo: > > https://github.com/jdeolive/geoserver/tree/spring-upgrade > > Everything should compile up to extension/security/cas. > > Thanks! > > -Justin > > > > On Sat, Oct 24, 2015 at 5:45 AM, Christian Mueller < > christian.muel...@os-solutions.at> wrote: > >> HI Justin >> >> Do you plan to migrate Spring Security too ? Maybe we are using some >> depricated APIs, please let me know. >> >> Christian >> >> On Fri, Oct 23, 2015 at 10:07 PM, Justin Deoliveira <jdeol...@gmail.com> >> wrote: >> >>> Great, thanks guys. I’ll report back when I make some progress. >>> >>> On Fri, Oct 23, 2015 at 1:37 PM, Andrea Aime < >>> andrea.a...@geo-solutions.it> wrote: >>> >>>> On Fri, Oct 23, 2015 at 9:21 PM, Jody Garnett <jody.garn...@gmail.com> >>>> wrote: >>>> >>>>> +1 Now is the time with a fresh master branch. >>>>> >>>> >>>> Agreed, +1 >>>> >>>> Cheers >>>> Andrea >>>> >>>> -- >>>> == >>>> GeoServer Professional Services from the experts! Visit >>>> http://goo.gl/it488V for more information. >>>> == >>>> >>>> Ing. Andrea Aime >>>> @geowolf >>>> Technical Lead >>>> >>>> GeoSolutions S.A.S. >>>> Via Poggio alle Viti 1187 >>>> 55054 Massarosa (LU) >>>> Italy >>>> phone: +39 0584 962313 >>>> fax: +39 0584 1660272 >>>> mob: +39 339 8844549 >>>> >>>> http://www.geo-solutions.it >>>> http://twitter.com/geosolutions_it >>>> >>>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >>>> >>>> Le informazioni contenute in questo messaggio di posta elettronica e/o >>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >>>> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >>>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >>>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >>>> darcene notizia via e-mail e di procedere alla distruzione del messaggio >>>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >>>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo,
Re: [Geoserver-devel] Upgrading Spring
HI Justin Do you plan to migrate Spring Security too ? Maybe we are using some depricated APIs, please let me know. Christian On Fri, Oct 23, 2015 at 10:07 PM, Justin Deoliveira <jdeol...@gmail.com> wrote: > Great, thanks guys. I’ll report back when I make some progress. > > On Fri, Oct 23, 2015 at 1:37 PM, Andrea Aime <andrea.a...@geo-solutions.it > > wrote: > >> On Fri, Oct 23, 2015 at 9:21 PM, Jody Garnett <jody.garn...@gmail.com> >> wrote: >> >>> +1 Now is the time with a fresh master branch. >>> >> >> Agreed, +1 >> >> Cheers >> Andrea >> >> -- >> == >> GeoServer Professional Services from the experts! Visit >> http://goo.gl/it488V for more information. >> == >> >> Ing. Andrea Aime >> @geowolf >> Technical Lead >> >> GeoSolutions S.A.S. >> Via Poggio alle Viti 1187 >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> mob: +39 339 8844549 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >> >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >> darcene notizia via e-mail e di procedere alla distruzione del messaggio >> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >> principi dettati dal D.Lgs. 196/2003. >> >> >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be confidential >> or proprietary in nature or covered by the provisions of privacy act >> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >> Code).Any use not in accord with its purpose, any disclosure, reproduction, >> copying, distribution, or either dissemination, either whole or partial, is >> strictly forbidden except previous formal approval of the named >> addressee(s). If you are not the intended recipient, please contact >> immediately the sender by telephone, fax or e-mail and delete the >> information in this message that has been received in error. The sender >> does not give any warranty or accept liability as the content, accuracy or >> completeness of sent messages and accepts no responsibility for changes >> made after they were sent or for other risks which arise as a result of >> e-mail transmission, viruses, etc. >> >> --- >> > > > > -- > > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 129 Developers Guide Refresh
Hi Added my +1 Cheers Christian On Thu, Jul 2, 2015 at 5:43 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Mon, Jun 29, 2015 at 5:56 PM, Simone Giannecchini simone.giannecch...@geo-solutions.it wrote: That said, my +1 is already there. Added my +1 as well. Do we have enough votes? Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] refresh psc list
Hi I marked GSIP 120 as completed. Cheers Christian On Wed, Jun 24, 2015 at 12:03 AM, Jody Garnett jody.garn...@gmail.com wrote: I am rounding up changes for the developers guide and would like to refresh our PSC list. Our developers guide currently considers PSC members inactive if we have not heard from them in two months http://docs.geoserver.org/latest/en/developer/policies/psc.html. Extending that out to six months, we have had the following GSIP proposals: * GSIP 120 https://github.com/geoserver/geoserver/wiki/GSIP-120 - if this is done it should be marked completed now? * GSIP 126 https://github.com/geoserver/geoserver/wiki/GSIP-126---Runtime-ProcessParameterIO-creation - very low feedback, marked it as completed * GSIP 123 https://github.com/geoserver/geoserver/wiki/GSIP-123-WPS-input-and-execution-limits - marked as completed Revised PSC list of ... - *Alessio Fabiani* - *Andrea Aime* - *Ben Caradoc-Davies* - *Christian Mueller* - *Jody Garnett* - *Jukka Rahkonen* - *Phil Scadden* - *Simone Giannecchini* I will also update the text to thank prior PSC members, although assembling a complete list would take a bit longer. - Justin Deoliveira - Gabriel Roldan - Chris Holmes (Chair) -- Jody Garnett -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Backport GEOS-7071, Security Test Setup not compatible with IBM Java
Hi Andrea Thanks for the reply, it is better to ask as to make a mistake :-) Cheers Christian On Tue, Jun 23, 2015 at 11:04 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Tue, Jun 23, 2015 at 10:51 AM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi all Is it ok to backport GEOS-7071 ?. I think a git cherry pick will do the job. I don't see why not, backport requests are necessary only to backport new features, or for large bugfixes that might undermine the stability of GeoServer due to their invasiveness. This one is pretty isolated and only affects test code, no actual need to ask imho, but just in case, +1 ;-) Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] Backport GEOS-7071, Security Test Setup not compatible with IBM Java
Hi all Is it ok to backport GEOS-7071 ?. I think a git cherry pick will do the job. https://osgeo-org.atlassian.net/browse/GEOS-7071 -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Monitor 25 network devices or servers for free with OpManager! OpManager is web-based network management software that monitors network devices and physical virtual servers, alerts via email sms for fault. Monitor 25 devices for free with no restriction. Download now http://ad.doubleclick.net/ddm/clk/292181274;119417398;o___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, call for vote
Hi All @Phil, can you add your +1 to the page. Are 5 positive votes enough or have I to wait for the sixth one ? Christian On Tue, Jun 16, 2015 at 1:45 AM, Jody Garnett jody.garn...@gmail.com wrote: Thanks Christian, added my +1 to the page. -- Jody Garnett On 15 June 2015 at 04:47, Christian Mueller christian.muel...@os-solutions.at wrote: Hi all The GSIP is here https://github.com/geoserver/geoserver/wiki/GSIP-120 The pull request https://github.com/geoserver/geoserver/pull/1098 The jira issue is here https://osgeo-org.atlassian.net/browse/GEOS-6726 Thanks Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Implementation of GSIP 120
Hi Ben Sorry, forgot to call for a vote. There are already to positive reviews from Charles and Andrea. How to continue ? Cheers Christilan On Sun, Jun 14, 2015 at 9:01 PM, Ben Caradoc-Davies b...@transient.nz wrote: Christian, the only comment on the pull request was supportive. Have you called for a vote on GSIP 120? Kind regards, Ben. On 15/06/15 02:19, Christian Mueller wrote: Hi all The pull request is 14 days old, is it ok to merge ? https://github.com/geoserver/geoserver/pull/1098 Cheers Christian -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Ben Caradoc-Davies b...@transient.nz Director Transient Software Limited http://transient.nz/ New Zealand -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] GSIP 120, call for vote
Hi all The GSIP is here https://github.com/geoserver/geoserver/wiki/GSIP-120 The pull request https://github.com/geoserver/geoserver/pull/1098 The jira issue is here https://osgeo-org.atlassian.net/browse/GEOS-6726 Thanks Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] Implementation of GSIP 120
Hi all The pull request is 14 days old, is it ok to merge ? https://github.com/geoserver/geoserver/pull/1098 Cheers Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Windows build server, almost there
previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Windows build server, almost there
Hi Andrea XMLUserGroupStore and XMLRoleStore have a method releaseLock which should do the job. As far as I can remember, org.geoserver.security.file.LockFile.finalize() is a safeguard. Any idea where to call releaseLock to avoid this problem. Cheers Christian On Mon, Apr 27, 2015 at 2:47 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Mon, Apr 27, 2015 at 2:41 PM, Christian Mueller christian.muel...@os-solutions.at wrote: +1 Unfortunately there is no Windows around me for investigations. Hi Christian, the issue is difficult to reproduce but I have a hunch. The lock file is always the same, however I can see that during a test run several LockFile instances are getting created, and eventually garbage collected... when that happens, finalize() is called, which deletes the file, on a Windows server, if the deletion happens while another LockFile instance tries to write the file, we are bound to see the error in question... and this would also explain the intermittence of the error, it's driven by GC cycles. Can the code be modified to avoid this randomness? I'd think LockFile should be treated as a resource like datastore and friends, and closed explicitly once not used anymore. Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Windows build server, almost there
Hi Andrea Yep, please remove/comment the finalize method and lets have a look at the results. Cheers Christian On Mon, Apr 27, 2015 at 7:14 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Mon, Apr 27, 2015 at 3:16 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Mon, Apr 27, 2015 at 3:14 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Andrea XMLUserGroupStore and XMLRoleStore have a method releaseLock which should do the job. As far as I can remember, org.geoserver.security.file.LockFile.finalize() is a safeguard. Any idea where to call releaseLock to avoid this problem. Not yet, I'm not familiar with that portion of the code and how the lifecycle of its objects is managed... I was hoping you would suggest the right place. Wondering, as an alternative... should we just remove the finalize as a quick fix? Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Slow build, security setup an important portion of our build times
Hi Andrea I think the security configuration test data is ok, but the migrate method is called before the the test setup. The security dir is empty and the migration starts. The method org.geoserver.security.impl.GeoServerJ2eeRoleServiceTest.onSetUp(SystemTestData) is called after the migration and in my case the following method is never called: org.geoserver.data.test.SystemTestData.setUpSecurity() Look at the stack trace Thread [main] (Suspended (breakpoint at line 2119 in GeoServerSecurityManager)) GeoServerSecurityManager.migrateFrom21() line: 2119 GeoServerSecurityManager.onApplicationEvent(ApplicationEvent) line: 329 SimpleApplicationEventMulticaster.multicastEvent(ApplicationEvent) line: 97 GeoServerTestApplicationContext(AbstractApplicationContext).publishEvent(ApplicationEvent) line: 327 GeoServerJ2eeRoleServiceTest(GeoServerSystemTestSupport).setUp(SystemTestData) line: 208 GeoServerJ2eeRoleServiceTest(GeoServerSystemTestSupport).setUp(TestData) line: 1 GeoServerJ2eeRoleServiceTest(GeoServerBaseTestSupportT).doSetup() line: 151 NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method] NativeMethodAccessorImpl.invoke(Object, Object[]) line: 57 DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43 Method.invoke(Object, Object...) line: 606 FrameworkMethod$1.runReflectiveCall() line: 47 FrameworkMethod$1(ReflectiveCallable).run() line: 12 FrameworkMethod.invokeExplosively(Object, Object...) line: 44 RunBefores.evaluate() line: 24 RunAfters.evaluate() line: 27 RunRules.evaluate() line: 20 BlockJUnit4ClassRunner(ParentRunnerT).runLeaf(Statement, Description, RunNotifier) line: 271 BlockJUnit4ClassRunner.runChild(FrameworkMethod, RunNotifier) line: 70 BlockJUnit4ClassRunner.runChild(Object, RunNotifier) line: 50 ParentRunner$3.run() line: 238 ParentRunner$1.schedule(Runnable) line: 63 BlockJUnit4ClassRunner(ParentRunnerT).runChildren(RunNotifier) line: 236 ParentRunnerT.access$000(ParentRunner, RunNotifier) line: 53 ParentRunner$2.evaluate() line: 229 RunBefores.evaluate() line: 26 RunAfters.evaluate() line: 27 BlockJUnit4ClassRunner(ParentRunnerT).run(RunNotifier) line: 309 JUnit4TestClassReference(JUnit4TestReference).run(TestExecution) line: 50 TestExecution.run(ITestReference[]) line: 38 RemoteTestRunner.runTests(String[], String, TestExecution) line: 459 RemoteTestRunner.runTests(TestExecution) line: 675 RemoteTestRunner.run() line: 382 RemoteTestRunner.main(String[]) line: 192 Any idea ?. I do not want to experiment with the test setup, its complicated enough. Cheers Christian On Wed, Apr 22, 2015 at 1:59 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Wed, Apr 22, 2015 at 1:25 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Andrea I managed to get a yourkit Open Source license key. The key is valid for one installation and I plan to use this key at my home office. Hope to get some time for investigation during the weekend. Btw, can you tell me the test case(s) according to your screen shots. That's not a single test case, I did attach yourkit to the surefire test JVM while gs-wfs was running. Anyways, for reference the method that's called 3 million times, I did add a static counter into it and have it to a system out every time it was called, running one of the GetFeatureTests I checked it got called over 300 times (all during the test setup). Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole
Re: [Geoserver-devel] Slow build, security setup an important portion of our build times
Hi Andrea I managed to get a yourkit Open Source license key. The key is valid for one installation and I plan to use this key at my home office. Hope to get some time for investigation during the weekend. Btw, can you tell me the test case(s) according to your screen shots. Cheers Chrilstian On Tue, Apr 21, 2015 at 12:41 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Tue, Apr 21, 2015 at 12:10 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Do we have a reference to yourkit on the geoserver home page ?. I think this is a prerequisite for getting an OS license. We used to have one... it got removed by Jody some time ago: https://github.com/geoserver/geoserver.github.io/commit/eeed022df9b5124edaf71f7b1336bcf55616d09a I think that maybe we got the licences though Codehaus that round? Not sure. Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Slow build, security setup an important portion of our build times
Hi Andrea What profiling tool do you use ?. Would make sense if I use it too. Cheers Chrilstian On Mon, Apr 20, 2015 at 3:06 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Andrea Would be a good idea to have a migrated security configuration on master, 2.7.x and 2.6.x. I think we can use the identical configuration on each branch. I have no idea about the HelperBase class, I think it was introduced by Mauro or Justin. Cheers Christian On Sun, Apr 19, 2015 at 4:29 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi, I've been spending some time looking as to why our tests are so slow, so I've profiled a WFS surefire process while it was running our tests. Here is a breakdown from the main method: root) org.apache.maven.surefire.booter.ForkedBooter.main(String[]) 94094 0 ... setup) org.geoserver.test.GeoServerBaseTestSupport.doSetup() 49714 0 test-methods) sun.reflect.NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) 35130 0 The test-methods root contains all the single test methods runs, e.g.: * org.geoserver.wfs.ExternalEntitiesTest.testWfs1_1() 932 0 * org.geoserver.wfs.AliasTest.testAliasFifteen() 856 0 * org.geoserver.wfs.GetFeaturePagingTest.testStartIndexMultipleTypesPOST() 755 0 * org.geoserver.wfs.GetFeaturePagingTest.testStartIndexMultipleTypes() 584 0 and so on So... we are spending 53% of our build time running the various setups... not nice. And here is how the doSetup breaks down: So, we are spending 32% of our overall build time running security subsystem data directory migrations... that really needs to be fixed, I believe, it's pretty much the same time we spend actually running test methods... I guess the best approach would be to make sure that we generate the security subsystem config already at the latest version required. But, there is something else going on here, those migration result in a insane amount of calls to the GeoServerSecuritManager.persister(), which in turns creates a XStream persister from scratch. Have a look, we call that method 300.000 times during the WFS test build alone: I believe there is something fishy going on there, like, I see the HelperBase.loadConfig class called over and over loading the same files, I'm afraid there might be some sort of event escalation (like, changing one of the security config files, which results in the whole security being reloaded, then change another, and so on). The code seems in need of a refactor, where a single persister is reused for all the migration operations. Christian, do you have some time to look into this issue? By comparisong, loading the catalog from the many little config files takes only 3 seconds overall, that is, 1/10th of the time we spend doing these migrations. Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc
Re: [Geoserver-devel] Slow build, security setup an important portion of our build times
Do we have a reference to yourkit on the geoserver home page ?. I think this is a prerequisite for getting an OS license. Cheers Christian On Tue, Apr 21, 2015 at 9:42 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Tue, Apr 21, 2015 at 9:37 AM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Andrea What profiling tool do you use ?. Would make sense if I use it too. I have a yourkit open source license, that's what I used here. Not sure who asked last for the yourkit licenses though. I've also played a bit with java mission control, not too bad: http://hirt.se/blog/?p=364 Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Slow build, security setup an important portion of our build times
Hi Andrea Would be a good idea to have a migrated security configuration on master, 2.7.x and 2.6.x. I think we can use the identical configuration on each branch. I have no idea about the HelperBase class, I think it was introduced by Mauro or Justin. Cheers Christian On Sun, Apr 19, 2015 at 4:29 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi, I've been spending some time looking as to why our tests are so slow, so I've profiled a WFS surefire process while it was running our tests. Here is a breakdown from the main method: root) org.apache.maven.surefire.booter.ForkedBooter.main(String[]) 94094 0 ... setup) org.geoserver.test.GeoServerBaseTestSupport.doSetup() 49714 0 test-methods) sun.reflect.NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) 35130 0 The test-methods root contains all the single test methods runs, e.g.: * org.geoserver.wfs.ExternalEntitiesTest.testWfs1_1() 932 0 * org.geoserver.wfs.AliasTest.testAliasFifteen() 856 0 * org.geoserver.wfs.GetFeaturePagingTest.testStartIndexMultipleTypesPOST() 755 0 * org.geoserver.wfs.GetFeaturePagingTest.testStartIndexMultipleTypes() 584 0 and so on So... we are spending 53% of our build time running the various setups... not nice. And here is how the doSetup breaks down: So, we are spending 32% of our overall build time running security subsystem data directory migrations... that really needs to be fixed, I believe, it's pretty much the same time we spend actually running test methods... I guess the best approach would be to make sure that we generate the security subsystem config already at the latest version required. But, there is something else going on here, those migration result in a insane amount of calls to the GeoServerSecuritManager.persister(), which in turns creates a XStream persister from scratch. Have a look, we call that method 300.000 times during the WFS test build alone: I believe there is something fishy going on there, like, I see the HelperBase.loadConfig class called over and over loading the same files, I'm afraid there might be some sort of event escalation (like, changing one of the security config files, which results in the whole security being reloaded, then change another, and so on). The code seems in need of a refactor, where a single persister is reused for all the migration operations. Christian, do you have some time to look into this issue? By comparisong, loading the catalog from the many little config files takes only 3 seconds overall, that is, 1/10th of the time we spend doing these migrations. Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- BPM Camp - Free Virtual Workshop
Re: [Geoserver-devel] GSIP 120, REST API for access control
No, the proposal is still active. Niels asked about user to role assignment, the proposal is about resource to role assignment. Role to user assignment would require a new GSIP. Cheers Christian On Mon, Apr 13, 2015 at 7:19 PM, Jody Garnett jody.garn...@gmail.com wrote: Should we archive that proposal then? https://github.com/geoserver/geoserver/wiki/GSIP-120 -- Jody Garnett On 13 April 2015 at 03:05, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Niels Not in the near future. Cheers On Sun, Apr 12, 2015 at 10:08 PM, Niels Charlier ni...@scitus.be wrote: Is a user/role rest API also planned? Regards Niels On 17-10-14 17:04, Christian Mueller wrote: https://github.com/geoserver/geoserver/wiki/GSIP-120-REST-API-for-access-control Please comment and vote. Cheers -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device.http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing listGeoserver-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hi Niels Not in the near future. Cheers On Sun, Apr 12, 2015 at 10:08 PM, Niels Charlier ni...@scitus.be wrote: Is a user/role rest API also planned? Regards Niels On 17-10-14 17:04, Christian Mueller wrote: https://github.com/geoserver/geoserver/wiki/GSIP-120-REST-API-for-access-control Please comment and vote. Cheers -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device.http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing listGeoserver-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Ticket default assignee in the new jira
+1 Makes sense Cheers Christian On Wed, Apr 8, 2015 at 9:39 AM, Rahkonen Jukka (MML) jukka.rahko...@maanmittauslaitos.fi wrote: Hi, +1 Assign to nobody reflects the reality. -Jukka- Andrea Aime wrote: Hi, the new Jira server defaults to have the newly created tickets assigned to no-one. I was planning to leave it that way, and when someone decides to pick on the ticket, they could assign it to themselves to show work is ongoing (or is going to start soon), in the interest of avoiding duplicate work. What do you think? Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15utm_medium=emailutm_campaign=VA_SF___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, REST API for the catalog mode
Hi Jody I assume you mean the REST URIs, the endpoints are /rest/security/acl/layers /rest/security/acl/services /rest/security/acl/rest /rest/security/acl/catalog Cheers Christian On Sun, Jan 18, 2015 at 4:58 PM, Jody Garnett jody.garn...@gmail.com wrote: If the API endpoint was changed I would be happy to take the feature in for the beta (and we can add support for the style endpoint after). Can you tell me what the correct endpoint should be? -- Jody Garnett On 18 January 2015 at 06:32, Christian Mueller christian.muel...@os-solutions.at wrote: Sorry, no chance to finish until Monday. Maybe we can vote for a backport later. Christian On Sat, Jan 17, 2015 at 9:35 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Sat, Jan 17, 2015 at 4:56 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Jody Yes I am still working on GSIP 120, but my customer gives me the priorities for my tasks and I was interrupted. Additionally, its more complicated as I thought, the DAOs handling the access rule property files have a different behavior. Until now, I did more than 50% of the work, what is the time frame to get this feature into 2.7. Tomorrow. Monday Jody will cut 2.7-beta and the feature freeze will start Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, REST API for the catalog mode
Sorry, no chance to finish until Monday. Maybe we can vote for a backport later. Christian On Sat, Jan 17, 2015 at 9:35 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Sat, Jan 17, 2015 at 4:56 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Jody Yes I am still working on GSIP 120, but my customer gives me the priorities for my tasks and I was interrupted. Additionally, its more complicated as I thought, the DAOs handling the access rule property files have a different behavior. Until now, I did more than 50% of the work, what is the time frame to get this feature into 2.7. Tomorrow. Monday Jody will cut 2.7-beta and the feature freeze will start Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, REST API for the catalog mode
Hi Jody Yes I am still working on GSIP 120, but my customer gives me the priorities for my tasks and I was interrupted. Additionally, its more complicated as I thought, the DAOs handling the access rule property files have a different behavior. Until now, I did more than 50% of the work, what is the time frame to get this feature into 2.7. Cheers Christian On Fri, Jan 16, 2015 at 2:43 AM, Jody Garnett jody.garn...@gmail.com wrote: Are you still working on GSIP 120 Christian? It was one of the features I was excited about for 2.7 :) -- Jody Garnett On 14 November 2014 at 03:07, Christian Mueller christian.muel...@os-solutions.at wrote: HI all At the moment the catalog mode is stored in layer.properties , the format is mode=HIDDEN I think storing the catalog mode in the property files for data access control rules is a little bit ugly, but it is as it is. Concerning the REST API, I would prefer to have an own URI like /rest/security/acl/catalog with a GET and a PUT method. The XML format could be catalog modeHIDDEN/mode /catalog If this is ok I would extend the GSIP. Opinions ? -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] What's up with CAS?
Hi I am the maintainer. No idea about the download link. Indeed there is no documentation. I hope to get some time after finishing GSIP 120. Cheers Christian On Mon, Dec 1, 2014 at 2:12 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi, a colleague of mine today was asking about CAS, and I told him that it was a supported extensions... he searched and found nothing. Indeed: * The link from the download pages is not working: http://geoserver.org/release/stable/ * Apparently there is no documentation Wondering, who's the maintainer of it? Christian or Justin maybe? The pom.xml does not say Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] An interesting proposal in GeoNetwork land
Hi Andrea This is interesting. I am building on 4.0 Ghz cpu (8 cores but only one is used) , having 32 MB Ram and an SSD. The command time mvn clean install -PallExtensions -fn results in real 37m38.270s user 58m15.900s sys 1m44.293s Ho do you manage a build in 18 minutes ? The Geonetwork approach sounds interesting, doing all the setup in a memory file system. Cheers On Sun, Nov 16, 2014 at 10:17 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi, just stumbled upon this one: https://github.com/geonetwork/core-geonetwork/wiki/Java-7-NIO-File Even if the GeoServer build is not nearly as slow as the one described in GeoNetwork (a full build with extensions takes 18 minutes for me on a dated desktop PC), I'm wondering if we could benefit from a similar approach Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] GSIP 120, REST API for the catalog mode
HI all At the moment the catalog mode is stored in layer.properties , the format is mode=HIDDEN I think storing the catalog mode in the property files for data access control rules is a little bit ugly, but it is as it is. Concerning the REST API, I would prefer to have an own URI like /rest/security/acl/catalog with a GET and a PUT method. The XML format could be catalog modeHIDDEN/mode /catalog If this is ok I would extend the GSIP. Opinions ? -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] PSC: GSIP 120, WPS process security
and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Extracting authentication credentials from headers
Hi Mauro I did a quick review, looks good. Cheers Christian On Fri, Nov 7, 2014 at 4:40 PM, Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it wrote: Hi, I have prepared a pull request for this. I chose to create a new filter in the main module, independent from the existing Request Headers filter. Please, review if you wish. Mauro 2014-10-09 15:24 GMT+02:00 Christian Mueller christian.muel...@os-solutions.at: Hi Mauro In any case we should avoid code duplication and utility classes. I am fine with a distinct implementation too. CredentialsFromHTTPHeader sounds fine :-) Go on, I assume you will make a pull request for discussion. Cheers Christian On Thu, Oct 9, 2014 at 2:57 PM, Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it wrote: Hi Christian, 2014-10-09 13:18 GMT+02:00 Christian Mueller christian.muel...@os-solutions.at: Hi Mauro If I got it right, you want a filter to act as an end point for a pass through authentication. If this is the case, please create a new filter class or class hierarchy, your filter should be named GeoServerPassThroughAuthEndPointFilter or similar. Uhm... I am not sure we need another hierarchy. I agree that this filter is not preauthenticated, so probably it deserves a distinct implementation. Basically what it does is very similar to what BasicAuthentication or other filters do: fetch credentials in some way and then let the authentication manager do the authentication (this is what I meant when I said uses the authentication providers chain to do the authentication ). My only concern is that some functionality could be useful also in the existing RequestHeader filter (for example the possibility to extract the username using a regular expression). Maybe we can put some common functionality in utility classes and use it from both filters, or just duplicate the code and don't bother too much :). I am against a new community module, I would vote for adding this filter in the core code. Agree, then we need a name to distinguish this filter from the existing HTTP Header, something like Credentials from HTTP Headers. Ideas are welcome. Cheers, Mauro -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica
Re: [Geoserver-devel] GEOS-6711
Not from here. I am wondering about 2.4.x, is there still an active development ? Cheers Christian On Wed, Nov 5, 2014 at 9:31 AM, Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it wrote: Hi. Any objections to backporting authkey module improvements to 2.6.x, 2.5.x and 2.4.x? Mauro -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hi all I changed the XML format to be independent of the Java XML properties format. Further I did some minor changes in the HTTP return codes. All changes can be reviewed in the GSIP. The DELETE request is still under investigation. Cheers Christian On Mon, Oct 20, 2014 at 4:13 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Alessio I hope you can modify the GSIP. If you can, please bring in your ideas. Cheers Christian On Mon, Oct 20, 2014 at 4:18 PM, Alessio Fabiani alessio.fabi...@geo-solutions.it wrote: About the GET operation, would be feasible to add also the pagination through some query parameters? == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Alessio Fabiani @alfa7691 Founder/Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 331 6233686 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. On Mon, Oct 20, 2014 at 4:04 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Uppps Things become complicated. For HTTP DELETE, I will investigate in the URL encoded version of the access rule key. Cheers Christian On Mon, Oct 20, 2014 at 3:14 PM, Chris Snider chris.sni...@issinc.com wrote: Could the identifier be something generated by the user? Such as /security/acl/All%20User%20Read/*.*.r Using a generated identifier is good when something isn’t already identified, but it would be nice to have the ability to set my own identifier that has user meaning. Chris Snider Senior Software Engineer *Intelligent Software Solutions, Inc.* [image: Description: Description: Description: cid:image001.png@01CA1F1F.CBC93990] *From:* Justin Deoliveira [mailto:jdeol...@boundlessgeo.com] *Sent:* Monday, October 20, 2014 6:35 AM *To:* Andrea Aime *Cc:* geoserver-devel *Subject:* Re: [Geoserver-devel] GSIP 120, REST API for access control If the identifier is going to show up and be used in urls I like the idea of using the md5sum or some other generated identifier. They are long but easier to use than strings that require url encoding. But it feels like a bad idea to generate ID's for rules at the level of the rest api. Seems what is really needed is that the rules themselves store an identifier. But that will be a problem without any way to persist them. So yeah, guess the url-encoded key from the properties seems like the best bet. On Mon, Oct 20, 2014 at 4:25 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Mon, Oct 20, 2014 at 12:10 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Phil The rest.properties file has a key /** Not sure if /security/acl/layers//** will work. It may if you url-escape it: %/security/acl/layers/2F** Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584
Re: [Geoserver-devel] User based flow control and authentication
Hi all I think it would be the best to add a method to the GeoServerSecurityManager to check if there is an anonymous authentication. We already have such a method for checking administrative privileges public boolean checkAuthenticationForAdminRole() I think something like public boolen isAuthenticatedAnonymous() would be fine. Cheers Christian On Wed, Oct 22, 2014 at 5:37 PM, Ian Schneider ischnei...@boundlessgeo.com wrote: FWIW, I _think_ the reason the AnonymousGeoNodeAuthenticationToken is extending UsernamePasswordAuthenticationToken is to hold the cookie value that ties the anonymous user to a Django session. It seems like this could be done differently for sure, especially to play well with the proposed functionality or other security aspects that would (logically) expect an instanceof AnonymousAuthenticationToken check to work. Thanks for pointing this out :) On Wed, Oct 22, 2014 at 6:52 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi Christian, your comment makes me think GeoNode should rethink the way they handle user authentication. Regardless, what about my question? How to best check if the user is the anonymous one? Cheers Andrea On Wed, Oct 22, 2014 at 2:45 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Strange Looking at https://github.com/GeoNode/geoserver-geonode-ext/blob/master/src/main/java/org/geonode/security/AnonymousGeoNodeAuthenticationToken.java I am asking me two questions 1) Credentials for an anonymous user ? 2) An individual user name for an anonymous user ? We solve the problem with GeoServerUser.createAnonymous() At a minimum I think they should use org.springframework.security.authentication.AnonymousAuthenticationToken and we can check with SecurityContextHolder.getContext().getAuthentication() Just my 2 cents On Wed, Oct 22, 2014 at 2:14 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Wed, Oct 22, 2014 at 1:12 PM, Christian Mueller christian.muel...@os-solutions.at wrote: However sometimes we do have the actual user logging in, in that case I believe we should use that to drive the limits instead of a cookie. However... how does one know if the user is the anonymous one? Just checking if the authentication is a AnonymousAuthenticationToken seems a bit weak, I've for example noticed that GeoNode has its own AnonymousGeoNodeAuthenticationToken which is, for some strange reason, a subclass of UsernamePasswordAuthenticationToken Not sure how to understand. Does GeoNeode extend the Geoserver code ?. I do not know Geonode but how is the class AnonymousGeoNodeAuthenticationToken injected into GeoServer ? Here: https://github.com/GeoNode/geoserver-geonode-ext It seems to be they are implementing the standard authentication java interfaces to have GeoServer use GeoNode as the user and authentication source: https://github.com/GeoNode/geoserver-geonode-ext/tree/master/src/main/java/org/geonode/security Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts
[Geoserver-devel] Test setup has no layers.properties file
During work on GSIP 120 I detected that the file src/main/src/test/java/org/geoserver/data/test/security.zip does not contain the default layers.properties file. Should I simply add it as part of GSIP 120 or is it better to create a JIRA issue, commit to master and backport to 2.6 Cheers Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] User based flow control and authentication
Hi Andrea On Wed, Oct 22, 2014 at 12:51 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi, currently the user based flow control works by setting cookies to identify the caller, which I believe works pretty much only against browsers accepting cookies. Yes without comment :-) However sometimes we do have the actual user logging in, in that case I believe we should use that to drive the limits instead of a cookie. However... how does one know if the user is the anonymous one? Just checking if the authentication is a AnonymousAuthenticationToken seems a bit weak, I've for example noticed that GeoNode has its own AnonymousGeoNodeAuthenticationToken which is, for some strange reason, a subclass of UsernamePasswordAuthenticationToken Not sure how to understand. Does GeoNeode extend the Geoserver code ?. I do not know Geonode but how is the class AnonymousGeoNodeAuthenticationToken injected into GeoServer ? Cheers Andrea Cheers Christian -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] User based flow control and authentication
Strange Looking at https://github.com/GeoNode/geoserver-geonode-ext/blob/master/src/main/java/org/geonode/security/AnonymousGeoNodeAuthenticationToken.java I am asking me two questions 1) Credentials for an anonymous user ? 2) An individual user name for an anonymous user ? We solve the problem with GeoServerUser.createAnonymous() At a minimum I think they should use org.springframework.security.authentication.AnonymousAuthenticationToken and we can check with SecurityContextHolder.getContext().getAuthentication() Just my 2 cents On Wed, Oct 22, 2014 at 2:14 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Wed, Oct 22, 2014 at 1:12 PM, Christian Mueller christian.muel...@os-solutions.at wrote: However sometimes we do have the actual user logging in, in that case I believe we should use that to drive the limits instead of a cookie. However... how does one know if the user is the anonymous one? Just checking if the authentication is a AnonymousAuthenticationToken seems a bit weak, I've for example noticed that GeoNode has its own AnonymousGeoNodeAuthenticationToken which is, for some strange reason, a subclass of UsernamePasswordAuthenticationToken Not sure how to understand. Does GeoNeode extend the Geoserver code ?. I do not know Geonode but how is the class AnonymousGeoNodeAuthenticationToken injected into GeoServer ? Here: https://github.com/GeoNode/geoserver-geonode-ext It seems to be they are implementing the standard authentication java interfaces to have GeoServer use GeoNode as the user and authentication source: https://github.com/GeoNode/geoserver-geonode-ext/tree/master/src/main/java/org/geonode/security Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] User based flow control and authentication
Hi Andrea I cannot investigate at the moment but I would try with SecurityContextHolder.getContext().getAuthentication instanceof or.springframework.security.authentication.AnonymousAuthenticationToken. If you have problems let me know, I can spend some time tomorrow. Cheers Christian On Wed, Oct 22, 2014 at 2:52 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi Christian, your comment makes me think GeoNode should rethink the way they handle user authentication. Regardless, what about my question? How to best check if the user is the anonymous one? Cheers Andrea On Wed, Oct 22, 2014 at 2:45 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Strange Looking at https://github.com/GeoNode/geoserver-geonode-ext/blob/master/src/main/java/org/geonode/security/AnonymousGeoNodeAuthenticationToken.java I am asking me two questions 1) Credentials for an anonymous user ? 2) An individual user name for an anonymous user ? We solve the problem with GeoServerUser.createAnonymous() At a minimum I think they should use org.springframework.security.authentication.AnonymousAuthenticationToken and we can check with SecurityContextHolder.getContext().getAuthentication() Just my 2 cents On Wed, Oct 22, 2014 at 2:14 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Wed, Oct 22, 2014 at 1:12 PM, Christian Mueller christian.muel...@os-solutions.at wrote: However sometimes we do have the actual user logging in, in that case I believe we should use that to drive the limits instead of a cookie. However... how does one know if the user is the anonymous one? Just checking if the authentication is a AnonymousAuthenticationToken seems a bit weak, I've for example noticed that GeoNode has its own AnonymousGeoNodeAuthenticationToken which is, for some strange reason, a subclass of UsernamePasswordAuthenticationToken Not sure how to understand. Does GeoNeode extend the Geoserver code ?. I do not know Geonode but how is the class AnonymousGeoNodeAuthenticationToken injected into GeoServer ? Here: https://github.com/GeoNode/geoserver-geonode-ext It seems to be they are implementing the standard authentication java interfaces to have GeoServer use GeoNode as the user and authentication source: https://github.com/GeoNode/geoserver-geonode-ext/tree/master/src/main/java/org/geonode/security Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hi Phil The rest.properties file has a key /** Not sure if /security/acl/layers//** will work. On Sun, Oct 19, 2014 at 10:17 PM, Phil Scadden p.scad...@gns.cri.nz wrote: /security/acl/layers/7AC93B1A17731D9EA925EB13C0CF3BCC This is the md5 sum for *.*.r That is pretty ugly. Why not just an escaped version of the key? Notice: This email and any attachments are confidential. If received in error please destroy and immediately notify us. Do not copy or disclose the contents. -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hi Alessio I hope you can modify the GSIP. If you can, please bring in your ideas. Cheers Christian On Mon, Oct 20, 2014 at 4:18 PM, Alessio Fabiani alessio.fabi...@geo-solutions.it wrote: About the GET operation, would be feasible to add also the pagination through some query parameters? == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Alessio Fabiani @alfa7691 Founder/Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 331 6233686 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. On Mon, Oct 20, 2014 at 4:04 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Uppps Things become complicated. For HTTP DELETE, I will investigate in the URL encoded version of the access rule key. Cheers Christian On Mon, Oct 20, 2014 at 3:14 PM, Chris Snider chris.sni...@issinc.com wrote: Could the identifier be something generated by the user? Such as /security/acl/All%20User%20Read/*.*.r Using a generated identifier is good when something isn’t already identified, but it would be nice to have the ability to set my own identifier that has user meaning. Chris Snider Senior Software Engineer *Intelligent Software Solutions, Inc.* [image: Description: Description: Description: cid:image001.png@01CA1F1F.CBC93990] *From:* Justin Deoliveira [mailto:jdeol...@boundlessgeo.com] *Sent:* Monday, October 20, 2014 6:35 AM *To:* Andrea Aime *Cc:* geoserver-devel *Subject:* Re: [Geoserver-devel] GSIP 120, REST API for access control If the identifier is going to show up and be used in urls I like the idea of using the md5sum or some other generated identifier. They are long but easier to use than strings that require url encoding. But it feels like a bad idea to generate ID's for rules at the level of the rest api. Seems what is really needed is that the rules themselves store an identifier. But that will be a problem without any way to persist them. So yeah, guess the url-encoded key from the properties seems like the best bet. On Mon, Oct 20, 2014 at 4:25 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Mon, Oct 20, 2014 at 12:10 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Phil The rest.properties file has a key /** Not sure if /security/acl/layers//** will work. It may if you url-escape it: %/security/acl/layers/2F** Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito
Re: [Geoserver-devel] GSIP 120, REST API for access control
Uppps Things become complicated. For HTTP DELETE, I will investigate in the URL encoded version of the access rule key. Cheers Christian On Mon, Oct 20, 2014 at 3:14 PM, Chris Snider chris.sni...@issinc.com wrote: Could the identifier be something generated by the user? Such as /security/acl/All%20User%20Read/*.*.r Using a generated identifier is good when something isn’t already identified, but it would be nice to have the ability to set my own identifier that has user meaning. Chris Snider Senior Software Engineer *Intelligent Software Solutions, Inc.* [image: Description: Description: Description: cid:image001.png@01CA1F1F.CBC93990] *From:* Justin Deoliveira [mailto:jdeol...@boundlessgeo.com] *Sent:* Monday, October 20, 2014 6:35 AM *To:* Andrea Aime *Cc:* geoserver-devel *Subject:* Re: [Geoserver-devel] GSIP 120, REST API for access control If the identifier is going to show up and be used in urls I like the idea of using the md5sum or some other generated identifier. They are long but easier to use than strings that require url encoding. But it feels like a bad idea to generate ID's for rules at the level of the rest api. Seems what is really needed is that the rules themselves store an identifier. But that will be a problem without any way to persist them. So yeah, guess the url-encoded key from the properties seems like the best bet. On Mon, Oct 20, 2014 at 4:25 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Mon, Oct 20, 2014 at 12:10 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Phil The rest.properties file has a key /** Not sure if /security/acl/layers//** will work. It may if you url-escape it: %/security/acl/layers/2F** Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Justin Deoliveira VP Engineering | Boundless http://boundlessgeo.com/ jdeol...@boundlessgeo.com @boundlessgeo http://twitter.com/boundlessgeo/ -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hi Justin I modified the GSIP. 1) The API path is /security/acl 2) I added the sentence The request body contains the modified rules to the description of the PUT method. Cheers Christian On Fri, Oct 17, 2014 at 11:24 PM, Justin Deoliveira jdeol...@boundlessgeo.com wrote: Thanks Chrisitan. A couple of points. In the interest of keeping urls relatively short, can we shorten the api path to /security/acl or /security/access? Other may not like that... up for debate. Second is regarding update via PUT. Will the user be able to update individual rules? Or will they have to PUT all access rules (including the changed ones)? On Fri, Oct 17, 2014 at 1:10 PM, Jody Garnett jody.garn...@gmail.com wrote: +1 and thanks for the clear proposal. Tip: remember to leave time/budget for docs :) Jody Garnett On Fri, Oct 17, 2014 at 8:04 AM, Christian Mueller christian.muel...@os-solutions.at wrote: https://github.com/geoserver/geoserver/wiki/GSIP-120-REST-API-for-access-control Please comment and vote. Cheers -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Justin Deoliveira VP Engineering | Boundless http://boundlessgeo.com/ jdeol...@boundlessgeo.com @boundlessgeo http://twitter.com/boundlessgeo/ -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] [jira] (GEOS-6726) Add Rest API for access control
Title: Message Title Christian Mueller created an issue GeoServer / GEOS-6726 Add Rest API for access control Issue Type: Improvement Affects Versions: 2.7-beta Assignee: Christian Mueller Components: Security Created: 18/Oct/14 3:10 AM Priority: Major Reporter: Christian Mueller Look at GSIP 120 https://github.com/geoserver/geoserver/wiki/GSIP-120-REST-API-for-access-control Add Comment
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hi About granularity, the PUT,DELETE and POST method work with a set of rules. This does not mean all rules, the set may contain only one rule. About the XML property file format, I will change this. There is a class MapResource in the rest-config module, I think I will reuse this code. But I found another problem. The original property files have a nice comment describing the syntax. After rewriting the file, the comment is gone. There is no method in the Java Properties class to read a comment. Should I open a thread for this topic ? Cheers Christian On Sat, Oct 18, 2014 at 12:39 PM, Simone Giannecchini simone.giannecch...@geo-solutions.it wrote: Ciao Christian, I was about to ask a question similar to andrea's one. This approach is fine and I don't want to waste your time on this as you h ave funding available, but the concerns expressed by Mauro ( http://osgeo-org.1560.x6.nabble.com/REST-API-for-access-control-td5166448.html) are not (entirely?) addressed: -1- the proposal is tied to properties files format -2- granularity is quite coarse with respect to rules management Regards, Simone Giannecchini == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Simone Giannecchini @simogeo Founder/Director GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 333 8128928 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. On Sat, Oct 18, 2014 at 11:29 AM, Andrea Aime andrea.a...@geo-solutions.it wrote: Hi Christian, in the proposal I don't see the fine grained access to rules that was discussed with Mauro? How do you delete just a single rule? Cheers Andrea On Fri, Oct 17, 2014 at 5:04 PM, Christian Mueller christian.muel...@os-solutions.at wrote: https://github.com/geoserver/geoserver/wiki/GSIP-120-REST-API-for-access-control Please comment and vote. Cheers -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hi Andrea Thanks to the hint about the DELETE method. I think it is not forbidden to add a request body to a delete request, but I seems to be a bad practice. http://www.spenceruresk.com/2011/11/http-delete-requests-that-include-a-body/ Maybe we can encode the rule keys as a comma separated list using an URL parameter. /security/acl/layers?rules=*.*.r,*.*.w On Sat, Oct 18, 2014 at 2:20 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Sat, Oct 18, 2014 at 1:32 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi About granularity, the PUT,DELETE and POST method work with a set of rules. This does not mean all rules, the set may contain only one rule. Could you make an example? Normall in REST when you issue a delete against a resource, the whole resource is deleted. Having a delete that only partially deletes the content of a resource would be odd at least. http://www.restapitutorial.com/lessons/httpmethods.html (see DELETE) About the XML property file format, I will change this. There is a class MapResource in the rest-config module, I think I will reuse this code. But I found another problem. The original property files have a nice comment describing the syntax. After rewriting the file, the comment is gone. There is no method in the Java Properties class to read a comment. Should I open a thread for this topic ? I guess you could represent the rules as having also a comment, but as you said, you'll have to roll your own reader/writer for the file contents, one that assumes a comment before a rule is associated to that rule. Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] GSIP 120, REST API for access control
Hmm A simple numbering system is dangerous. Between the GET and the DELETE rules may have been added. Deleting the wrong rule may be a consequence. Using a MD5 check sum would be a solution, like /security/acl/layers/7AC93B1A17731D9EA925EB13C0CF3BCC This is the md5 sum for *.*.r I hope to get some additional input from Justin. Cheers Christian On Sat, Oct 18, 2014 at 4:00 PM, Andrea Aime andrea.a...@geo-solutions.it wrote: On Sat, Oct 18, 2014 at 2:44 PM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Andrea Thanks to the hint about the DELETE method. I think it is not forbidden to add a request body to a delete request, but I seems to be a bad practice. http://www.spenceruresk.com/2011/11/http-delete-requests-that-include-a-body/ Maybe we can encode the rule keys as a comma separated list using an URL parameter. /security/acl/layers?rules=*.*.r,*.*.w Hum could be, but I think I'd associate some sort of identifier to the rules, and use that instead, and would still expose resources like /security/acl/layers/1, /security/acl/layers/2 that you can issue a DELETE against, yes it's chatty, but it's also the idiomatic way in REST services Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. --- -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] GSIP 120, REST API for access control
https://github.com/geoserver/geoserver/wiki/GSIP-120-REST-API-for-access-control Please comment and vote. Cheers -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] REST API for access control
Yes, it will be added to restconfig. I want to it the same way as I did for http://docs.geoserver.org/stable/en/user/rest/api/masterpassword.html 1) Open a JIRA issue 2) Preparing a pull request containing core code, test code and the documentation (API,examples) 3) Waiting for comments (2 weeks) 4) Merge the pull request Cheers Christian On Wed, Oct 8, 2014 at 4:25 PM, Justin Deoliveira jdeol...@boundlessgeo.com wrote: Are you going to be adding this to restconfig? If so definitely a jira and probably a proposal. On Wed, Oct 8, 2014 at 8:16 AM, Christian Mueller christian.muel...@os-solutions.at wrote: Thanks for the input, will use POST for adding and PUT for editing. Should I open a JIRA issue ? Cheers Christian On Wed, Oct 8, 2014 at 3:24 PM, Justin Deoliveira jdeol...@boundlessgeo.com wrote: On Wed, Oct 8, 2014 at 5:23 AM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Mauro Sounds reasonable. To summarize: The GET method fetches all rules. The DELETE method deletes one or more specific rules, if only one specified rule does not exist, the request is ignored and an error is returned. The PUT method adds/updates one more specific rules. I following RESTful practices use POST for adding a new rule and PUT just for editing an existing one. Does this cover your idea ? Cheers Christian On Wed, Oct 8, 2014 at 12:46 PM, Mauro Bartolomeoli maurobartolome...@gmail.com wrote: Hi Christian, in my opinion a more granular access to the single rules would be more usable. I think the REST API should allow CRUD access to the rules, and apart from the fetch (Read), where it is useful to get all the rules at once (some support for pagination would be helpful, but not mandatory), the Create, Update and Delete operations would be better implemented (from a client-side point of view) rule by rule. In general, now the rules are stored on property files, but having them on a different storage (like we already support for the Catalog) in the future would be nice (for clustering support and so on), and a bit more abstract REST API would be ready for that. Just my 2 cents. Mauro 2014-10-08 12:02 GMT+02:00 Christian Mueller christian.muel...@os-solutions.at: Hi all Maybe I have mandate to add the REST API for access control. The rules are stored in rest.properties layers.properties services.properties All these files are simple java property files. Supported formats for the REST API: XML using the Java XML property file syntax JSON (will have to investigate) The idea is to use HTTP GET to fetch the content of a file and HTTP PUT to rewrite the whole file. The comments in the files will be untouched. If this is ok I will open a JIRA issue. Opinions ? Cheers Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Justin Deoliveira VP Engineering | Boundless http://boundlessgeo.com/ jdeol...@boundlessgeo.com @boundlessgeo http://twitter.com/boundlessgeo/ -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Justin Deoliveira VP Engineering | Boundless http://boundlessgeo.com/ jdeol...@boundlessgeo.com @boundlessgeo http://twitter.com/boundlessgeo/ -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0
Re: [Geoserver-devel] Extracting authentication credentials from headers
/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Extracting authentication credentials from headers
Hi Mauro In any case we should avoid code duplication and utility classes. I am fine with a distinct implementation too. CredentialsFromHTTPHeader sounds fine :-) Go on, I assume you will make a pull request for discussion. Cheers Christian On Thu, Oct 9, 2014 at 2:57 PM, Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it wrote: Hi Christian, 2014-10-09 13:18 GMT+02:00 Christian Mueller christian.muel...@os-solutions.at: Hi Mauro If I got it right, you want a filter to act as an end point for a pass through authentication. If this is the case, please create a new filter class or class hierarchy, your filter should be named GeoServerPassThroughAuthEndPointFilter or similar. Uhm... I am not sure we need another hierarchy. I agree that this filter is not preauthenticated, so probably it deserves a distinct implementation. Basically what it does is very similar to what BasicAuthentication or other filters do: fetch credentials in some way and then let the authentication manager do the authentication (this is what I meant when I said uses the authentication providers chain to do the authentication). My only concern is that some functionality could be useful also in the existing RequestHeader filter (for example the possibility to extract the username using a regular expression). Maybe we can put some common functionality in utility classes and use it from both filters, or just duplicate the code and don't bother too much :). I am against a new community module, I would vote for adding this filter in the core code. Agree, then we need a name to distinguish this filter from the existing HTTP Header, something like Credentials from HTTP Headers. Ideas are welcome. Cheers, Mauro -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] REST API for access control
HI Justin Will write a proposal. Cheers Christian On Thu, Oct 9, 2014 at 3:06 PM, Justin Deoliveira jdeol...@boundlessgeo.com wrote: Since this is a core change do you mind writing a proposal first so we can talk through the api structure before you start coding? On Thu, Oct 9, 2014 at 1:03 AM, Christian Mueller christian.muel...@os-solutions.at wrote: Yes, it will be added to restconfig. I want to it the same way as I did for http://docs.geoserver.org/stable/en/user/rest/api/masterpassword.html 1) Open a JIRA issue 2) Preparing a pull request containing core code, test code and the documentation (API,examples) 3) Waiting for comments (2 weeks) 4) Merge the pull request Cheers Christian On Wed, Oct 8, 2014 at 4:25 PM, Justin Deoliveira jdeol...@boundlessgeo.com wrote: Are you going to be adding this to restconfig? If so definitely a jira and probably a proposal. On Wed, Oct 8, 2014 at 8:16 AM, Christian Mueller christian.muel...@os-solutions.at wrote: Thanks for the input, will use POST for adding and PUT for editing. Should I open a JIRA issue ? Cheers Christian On Wed, Oct 8, 2014 at 3:24 PM, Justin Deoliveira jdeol...@boundlessgeo.com wrote: On Wed, Oct 8, 2014 at 5:23 AM, Christian Mueller christian.muel...@os-solutions.at wrote: Hi Mauro Sounds reasonable. To summarize: The GET method fetches all rules. The DELETE method deletes one or more specific rules, if only one specified rule does not exist, the request is ignored and an error is returned. The PUT method adds/updates one more specific rules. I following RESTful practices use POST for adding a new rule and PUT just for editing an existing one. Does this cover your idea ? Cheers Christian On Wed, Oct 8, 2014 at 12:46 PM, Mauro Bartolomeoli maurobartolome...@gmail.com wrote: Hi Christian, in my opinion a more granular access to the single rules would be more usable. I think the REST API should allow CRUD access to the rules, and apart from the fetch (Read), where it is useful to get all the rules at once (some support for pagination would be helpful, but not mandatory), the Create, Update and Delete operations would be better implemented (from a client-side point of view) rule by rule. In general, now the rules are stored on property files, but having them on a different storage (like we already support for the Catalog) in the future would be nice (for clustering support and so on), and a bit more abstract REST API would be ready for that. Just my 2 cents. Mauro 2014-10-08 12:02 GMT+02:00 Christian Mueller christian.muel...@os-solutions.at: Hi all Maybe I have mandate to add the REST API for access control. The rules are stored in rest.properties layers.properties services.properties All these files are simple java property files. Supported formats for the REST API: XML using the Java XML property file syntax JSON (will have to investigate) The idea is to use HTTP GET to fetch the content of a file and HTTP PUT to rewrite the whole file. The comments in the files will be untouched. If this is ok I will open a JIRA issue. Opinions ? Cheers Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- Justin Deoliveira VP Engineering | Boundless http://boundlessgeo.com/ jdeol...@boundlessgeo.com @boundlessgeo http://twitter.com/boundlessgeo/ -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Justin Deoliveira VP Engineering | Boundless http://boundlessgeo.com/ jdeol...@boundlessgeo.com
[Geoserver-devel] REST API for access control
Hi all Maybe I have mandate to add the REST API for access control. The rules are stored in rest.properties layers.properties services.properties All these files are simple java property files. Supported formats for the REST API: XML using the Java XML property file syntax JSON (will have to investigate) The idea is to use HTTP GET to fetch the content of a file and HTTP PUT to rewrite the whole file. The comments in the files will be untouched. If this is ok I will open a JIRA issue. Opinions ? Cheers Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] REST API for access control
Hi Mauro Sounds reasonable. To summarize: The GET method fetches all rules. The DELETE method deletes one or more specific rules, if only one specified rule does not exist, the request is ignored and an error is returned. The PUT method adds/updates one more specific rules. Does this cover your idea ? Cheers Christian On Wed, Oct 8, 2014 at 12:46 PM, Mauro Bartolomeoli maurobartolome...@gmail.com wrote: Hi Christian, in my opinion a more granular access to the single rules would be more usable. I think the REST API should allow CRUD access to the rules, and apart from the fetch (Read), where it is useful to get all the rules at once (some support for pagination would be helpful, but not mandatory), the Create, Update and Delete operations would be better implemented (from a client-side point of view) rule by rule. In general, now the rules are stored on property files, but having them on a different storage (like we already support for the Catalog) in the future would be nice (for clustering support and so on), and a bit more abstract REST API would be ready for that. Just my 2 cents. Mauro 2014-10-08 12:02 GMT+02:00 Christian Mueller christian.muel...@os-solutions.at: Hi all Maybe I have mandate to add the REST API for access control. The rules are stored in rest.properties layers.properties services.properties All these files are simple java property files. Supported formats for the REST API: XML using the Java XML property file syntax JSON (will have to investigate) The idea is to use HTTP GET to fetch the content of a file and HTTP PUT to rewrite the whole file. The comments in the files will be untouched. If this is ok I will open a JIRA issue. Opinions ? Cheers Christian -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
