On Thu, Oct 23, 2014 at 12:19 AM, Christian Mueller <
[email protected]> wrote:
> Hi all
>
> I think it would be the best to add a method to the
> GeoServerSecurityManager to check if there is an anonymous authentication.
>
> We already have such a method for checking administrativ
Hi all
I think it would be the best to add a method to the
GeoServerSecurityManager to check if there is an anonymous authentication.
We already have such a method for checking administrative privileges
public boolean checkAuthenticationForAdminRole()
I think something like
public boolen isAut
FWIW, I _think_ the reason the AnonymousGeoNodeAuthenticationToken is
extending UsernamePasswordAuthenticationToken is to hold the cookie value
that ties the anonymous user to a Django session.
It seems like this could be done differently for sure, especially to play
well with the proposed functio
Hi Andrea
I cannot investigate at the moment but I would try with
SecurityContextHolder.getContext().getAuthentication instanceof
or.springframework.security.authentication.AnonymousAuthenticationToken.
If you have problems let me know, I can spend some time tomorrow.
Cheers
Christian
On W
Hi Christian,
your comment makes me think GeoNode should rethink the way they handle
user authentication.
Regardless, what about my question? How to best check if the user is the
anonymous one?
Cheers
Andrea
On Wed, Oct 22, 2014 at 2:45 PM, Christian Mueller <
[email protected]>
Strange
Looking at
https://github.com/GeoNode/geoserver-geonode-ext/blob/master/src/main/java/org/geonode/security/AnonymousGeoNodeAuthenticationToken.java
I am asking me two questions
1) Credentials for an anonymous user ?
2) An individual user name for an anonymous user ?
We solve the problem
On Wed, Oct 22, 2014 at 1:12 PM, Christian Mueller <
[email protected]> wrote:
> However sometimes we do have the actual user logging in, in that case
>> I believe we should use that to drive the limits instead of a cookie.
>>
>> However... how does one know if the user is the anon
Hi Andrea
On Wed, Oct 22, 2014 at 12:51 PM, Andrea Aime
wrote:
> Hi,
> currently the "user" based flow control works by setting cookies to
> identify the caller, which I believe works pretty much only against
> browsers
> accepting cookies.
>
Yes without comment :-)
>
> However sometimes we
Hi,
currently the "user" based flow control works by setting cookies to
identify the caller, which I believe works pretty much only against browsers
accepting cookies.
However sometimes we do have the actual user logging in, in that case
I believe we should use that to drive the limits instead of
