Sounds good Christian.
I would say separate patches would be better. Makes them easier to review
in isolation.
Thanks for working through this. I'll try to make myself as available as I
can do review the patches as they come forth.
-Justin
On Thu, Aug 22, 2013 at 10:39 AM, Christian Mueller
Hi Justin
So we have an agreement. I will do the following steps:
1) Prepare a patch with the root login chain and push it to my github
repository for review. (Including tests and sphinx documentation)
2) Kick out the root login code/tests for each auth filter. This is quite a
mechanical work.
My thought is that it would not show up in the config.xml file, and just be
something completely transparent to the user. And only have things in
config.xml that would be user configurable.
On Wed, Aug 21, 2013 at 10:55 AM, Christian Mueller <
christian.muel...@os-solutions.at> wrote:
> Hi Justi
Hi Justin
I will use a constant filter chain in any case. The question is if this
chain is stored in the security/config.xml
or injected on start. We have a hook for this, as an example look at the
last method in
https://github.com/geoserver/geoserver/blob/master/src/extension/security/cas/src/ma
Hmmm... well my preference would probably be to implement the idea of a
constant filter chain. The security system is already complex enough and
this sort of seems like lumping more stuff on rather than fixing a core
issue. But i understand if implementing the idea of a constant filter chain
is mor
No, the root login chain is hard coded in Java and will use its own digest
authentication filter (created on startup). The idea is to build the whole
chain on the fly at system startup without using configuration information
from the security directory. The chain itself is injected at first positio
So is there anything that will stop the user from misconfiguring the root
login chain?
On Wed, Aug 14, 2013 at 6:01 AM, Christian Mueller <
christian.muel...@os-solutions.at> wrote:
> Hi Justin
>
> Yep, with talked about a constant system filter chain, but it is not
> implemented yet. At the mom
Hi Justin
Yep, with talked about a constant system filter chain, but it is not
implemented yet. At the moment, each authentication filter has the burden
to handle the login for the root user.
Your understanding of the issue is correct.
I would be happy to have a constant URI for the root login a
Hi Christian,
I thought this issue was addressed previously with the idea of a constant
filter chain, one that the user could not take away through
misconfiguration. Is that not he case?
The idea sounds reasonable but i want to make sure i understand the issue.
-Justin
On Thu, Aug 8, 2013 at
The issue is about disabling the login page if no form based login is
possible.
https://jira.codehaus.org/browse/GEOS-5958
All these security configuration issues may be dangerous if a configuration
error happens. At the end of the day, the admin can lock out itself.
IMHO, a dedicated login for
10 matches
Mail list logo
