Replying to the geonode public list. Comments in-line On Thu, Jul 8, 2010 at 7:19 AM, Andrea Aime <aa...@opengeo.org> wrote:
> Hi, > wondering about the security integration and the GeoServer GUI, > in particular logging in as an administrator. > > Is the GeoServer GUI supposed to be unreachable for administration > tasks in the GeoNode embedding? > For this release the use of the embedded GeoServer's admin UI is unspecified for GeoNode 1.0 So, access is not restricted. It is also not supported (all admin functions should be done through the web application interface). So, "use at your own risk." > I'm also wondering about RestConfig usage and the administration > role. The protocol designed at > > http://atlas.openplans.org/~dwinslow/geonode-spec/spec/technical/geonode-core/geoserver/permissions.html > only tells which layers a user can access, but does not tell me > if the user is supposed to be an administrator or not. > > This is trouble as normally RestConfig operations are allowed only > to the administrator, so we also need to get one user marked as an > admin, otherwise remote configuration won't be possible. > That may also allow for GUI login, assuming that is desirable > My understanding is that the embedded GeoServer instance is assumed to have an administrative user, the web application is configured with the credentials for that administrative user, and the web application uses those credentials when performing RestConfig operations. -- Sebastian Benthall OpenGeo - http://opengeo.org
