Hi all,
I have standardized interfaces with the rest of GeoServer.
Andrea has fixed the problem "Replace OperationSecurityInterceptor
dispatcher with a callback and remove the restriction on role naming" (
http://jira.codehaus.org/browse/GEOS-3446).
well
Wonder if we can pass the web-security module in the core
Cheers,
Francesco
2009/9/18 Andrea Aime <[email protected]>
> Christian Müller ha scritto:
>
>> Hmmm, because of my work of implementing and integrating GeoXACML into
>> geoserver, I had to dig into the spring security concept and
>> how geoserver uses it.
>> Your proposal here is about authentication (which has nothing to do with
>> GeoXACML) and is handled in the user properties file.
>> This file is also the base for role assignment. I feel not comfortable by
>> offering a possibility that anybody can get an account. And if we offer this
>> possibility, it will not be easy to revoke it later.
>>
>
> I think you and Chris are seeing GeoServer from two very different
> perspectives, both valid.
>
> You see GS as a tool in a closed organisation where someone manages
> the full access to the server in a centralized way.
>
> Chris sees is as a collaboration tool the same way a wiki or a CMS
> platform is. In both the ability to register and get a set of rights
> is very important, none of these platforms would manage to live long
> if everybody needing access had to go and ask permissions to some
> admin.
>
> I don't agree that offering this possibility will make it hard
> to revoke later thought. We just need to make it a configuration
> so that the administrator can turn it on and off.
>
> As for having groups between users and roles, yeah, I agree it's
> a good idea. When the user management was first created we had
> very minimal needs and even shorter time allowed for a
> container independent implementation.
>
> However, for the future I would like to make things pluggable
> also on the authentication front, which will open possibilities
> to other ways of managing users.
>
> Cheers
> Andrea
>
>
> --
> Andrea Aime
>
> OpenGeo - http://opengeo.org
> Expert service straight from the developers.
>
--
Francesco Izzi
CNR - IMAA
geoSDI - NSDI
Responsabile Sviluppo Software
C.da S. Loja
85050 Tito Scalo - POTENZA (PZ)
Italia
phone: +39 0971427305
fax: +39 0971 427271
mob: +39 3402640314
mail: [email protected]
skype: neofx8080
web: http://www.geosdi.org
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
