On Sun, Apr 10, 2011 at 10:07 PM, Gabriel Roldán <[email protected]> wrote: > You may be able to bring some light over the following: > While testing this I found it seems impossible to get really rid of the > default geoserver security filter chain in order to provide an alternate > auth system. > Or at least that's what it looks like to me. > Reason being org.geoserver.filters.SpringDelegatingFilter applying all > the filters found in the app context, so no matter geonode declares a > different set, geoservers' default win. Specially the > GeoSeverAuthenticationProcessingFilter gets duplicated, geoserver's > relying on the default daoAuthenticationManager, geonode's in it's own > one, that gets never called.
Bug reported already: http://jira.codehaus.org/browse/GEOS-4421 > Which in turn brings me to the following reasoning: > having applicationSecurityContext in the main module is wrong. > appSecurityContext.xml belongs to web-app, _and_ web-app should be no > more than the glue that sets up the app. Otherwise /main is assuming a > lot of things that may not hold true on a different set up or directly > don't belong to it. The security set up is a cross cutting concern > that's better addressed where the app is laid out. > This is the same I had to do with geowebcache, moving appSecurityContext > to its web module, so that geoserver can depend on gwc without carrying > over its assumptions. > But in this case it's geonode depending on geoserver. And the right > thing to do IMHO would be that geonode doesn't depend on geosever's > web-app, but lays out its own war as it needs it. > > Now, for this to work we should move everything in web/app/src/main/java > to web-core, but let web-app just decide on the bean weaving. > > makes sense, or am I missing something obvious? It was there in the beginning, but I could not perform quite a bit of testing that was to be done in the main module, so it was moved back to main so that cobertura could reliably report on test coverage. We could move the stuff back in web/app and the tests too. At the time it was important I could prove some test coverage, making the move would make it impossible to prove certain classes are tested at all (don't remember which ones, that happened two years ago) Cheers Andrea -- ------------------------------------------------------- Ing. Andrea Aime GeoSolutions S.A.S. Tech lead Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 962313 mob: +39 333 8128928 http://www.geo-solutions.it http://geo-solutions.blogspot.com/ http://www.youtube.com/user/GeoSolutionsIT http://www.linkedin.com/in/andreaaime http://twitter.com/geowolf ------------------------------------------------------- ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
