Ah ok, didn't know, not in the GSOC loop. It sounds close so by all means I
think it is appropriate to hold up the patch in order to synchronize up.
Just was thinking that if it was still months away that it would make sense
to go with the patch as is.
On Thu, Sep 1, 2011 at 12:41 AM, <christian.muel...@nvoe.at> wrote:
> Zitat von Justin Deoliveira <jdeol...@opengeo.org>:
>
>
> How close is your work to being commit ready Christian? Is there any sort
>> of
>> timeline? If you plan to be in a position to commit work soon then I would
>> say it would make sense for Ian to hold back part of the patch, but if it
>> is
>> still a while yet then imo it is not really fair to make him wait . Others
>> may disagree but generally from my experience it is the developer on the
>> longer term branch that has to carry the burden of merging after the fact,
>> and simply has to deal with changes that have happened in the interim.
>>
>
> The patch is the result from GSOC 2011 and is ready since about a week. I
> wait for Andrea as my mentor to review. My primary sorrow is that Ians patch
> introduces password digesting to GeoserverUserDoa/users.**properties and
> after my patch is applied, an automatic migration from users properties
> takes place. For the new authentication concept(CAS, proxy
> authentication,....) I will have to rollback most of the Ians changes
> concerning user passwords, the job will not become easier.
>
> Lets wait for Andreas review ?
>
>
>
>> $0.02
>>
>> -Justin
>>
>> On Tue, Aug 30, 2011 at 10:04 PM, <christian.muel...@nvoe.at> wrote:
>>
>> Ian and me decided to open a thread on the developers list concerning
>>>
>>> https://jira.codehaus.org/**browse/GEOS-4702<https://jira.codehaus.org/browse/GEOS-4702>
>>> https://jira.codehaus.org/**browse/GEOS-4554<https://jira.codehaus.org/browse/GEOS-4554>
>>>
>>> Each issue has a patch, unfortunately they are overlapping.
>>>
>>> Ians patch has two major topics
>>>
>>> a) Digesting passwords in the user.properties file
>>> b) Encrypting passwords for geoserver stores
>>>
>>> add a)
>>> The user.properties file and the GeoserverUserDao are replaced by
>>> UserGroupServices and GrantedAuthorityServices by my patch. It will be
>>> possible to have more than one backend for users/groups. At the moment
>>> I deferred password digesting since I am investigating into
>>> authentication manager / authentication providers supporting CAS,proxy
>>> authentication,password authentication and so on. Not every user has
>>> to be authenticated by userid/password, nor has the user information
>>> to be stored within a geoserver backend implementation.
>>>
>>> add b)
>>> This topic is unique to Ians patch. Some comments
>>>
>>> 1)
>>> I would use this concept for the master key
>>> http://www.jasypt.org/**webconfiguration.html<http://www.jasypt.org/webconfiguration.html>
>>> The default should be the GeoserverExtensiosns.**getProperty mechanism,
>>> but it would be nice to have the possibility to inject the master key
>>> using Spring.
>>>
>>> 2)
>>> I would prefer a md5/aes 128 encryption as default and would avoid DES
>>> which is not state of the art and could be broken by brute force today
>>> (only 56 Bit key length).
>>>
>>>
>>> 3) Perhaps, there should be a possibility to turn this feature off
>>> after turning it on, not sure here.
>>>
>>>
>>> Proposal:
>>> Ian, do you see a possibility to reduce your patch to the encrpytion
>>> (PBE) feature. At the moment we cannot apply both patches
>>> simultaneously and I want a situation where we can continue work
>>> independently.
>>>
>>> Opinions ?
>>>
>>> Cheers
>>> Christian
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------**------------------------------**----
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>>
>>>
>>> ------------------------------**------------------------------**
>>> ------------------
>>> Special Offer -- Download ArcSight Logger for FREE!
>>> Finally, a world-class log management solution at an even better
>>> price-free! And you'll get a free "Love Thy Logs" t-shirt when you
>>> download Logger. Secure your free ArcSight Logger TODAY!
>>> http://p.sf.net/sfu/**arcsisghtdev2dev<http://p.sf.net/sfu/arcsisghtdev2dev>
>>> ______________________________**_________________
>>> Geoserver-devel mailing list
>>> Geoserver-devel@lists.**sourceforge.net<Geoserver-devel@lists.sourceforge.net>
>>> https://lists.sourceforge.net/**lists/listinfo/geoserver-devel<https://lists.sourceforge.net/lists/listinfo/geoserver-devel>
>>>
>>>
>>
>>
>> --
>> Justin Deoliveira
>> OpenGeo - http://opengeo.org
>> Enterprise support for open source geospatial.
>>
>>
>
>
> ------------------------------**------------------------------**----
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
