Works for me, +1 on a community module. I agree in that this should
eventually be implemented as a custom authentication provider (or filter)
in the new security world that is coming down. Actually a relatively simple
scheme like this could be a useful example to have showing how to implement
such a custom authentication mechanism.
On Mon, Dec 12, 2011 at 10:22 AM, Andrea Aime
<andrea.a...@geo-solutions.it>wrote:
> Hi,
> I'd like to add a new community module that would perform authentication by
> unique id in the request URL.
>
> Basically the request would contain an extra parameter:
> http://host:port/geoserver/wms?....&authkey=abc-reqa-drq1-4312-3412
>
> that would serve, alone, as the authentication for a specific user.
> Code wise a dispatcher callback at the highest priority would pick the
> request params and stick the authentication in the Spring thread locals,
> and a URL mangler that would stick back the authentication key in all
> backlinks GeoServer generates (capabilities and the like).
>
> The unique id to user provider would be pluggable to allow for
> implementations
> like daily tokens, random ones generated by phisical token generators, but
> the default implementation would use the old clear text property file.
>
> I know, I know, it's not really secure, especially in its default
> incarnation, however
> I've seen it used a number of times already, even in very large
> installations
> (besides, being pluggable, it's up to whoever installs it to decide for
> herself
> if it's ok or not).
>
> The sponsor for this functionality actually needs it to allow some level
> of security
> for WMS clients that do not even support basic authentication,
> for those they would give the client a full link to the caps document that
> includes the authentication token, and have the client (that knows how to
> be a full WMS client) go from there
>
> I guess that once the work on trunk for pluggable authentication lands the
> dispatcher callback will be replaced by a pluggable Spring Security filter.
>
> Cheers
> Andrea
>
>
> --
> -------------------------------------------------------
> Ing. Andrea Aime
> GeoSolutions S.A.S.
> Tech lead
>
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
>
> phone: +39 0584 962313
> fax: +39 0584 962313
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://geo-solutions.blogspot.com/
> http://www.youtube.com/user/GeoSolutionsIT
> http://www.linkedin.com/in/andreaaime
> http://twitter.com/geowolf
>
> -------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> Learn Windows Azure Live! Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for
> developers. It will provide a great way to learn Windows Azure and what it
> provides. You can attend the event by watching it streamed LIVE online.
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> Geoserver-devel mailing list
> Geoserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
