Hi all, I'm looking into bringing GeoNode's security extensions in line
with the changes merged last week. Prior to the changes, GeoNode simply
assigned ROLE_ADMINISTRATOR to users with admin privileges - but afterward
this seems insufficient for a user to make changes in the REST API. When I
spoke with Justin, he recommended using the following code to dynamically
retrieve the administrative role from the current role service.
GeoServerSecurityManager manager =
> GeoServerExtensions.bean(GeoServerSecurityManager.class);
> GeoServerRoleService roleService = manager.getActiveRoleService();
> GeoServerRole effectiveAdmin = roleService.getAdminRole();
>
This didn't quite do the trick and, after some digging, we ended up giving
admin users both this effectiveAdminRole and GeoServerRole.ADMIN_ROLE. A
debugger shows that this is what's happening in the default configuration
as well - if you log in as administrator in the default GeoServer
configuration on trunk, you'll be a user with both "ADMIN" (the default
admin role for the default service) and "ROLE_ADMINISTRATOR" (the reserved
system role.) I guess this means that AuthenticationProviders are
responsible for the "mapping" between ADMIN_ROLE and the local admin role
mentioned in http://jira.codehaus.org/browse/GEOS-5101 ? Is that
appropriate/intended?
--
David Winslow
OpenGeo - http://opengeo.org/
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
