Hi,
I've just committed the bug fix for GWC passwords not being encrypted:
https://github.com/geoserver/geoserver/commit/b63b6a2e540fdfb490d58a1a5e7e3dc5aea3a5e3
One of the things I've implemented is making sure the password gets
re-encoded as the global password encryption method is changed, using a
SecurityManagerListener.
That works fine, however there is an annoying side effect: the post change
event also gets triggered on startup, the event tells me nothing about an
eventual change of the password encoder, and the standard password encoder
does not produce stable passwords.
Long story short, the event handling code ends up thinking the password
encryption method changed, and rewrites the config file.
Not a show stopper, but if one manages the gs configuration via version
control, that will generate a local change which will result in conflicts
at the next data dir update.
So I'm wondering, is it really necessary to trigger the post changed event
in the init method?
As far as I can see there is nothing using it.
An alternative could be to provide the listener both the old and new
config, and let them deduce that the event is an init one because there was
no config previously
Opinions?
Cheers
Andrea
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
