Ok, I feel a bit silly for missing that Catalog Mode option already
existed. Knowing that, my idea boils don to having SecureCatalogImpl not
add the filter when in challenge mode, rather than adding a filter that
will be applied to each file, only to find that it's challenge mode so all
the files should be allowed through.
On 16 March 2014 00:56, Andrea Aime <andrea.a...@geo-solutions.it> wrote:
> On Fri, Mar 14, 2014 at 11:27 PM, Kevin Smith <ksm...@boundlessgeo.com>wrote:
>>
>> Allowing the admin to specify that it's OK to reveal the existence of
>> secure layers would be a simple and comprehensive way to signal that the
>> filter isn't needed. Even if we implemented partial pre-filtering, it
>> would still be useful to improve performance when pre-filtering is not
>> possible and metadata security is not required. Its certainly a first step
>> we could add comparatively easily. Maybe three options: Always Hide, Hide
>> if Prefilterable, Never Hide. Hide gives metadata security, Hide if
>> Prefilterable gives the best performance, Never Hide may improve on Always
>> Hide for performance depending on the proportion of layers that would be
>> pre-filtered and is more consistent in behaviour than Hide if Prefilterable.
>>
>
> That makes sense from the point of view of JDBC config, but I don't think
> it makes sense for the administrator to see such an implementation detail
> (I assume you want to extend the existing catalog policies
> hide/mixed/challenge, or make it otherwise configurable in the GUI?)
>
> I don't see anything wrong in ResourceAccessManager returning a filter to
> prefilter and a flag stating if pre-filtering is all there is to it, or if
> some layer by layer post filtering is needed, explaining in the interface
> the consequences of
> a layer by layer post filtering in terms of performance. In the end, to
> achieve any form of pre-filtering, you'll have to change that interface
> anyways. Someone must put some time thinking on how to best change it btw,
> so far I've just took the time to answer your mails, it would be best to
> spend some hours looking at how the interface is used and implemented in
> the current system to see if other improvements are needed JDBC config wise.
>
> Cheers
> Andrea
>
> --
> ==
> Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
> for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
--
Kevin Smith
Junior Software Engineer | Boundless
ksm...@boundlessgeo.com
+1-778-785-7459
@boundlessgeo <https://twitter.com/boundlessgeo>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
