Thanks Kevin, hoaxing those as part of the proposal makes it more real for
people who come to implement a security filter later. These GSIP proposals
form our GeoServer "design documentation" such as it is ...
Jody Garnett
On Sat, May 3, 2014 at 5:14 AM, Kevin Smith <ksm...@boundlessgeo.com> wrote:
> OK, here are some examples for Jody,
>
> AllowAllResourceAccessManager which just allows access to everything would
> have a getSecurityFilter like this
>
> public Filter getSecurityFilter(Authentication user, Class<? extends
> CatalogInfo> clazz) {
> return Predicates.allowAll();
> }
>
> While WorkspaceCatalogFilter which hides one specific workspace might have
> a getSecurityFilter like this:
>
> public Filter getSecurityFilter(Class<? extends CatalogInfo> clazz) {
> if(WorkspaceInfo.class.isAssignableFrom(clazz)) {
> return Predicates.not(Predicates.equals("id", workspace.getId()));
> } else {
> return Predicates.not(Predicates.equals("workspace.id",
> workspace.getId()));
> }
> }
>
> This isn't actually in the proposal but is in my implementation;
> AbstractResourceAccessManager and AbstractCatalogFilter provide
> implementations equivalent to the existing filter. They are implemented
> based on calls to other methods of the RAM or CF that require the
> deserialized CatalogInfo object, and hence not are not "well known" filters
> that JDBCConfig can handle. Overriding them allows for the RAM or CF to
> replace that with a well known filter if it can, or to call super for cases
> where it can't.
>
> This is how I implemented it for DataAccessManagerAdapter
>
> @SuppressWarnings("deprecation")
> @Override
> public Filter getSecurityFilter(Authentication user,
> Class<? extends CatalogInfo> clazz) {
>
> if(delegate.getMode()==CatalogMode.CHALLENGE)
> // If we're in CHALLENGE mode, everything should be visible
> return Predicates.acceptAll();
> else
> return super.toFilter(user, clazz);
> }
>
> It returns a well known filter when that's possible, and falls back to the
> non well known default when it can't.
>
>
> On 1 May 2014 05:30, Jody Garnett <jody.garn...@gmail.com> wrote:
>
>> Sorry I was getting confused with the geotools page -
>> http://docs.geotools.org/latest/developer/procedures/proposal.html
>>
>> Which has an elapsed time of 15 days - I thought we had a similar
>> mechanism in place for GeoServer to prevent proposals being stalled.
>>
>> Jody Garnett
>>
>>
>> On Thu, May 1, 2014 at 5:10 PM, Andrea Aime <andrea.a...@geo-solutions.it
>> > wrote:
>>
>>> On Thu, May 1, 2014 at 2:22 AM, Jody Garnett <jody.garn...@gmail.com>wrote:
>>>
>>>> Yeah two weeks is our grace period, so you can assume the remaining
>>>> votes are +0
>>>>
>>>
>>> Jody, where is the two weeks coming from? Here is the official policy:
>>> http://docs.geoserver.org/stable/en/developer/policies/gsip.html
>>>
>>> I agree two weeks wait is long enough, if not too long, but the only
>>> measure of success
>>> we have in there is:
>>> "The proposal is considered successful after a majority of positive
>>> votes is a achieved and all feedback from any negative votes has been
>>> addressed"
>>>
>>> When things settle down I normally go for the opposite question: "If
>>> nobody
>>> has further feedback I'll got ahead and merge the work tomorrow/in x
>>> days"
>>> Works well in a world of busy people that might simply not respond mails
>>> :-p
>>>
>>> Cheers
>>> Andrea
>>>
>>>
>>> --
>>> ==
>>> Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
>>> for more information.
>>> ==
>>>
>>> Ing. Andrea Aime
>>> @geowolf
>>> Technical Lead
>>>
>>> GeoSolutions S.A.S.
>>> Via Poggio alle Viti 1187
>>> 55054 Massarosa (LU)
>>> Italy
>>> phone: +39 0584 962313
>>> fax: +39 0584 1660272
>>> mob: +39 339 8844549
>>>
>>> http://www.geo-solutions.it
>>> http://twitter.com/geosolutions_it
>>>
>>> -------------------------------------------------------
>>>
>>
>>
>
>
> --
>
> Kevin Smith
>
> Junior Software Engineer | Boundless
>
> ksm...@boundlessgeo.com
>
> +1-778-785-7459
>
> @boundlessgeo <https://twitter.com/boundlessgeo>
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
