Hi,
as part of our batch of WPS improvements we also are proposing a way to
secure WPS processes on a user by user basis.
Basically, we want and equivalent of the data security, but for processes.
We can see two ways of handling this:
* extending service security
* handling it more like data security
The current service security subsystem is arguably not well developed,
it does what it can at the OWS generic level, applying security checks
just checking service, request and output format, which are the bits
we can identify without having a knowledge of the protocol itself.
At the WPS level we don't care about securing the requests themselves,
but to secure the processes themselves, which in WPS view, are
the _contents_ of the service.
When a process is not available for a user, it should not show up in the
capabilites document, and should not be usable in the other WPS calls.
Also, while now we are just looking at making the process visible or not,
just like in data security we might want to have customizable per user
process limits, something like limiting the amount of GML/WKT a certain
classes
of users can send to a certain process.
This is why I see the data security a better fit, concept wise, for the
WPS security, and I'm proposing an interface that mimicks the
ResourceAccessManager
one:
public interface ProcessAccessManager {
/**
* Returns the access limits for a whole process namespace
*/
ProcessAccessLimits getAccessLimits(Authentication user, String
namespace);
/**
* Returns the access limits for a single process
*/
ProcessAccessLimits getAccessLimits(Authentication user, Name process);
}
where ProcessAccessLimits would be, for the moment at least:
public class ProcessAccessLimits extents AccessLimits {
private boolean allowed;
public ProcessAccessLimits(CatalogMode mode, boolean allowed) {
super(mode);
this.allowed = allowed;
}
public boolean isAllowed() {
return allowed;
}
}
But in the future could be extended to add more limitations.
The default implementation of the ProcessAccessManager would be based on
property files just like data access, using rules such as:
mode=CHALLENGE
geo.*=role1,role2
gs.import=ROLE_ADMINISTRATOR
…
The application of the rules would then use a new ProcessFilter
implementation will be registered in the application context, that scans
the application context for a ProcessAccessManager implementation, and if
not found, builds a DefaultProcessAccessManager instance based on the
property files described above.
In case the request is a GetCapabilities one, and a process/factory is in
CHALLENGE mode, the code would list the processes anyways, but it would
trigger a authentication request in case the current user is not
authorized, and any other call is made to the WPS.
HIDE would simply hide the processes and pretend they are not there, MIXED
will hide them from the capabilities, but would allow their usage in other
calls if the caller has enough rights, triggering the authentication
request otherwise.
The proposed approach keeps external security systems on a level playing
field, allowing to build custom WPS security, and should give us space to
grow in the future.
Now, this has some overlap with our current ability to turn on and off
processes in WPS.
Here we have two possible approaches:
* Keep both in line, as one is geared towards what you make available, and
the other to whom
* Migrate the old on/off approach to a security one, and when the old
metadata is found, turn it into a security rule, by creating a file looking
something ilke:
geo.buffer=*
geo.intersects=ROLE_UNAUTHORIZED
...
And then change the current user interface to work against the property
files, and allow the specification or role lists on a per process basis,
instead of a simple on/off checkbox.
I'm leaning towards the second, what do you think?
Also, WPS is a extension module, do you think this is worth a proposal?
Cheers
Andrea
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
