Hi Justin Currently we use cas-client-core.jar version 3.1.12, the new version of spring security needs version 3.3.3.
The API of org.jasig.cas.client.session.SingleSignOutHandler has changed. This is the reason for the compile errors. Not easy to solve, will have a lookt at it. Cheers Christian On Sat, Oct 24, 2015 at 6:43 PM, Justin Deoliveira <jdeol...@gmail.com> wrote: > Hey Christian, > > Yes, I was planning to upgrade spring security as well. Unfortunately that > is not proving to be very easy. > > I tried jumping to 4.x but indeed the deprecated apis we are using are now > gone. This impacts two of the most important classes in our security > framework, one of them being GeoserverSecurityManager which more or less > controls everything. Basically the base classes we are extending no long > expose setter methods for various properties, with the only option begin to > use constructor injection. Which is a major problem because we rely on > those methods to change security configuration after the fact. I am not > sure how to solve that… thoughts I have had (none of which are ideal). > > 1. Update GeoServerSecurityManager and GeoServerFilterChain to be > non-singletons so we can re-instantiate them when configuration changes. > This would be a pretty far reaching change, especially for the dependencies > of GeoServerSecurityManager. > > 2. Require the user to restart GeoServer after making security > configuration changes, or at least some kind of changes, basically when > changing a provider or a filter. > > 3. Copy + modify versions of the base class from spring security into our > codebase… and re-instate those method we need. A pretty ugly hack :) > > Anyways, all things considered that is a little dirtier than I can afford > to get my hands :) So I was thinking for now just upgrading to the latest > 3.x versions. However that also leads to some issues in the cas module. > Knowing nothing about how the cas extensions work I’m not seeing obvious > alternatives to the method calls we were using. > > If you would be willing to take a look that would be awesome in case it’’s > obvious what to do. I’ve pushed the current changes up to a branch in my > git repo: > > https://github.com/jdeolive/geoserver/tree/spring-upgrade > > Everything should compile up to extension/security/cas. > > Thanks! > > -Justin > > > > On Sat, Oct 24, 2015 at 5:45 AM, Christian Mueller < > christian.muel...@os-solutions.at> wrote: > >> HI Justin >> >> Do you plan to migrate Spring Security too ? Maybe we are using some >> depricated APIs, please let me know. >> >> Christian >> >> On Fri, Oct 23, 2015 at 10:07 PM, Justin Deoliveira <jdeol...@gmail.com> >> wrote: >> >>> Great, thanks guys. I’ll report back when I make some progress. >>> >>> On Fri, Oct 23, 2015 at 1:37 PM, Andrea Aime < >>> andrea.a...@geo-solutions.it> wrote: >>> >>>> On Fri, Oct 23, 2015 at 9:21 PM, Jody Garnett <jody.garn...@gmail.com> >>>> wrote: >>>> >>>>> +1 Now is the time with a fresh master branch. >>>>> >>>> >>>> Agreed, +1 >>>> >>>> Cheers >>>> Andrea >>>> >>>> -- >>>> == >>>> GeoServer Professional Services from the experts! Visit >>>> http://goo.gl/it488V for more information. >>>> == >>>> >>>> Ing. Andrea Aime >>>> @geowolf >>>> Technical Lead >>>> >>>> GeoSolutions S.A.S. >>>> Via Poggio alle Viti 1187 >>>> 55054 Massarosa (LU) >>>> Italy >>>> phone: +39 0584 962313 >>>> fax: +39 0584 1660272 >>>> mob: +39 339 8844549 >>>> >>>> http://www.geo-solutions.it >>>> http://twitter.com/geosolutions_it >>>> >>>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >>>> >>>> Le informazioni contenute in questo messaggio di posta elettronica e/o >>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >>>> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >>>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >>>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >>>> darcene notizia via e-mail e di procedere alla distruzione del messaggio >>>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >>>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >>>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >>>> principi dettati dal D.Lgs. 196/2003. >>>> >>>> >>>> >>>> The information in this message and/or attachments, is intended solely >>>> for the attention and use of the named addressee(s) and may be confidential >>>> or proprietary in nature or covered by the provisions of privacy act >>>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >>>> Code).Any use not in accord with its purpose, any disclosure, reproduction, >>>> copying, distribution, or either dissemination, either whole or partial, is >>>> strictly forbidden except previous formal approval of the named >>>> addressee(s). If you are not the intended recipient, please contact >>>> immediately the sender by telephone, fax or e-mail and delete the >>>> information in this message that has been received in error. The sender >>>> does not give any warranty or accept liability as the content, accuracy or >>>> completeness of sent messages and accepts no responsibility for changes >>>> made after they were sent or for other risks which arise as a result of >>>> e-mail transmission, viruses, etc. >>>> >>>> ------------------------------------------------------- >>>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Geoserver-devel mailing list >>> Geoserver-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >>> >> >> >> -- >> DI Christian Mueller MSc (GIS), MSc (IT-Security) >> OSS Open Source Solutions GmbH >> >> > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
