Circling back on this one. So until the cas issue can be sorted out it looks like any upgrade to spring security is a no go. I was however able to update the base spring version to the latest 3.2 version. That at least gets us onto a version that is currently still being maintained, albeit probably for not much longer. Here is the pull request.
https://github.com/geoserver/geoserver/pull/1327 @Christian: any luck looking at the cas issue? On Sun, Oct 25, 2015 at 10:23 AM, Christian Mueller < christian.muel...@os-solutions.at> wrote: > Hi Justin > > Currently we use cas-client-core.jar version 3.1.12, the new version of > spring security needs version 3.3.3. > > The API of org.jasig.cas.client.session.SingleSignOutHandler has changed. > This is the reason for the compile errors. > > Not easy to solve, will have a lookt at it. > > Cheers > Christian > > > > > > > On Sat, Oct 24, 2015 at 6:43 PM, Justin Deoliveira <jdeol...@gmail.com> > wrote: > >> Hey Christian, >> >> Yes, I was planning to upgrade spring security as well. Unfortunately >> that is not proving to be very easy. >> >> I tried jumping to 4.x but indeed the deprecated apis we are using are >> now gone. This impacts two of the most important classes in our security >> framework, one of them being GeoserverSecurityManager which more or less >> controls everything. Basically the base classes we are extending no long >> expose setter methods for various properties, with the only option begin to >> use constructor injection. Which is a major problem because we rely on >> those methods to change security configuration after the fact. I am not >> sure how to solve that… thoughts I have had (none of which are ideal). >> >> 1. Update GeoServerSecurityManager and GeoServerFilterChain to be >> non-singletons so we can re-instantiate them when configuration changes. >> This would be a pretty far reaching change, especially for the dependencies >> of GeoServerSecurityManager. >> >> 2. Require the user to restart GeoServer after making security >> configuration changes, or at least some kind of changes, basically when >> changing a provider or a filter. >> >> 3. Copy + modify versions of the base class from spring security into our >> codebase… and re-instate those method we need. A pretty ugly hack :) >> >> Anyways, all things considered that is a little dirtier than I can afford >> to get my hands :) So I was thinking for now just upgrading to the latest >> 3.x versions. However that also leads to some issues in the cas module. >> Knowing nothing about how the cas extensions work I’m not seeing obvious >> alternatives to the method calls we were using. >> >> If you would be willing to take a look that would be awesome in case >> it’’s obvious what to do. I’ve pushed the current changes up to a branch in >> my git repo: >> >> https://github.com/jdeolive/geoserver/tree/spring-upgrade >> >> Everything should compile up to extension/security/cas. >> >> Thanks! >> >> -Justin >> >> >> >> On Sat, Oct 24, 2015 at 5:45 AM, Christian Mueller < >> christian.muel...@os-solutions.at> wrote: >> >>> HI Justin >>> >>> Do you plan to migrate Spring Security too ? Maybe we are using some >>> depricated APIs, please let me know. >>> >>> Christian >>> >>> On Fri, Oct 23, 2015 at 10:07 PM, Justin Deoliveira <jdeol...@gmail.com> >>> wrote: >>> >>>> Great, thanks guys. I’ll report back when I make some progress. >>>> >>>> On Fri, Oct 23, 2015 at 1:37 PM, Andrea Aime < >>>> andrea.a...@geo-solutions.it> wrote: >>>> >>>>> On Fri, Oct 23, 2015 at 9:21 PM, Jody Garnett <jody.garn...@gmail.com> >>>>> wrote: >>>>> >>>>>> +1 Now is the time with a fresh master branch. >>>>>> >>>>> >>>>> Agreed, +1 >>>>> >>>>> Cheers >>>>> Andrea >>>>> >>>>> -- >>>>> == >>>>> GeoServer Professional Services from the experts! Visit >>>>> http://goo.gl/it488V for more information. >>>>> == >>>>> >>>>> Ing. Andrea Aime >>>>> @geowolf >>>>> Technical Lead >>>>> >>>>> GeoSolutions S.A.S. >>>>> Via Poggio alle Viti 1187 >>>>> 55054 Massarosa (LU) >>>>> Italy >>>>> phone: +39 0584 962313 >>>>> fax: +39 0584 1660272 >>>>> mob: +39 339 8844549 >>>>> >>>>> http://www.geo-solutions.it >>>>> http://twitter.com/geosolutions_it >>>>> >>>>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >>>>> >>>>> Le informazioni contenute in questo messaggio di posta elettronica e/o >>>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >>>>> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >>>>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >>>>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >>>>> darcene notizia via e-mail e di procedere alla distruzione del messaggio >>>>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >>>>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >>>>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >>>>> principi dettati dal D.Lgs. 196/2003. >>>>> >>>>> >>>>> >>>>> The information in this message and/or attachments, is intended solely >>>>> for the attention and use of the named addressee(s) and may be >>>>> confidential >>>>> or proprietary in nature or covered by the provisions of privacy act >>>>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >>>>> Code).Any use not in accord with its purpose, any disclosure, >>>>> reproduction, >>>>> copying, distribution, or either dissemination, either whole or partial, >>>>> is >>>>> strictly forbidden except previous formal approval of the named >>>>> addressee(s). If you are not the intended recipient, please contact >>>>> immediately the sender by telephone, fax or e-mail and delete the >>>>> information in this message that has been received in error. The sender >>>>> does not give any warranty or accept liability as the content, accuracy or >>>>> completeness of sent messages and accepts no responsibility for changes >>>>> made after they were sent or for other risks which arise as a result of >>>>> e-mail transmission, viruses, etc. >>>>> >>>>> ------------------------------------------------------- >>>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Geoserver-devel mailing list >>>> Geoserver-devel@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>>> >>>> >>> >>> >>> -- >>> DI Christian Mueller MSc (GIS), MSc (IT-Security) >>> OSS Open Source Solutions GmbH >>> >>> >> > > > -- > DI Christian Mueller MSc (GIS), MSc (IT-Security) > OSS Open Source Solutions GmbH > >
------------------------------------------------------------------------------
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
