Hi Alessio
Long story for short. At the time when Justin an me invented this design we
did not consider such constellations. Feel free to improve where it is
possible.
Cheers
Christian
On Thu, Oct 27, 2016 at 4:44 PM, Alessio Fabiani <
alessio.fabi...@geo-solutions.it> wrote:
> Dear all,
> currently the "SecurityNamedServiceEditPage" is used by GeoServer in order
> to edit the configuration of a defined security filter.
>
> Such class searches for "AuthenticationFilterPanelInfo"s related to a
> specific AuthFilter and instantiates the model for Wicket in order to allow
> the admin to edit the configuration info.
>
> Now, each "AuthenticationFilterPanelInfo" is defined by 3 properties:
>
> - set*ComponentClass*; the Class of the concrete Wicket Panel
> - set*ServiceClass*; the Class of the target AuthFilter
> - set*ServiceConfigClass*; the Class of the XStream Configuration
>
> The problem is the following one:
>
> the "lookupPanelInfo" method of the "SecurityNamedServiceEditPage" looks
> *only* for the *ServiceClass* and ignores completely the
> *ServiceConfigClass*.
>
> ...
> try {
> serviceClass = Class.forName(config.getClassName());
> } catch (ClassNotFoundException e) {
> throw new RuntimeException(e);
> }
> ...
> if (l.size() == 1) {
> //filter down to one match
> return l.get(0);
> }
> throw new RuntimeException("Found multiple panel infos for
> service config: " + config
> + ", service class: " + serviceClass);
> ...
>
> The side effect is that whenever I have two different AuthProvider defined
> by two different *ServiceConfigClass* but referring to the same
> *ServiceClass* (see for instance the *OAuth2 Providers* which share
> exactly the same Filter logic but have different configurations for
> different OAuth2 providers) I won't be able to edit them via GUI anymore.
>
> Consider the use case when I want to enable both Google and GitHub OAUth2
> providers on GeoServer. Accordingly to this I basically should duplicate
> both the AuthProvider and AuthFilter classes, even if they do exactly the
> same thing.
>
> My question is: "Is there a particular reason for such behavior of the
> editor page?"
>
> NOTICE also that:
>
> 1. Create new AuthProviders referring to the same *ServiceClass* is
> currently possible on GeoServer
>
> 2. We will have the same issue in the case we create *two* (or more)
> different configurations for the same AuthProvider too
>
> Any thoughts on that? Anyone knows a good reason to not allowing the
> "SecurityNamedServiceEditPage" to check *also* for the
> *ServiceConfigClass*?
>
> Best Regards,
> Alessio Fabiani.
>
> ==
> GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
> @alfa7691
> Founder/Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 331 6233686
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> ---------------------------------------------------------------------
>
> ------------------------------------------------------------
> ------------------
> The Command Line: Reinvented for Modern Developers
> Did the resurgence of CLI tooling catch you by surprise?
> Reconnect with the command line and become more productive.
> Learn the new .NET and ASP.NET CLI. Get your free copy!
> http://sdm.link/telerik
> _______________________________________________
> Geoserver-devel mailing list
> Geoserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
