Hi Alessio,
Thanks for your answer. It is strange, but I need to comment out this
code for it to work at all, just the same as my client. Otherwise
geoserver does not log me in (although the logging in process on
google/github works fine). Do you have any idea why this could be?
Also, can you give me an example of how I can reproduce the problem you
have without that block of code, so I can figure out a solution that
works for both of us.
Finally, do you know why I get the names of java classes showing up next
to the log-in form? (see attached photo)
Thanks in advance!
Kind Regards
Niels
On 09-04-18 12:49, Alessio Fabiani wrote:
Hi Niels,
as far as I remember, this causes cache issues with requests.
Basically if you are logged in on GeoServer GUI and you want to make
OWS requests passing the access_token, the service will always get the
in-memory Principal.
The correct way to handle this would be to allow the GUI to get the
"access_token" query parameter also from the address... not that easy
using wicket unfortunately.
Regards,
Alessio Fabiani
==GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.==Ing. Alessio Fabiani
@alfa7691Founder/Technical Lead
GeoSolutions S.A.S.Via di Montramito 3/A55054 Massarosa
(LU)Italyphone: +39 0584 962313fax: +39 0584 1660272mob: +39 331
6233686http://www.geo-solutions.ithttp://twitter.com/geosolutions_it-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
2018-04-09 11:50 GMT+02:00 Niels Charlier <ni...@scitus.be
<mailto:ni...@scitus.be>>:
Hello Alessio,
I have a question about code in the OAuth2 community module which
you have written.
What was the reason for this block of code:
https://github.com/geoserver/geoserver/blob/master/src/community/security/oauth2/src/main/java/org/geoserver/security/oauth2/GeoServerOAuthAuthenticationFilter.java#L130
<https://github.com/geoserver/geoserver/blob/master/src/community/security/oauth2/src/main/java/org/geoserver/security/oauth2/GeoServerOAuthAuthenticationFilter.java#L130>
that removes the access token and prevents the use of session
cookies after establishing an OAuth2 based Session for the UI.
We had to comment on this block of code for now. Can we make this
a configurable option perhaps?
Thanks in advance for your answer!
Kind Regards
Niels
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
