Emanuele Tajariol ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A5f715f5e-d477-4c0d-97bb-5b7644324d82 ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiMmZmNjU2ZmVhMWExNGNjNTg0YjI5ZTZkNWRkZmQ5NDgiLCJwIjoiaiJ9 ) / Improvement ( https://osgeo-org.atlassian.net/browse/GEOS-10420?atlOrigin=eyJpIjoiMmZmNjU2ZmVhMWExNGNjNTg0YjI5ZTZkNWRkZmQ5NDgiLCJwIjoiaiJ9 ) GEOS-10420 ( https://osgeo-org.atlassian.net/browse/GEOS-10420?atlOrigin=eyJpIjoiMmZmNjU2ZmVhMWExNGNjNTg0YjI5ZTZkNWRkZmQ5NDgiLCJwIjoiaiJ9 ) GeoFence group list is too limiting ( https://osgeo-org.atlassian.net/browse/GEOS-10420?atlOrigin=eyJpIjoiMmZmNjU2ZmVhMWExNGNjNTg0YjI5ZTZkNWRkZmQ5NDgiLCJwIjoiaiJ9 ) Issue Type: Improvement Assignee: Unassigned Components: GeoFence Created: 15/Mar/22 10:57 AM Priority: Medium Reporter: Emanuele Tajariol ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A5f715f5e-d477-4c0d-97bb-5b7644324d82 ) When the option “ Use GeoServer roles to get authorizations ” is used, the logic requires a list of predefined groups, so that the last matching group (a break is missing?) is used for the authorization in GeoFence see https://github.com/geoserver/geoserver/blob/84557570531bda5d9ce03703bba379fb2a4b1cfa/src/extension/geofence/src/main/java/org/geoserver/geofence/GeofenceAccessManager.java#L572 In architectures where the authentication is plugged, we may not know in advance the list of available roles, so we may want just take any role (probably there will be only one assigned when the user logs in). We may add regex handling in this list, but, in order not to overengineer the logic, we may just consider the case where the “ Comma delimited list of mutually exclusive roles for authorization ” only contains a “*”; in that case, the first group associated to the current user should be used. ( https://osgeo-org.atlassian.net/browse/GEOS-10420#add-comment?atlOrigin=eyJpIjoiMmZmNjU2ZmVhMWExNGNjNTg0YjI5ZTZkNWRkZmQ5NDgiLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10420#add-comment?atlOrigin=eyJpIjoiMmZmNjU2ZmVhMWExNGNjNTg0YjI5ZTZkNWRkZmQ5NDgiLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100197- sha1:8522567 )
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
