Hi, I was doing some testing for the JWT Headers SSO module, and noticed a problem when accessing the REST API.
I've tracked this down to the roles "ADMIN" vs role "ROLE_ADMINISTRATOR". I believe (could be wrong) that the WEB uses the role "ROLE_ADMINISTRATOR", but the REST API uses the role "ADMIN". This seems to be setup in - https://github.com/geoserver/geoserver/blob/main/data/release/security/rest.properties When I add "ADMIN" to my roles, the REST API allows me access. I am a bit confused on this - what is the difference between these roles and should admin users have both these roles ("ADMIN" and "ROLE_ADMINISTRATOR")? Thanks, Dave
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
