Hi,

I was doing some testing for the JWT Headers SSO module, and noticed a
problem when accessing the REST API.

I've tracked this down to the roles "ADMIN" vs role "ROLE_ADMINISTRATOR".

I believe (could be wrong) that the WEB uses the role "ROLE_ADMINISTRATOR",
but the REST API uses the role "ADMIN".

This seems to be setup in -
https://github.com/geoserver/geoserver/blob/main/data/release/security/rest.properties


When I add "ADMIN" to my roles, the REST API allows me access.

I am a bit confused on this - what is the difference between these roles
and should admin users have both these roles ("ADMIN" and
"ROLE_ADMINISTRATOR")?

Thanks,
Dave
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to