Hi, Here are my notes after the PMC meeting.
After talking in the PMC meeting, a full-admin should have two roles; * ROLE_ADMINISTRATOR * ADMIN This is how the standard geoserver "admin" user is configured ("release" data dir). See the PMC meeting notes as well. No action for a while because this is "opening a can of worms." I will put a PR for the jwt-headers so it handles these multiple-roles better. CF: https://github.com/geoserver/geoserver/blob/main/data/release/security/rest.properties https://github.com/geoserver/geoserver/blob/a634daa9f243c818e1e7ae8ea3504f803676aa19/src/main/src/main/java/org/geoserver/security/impl/GeoServerRole.java#L21 https://github.com/geoserver/geoserver/blob/6e9e25c0c7cdda9ada9f33f8255130d3afc76801/src/main/src/main/java/org/geoserver/security/impl/AbstractGeoServerSecurityService.java#L25 https://github.com/geoserver/geoserver/blob/fb441eefa631a2f66b31b62c6811e44517493b2c/src/main/src/main/java/org/geoserver/security/GeoServerSecurityManager.java#L2047 Thanks, Dave On Mon, May 6, 2024 at 5:23 PM David Blasby <david.bla...@geocat.net> wrote: > Hi, > > I was doing some testing for the JWT Headers SSO module, and noticed a > problem when accessing the REST API. > > I've tracked this down to the roles "ADMIN" vs role "ROLE_ADMINISTRATOR". > > I believe (could be wrong) that the WEB uses the role > "ROLE_ADMINISTRATOR", but the REST API uses the role "ADMIN". > > This seems to be setup in - > https://github.com/geoserver/geoserver/blob/main/data/release/security/rest.properties > > > When I add "ADMIN" to my roles, the REST API allows me access. > > I am a bit confused on this - what is the difference between these roles > and should admin users have both these roles ("ADMIN" and > "ROLE_ADMINISTRATOR")? > > Thanks, > Dave >
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel