Hi Jody, For the most part, it uses GeoServer security as-is.
But it's true the GeoServer OAuth2 plugins haven't been integrated, and I didn't want to, since Spring/Boot provide out of the box OAuth2/OIDC support. For that reason, and in order to avoid duplication and keep the gscloud gateway as simple as possible, all our deployments that require OAuth2/OIDC have the georchestra gateway in front of the gscloud gateway. That is not a full solution though, because for historical reasons, the georchestra gateway does perform the authentication, but then translates the username and roles to request headers. Hence I'm looking forward for the Spring 6 security upgrade, which means Spring-Boot 3 upgrade for gscloud. *camptocamp* INNOVATIVE SOLUTIONS BY OPEN SOURCE EXPERTS *Gabriel Roldán* Geospatial Developer On Thu, Aug 22, 2024 at 3:05 PM Jody Garnett <jody.garn...@gmail.com> wrote: > Okay in a case of RTFM: > > Advanced ACL system is available through the project GeoServer ACL which >> offers the same capacities as GeoFence. >> > OAuth is available by using the geOrchestra Gateway in replacement of the >> GeoServer Cloud one. >> > > So it uses an external security service for authorization (so each micro > service can have a party), and trusts authentication from gateway > responsible for dispatch. > - - > Jody Garnett > > > On Aug 22, 2024 at 10:06:27 AM, Jody Garnett <jody.garn...@gmail.com> > wrote: > >> Gabe, >> >> Question for you as I look at the spring-framework-6 update and rewriting >> OIDC support. >> >> How does the cloud native geoserver spring boot setup handle security? >> Does it use the geoserver security system as is - or does it have to do >> something earlier at the "gateway" level that dispatches to micro services? >> - - >> Jody Garnett >> >
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
