Hi Sean, answers inside Zitat von Sean K <sk92...@gmail.com>:
> Hi, > > I've been reading the 2.2.4 manual about authentication and security for > the master or root account. > > And since the security or authentication has been re-engineered as of 2.2 > (and we were using 2.1.1), the way we were using geoserver needs to change. > > In 2.1.1, since the password was not being encrypted, our geoserver had > been customized at the GeoServerUserDao level, we injected a password > encoder bean into this and encrypted the password using the Spring encoder. You can inject your own password encoder, look at applicationSecurityContext.xml. You have to prefix the password with an unique string identifying your password encoder, e. g. myencoder:XXXXXXXXXXXXXXXXXx > > Now looking at 2.2.4, I see that the a lot of thing has changed. > > There are two things that we need: > > 1.) we need to use create or use a ROLE_ADMINISTRATOR with a name other > than "root" -- for example, "myappadmin" For each role service, you can specify a local role which is mapped to ROLE_ADMINISTRATOR. The standard xml role service has a role ADMIN. Users/groups having the role ADMIN also have the role ROLE_ADMINISTRATOR. Look at security/role/default/roles.xml > > 2.) we need to keep the password encrypted on the hard drive -- we dont > need LDAP or other external systems. Since I see that encrypted > passwords are not supported in 2.2.4, I figure this should be easier. Password encryption is supported in 2.2.x. There are 4 encoders out of the box 1) plain 2) digest 3) encrypt (DES, weak) 4) encrypt (AES, strong) if you install the unrestricted policy files > > If I want to zip up the entire geoserver web app with the all these > changes, what are my best approaches? (I figure that I could change the > source code again or the spring context files but I think I would prefer to > avoid that to avoid future upgrade issues.) Try to create a user properties file with plain text passwords. Migration code contained in 2.2.x will encrypt your passwords with 3) > > I tried to use the users.properties with content that looks like this: > > myappadmin=digest1:YgaweuS60t+mJNobGlf9hzUC6g7gGTtPEu0TlnUxFlv0fYtBuTsQDzZcBM4AfZHd,ROLE_ADMINISTRATOR,enabled > > And I restarted my geoserver, but that did not work. The file user.properties is deprecated. The new default location is security/usergroup/default/users.xml > > Any guidance or suggestions would be appreciated. > > -- > Sean > Cheers Christian ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
