Hey Martin!
If i can interject I think what Christian is trying to say is that there
have been some good improvements to the new security authentication
subsystem going from 2.2 to 2.3. Mostly surrounding authentication filters.
Since one of the classes you mentioned is a filter class you may be
affected going from 2.2 to 2.3 but the api changes are relatively minor.
The big job will be going moving to 2.2. Going to 2.2 to 2.3 will be
relatively minor.
The security docs in the user guide give a good overview of the system, and
how security filters and authentication providers play with each other, but
as christian says there is not much in terms of developer docs. Best thing
would be to see how the existing filters and providers and follow suite.
Based on the classes you original mentioned here are some thoughts.
- LdapAuthenticationProvider
WE now ship with an ldap provider out of the box in geoserver, which uses
this same class so i imagine that can probably replace this. Look at
LDAPAuthenticationProvider
in the sec-ldap module.
- ProviderManager
This is a core class in spring security that manages the authentication
provider. In GeoServer we override this class with GeoServerSecurityManager
in the main module.
- SmProcessingFilter
This sounds like a "pre-authentication" filter that recognizes a header or
some token passed through by siteminder. There are examples of filters that
do this in the main module, look at all the subclasses of
GeoServerPreAuthenticationFilter.
- SmAuthenticationDetailsSource
This one i am not so sure about.. Does it implement the UserDetailsService
interface?
- WebADEAuthoritiesPopulator
Sounds like this is used by the authentication provider to assign roles to
the principal. You should probably be able to use this as is from your
authentication provider, see the ldap provider for an example, it used the
spring security LdapAuthoritiesPopulator to determine roles from the ldap
server in addition to doing the authentication.
Hope that helps.
-Justin
On Wed, Mar 6, 2013 at 10:51 AM, Martin Davis <[email protected]> wrote:
> Thanks for the info, Christian.
>
> Do you mean that the code we would write for 2.2.x will need to be changed
> for 2.3.x? Or just that 2.3 is more functional than 2.2? I ask because it
> may not be an option to move straight to 2.3 yet, so we will have to make a
> decision about which version to target if they are different.
>
> Martin
>
>
> On Wed, Mar 6, 2013 at 3:48 AM, Christian Mueller <
> [email protected]> wrote:
>
>> Hi Martin
>>
>> First I would recommend to invest in Geoserver 2.3 because the security
>> subsystem in 2.2.x is a little bit experimental.
>>
>> The architecture of the new security subsystems allows to add custom
>> authentication mechanisms including configuration pages for the admin GUI.
>>
>> Unfortunately there is no developer documentation until now because at
>> the moment I have no time left.
>>
>> Cheers
>> Christian
>>
>>
>> On 5 March 2013 21:05, Martin Davis <[email protected]> wrote:
>>
>>> We have a custom authentication/authorization plugin developed for use
>>> with GeoServer 2.1. It uses the Netegrity SiteMinder security proxy and a
>>> custom authorization provider called WebADE. It consists of the following
>>> classes implementing various Spring Security interfaces:
>>>
>>> LdapAuthenticationProvider
>>> ProviderManager
>>> SmAuthenticationDetailsSource
>>> SmProcessingFilter
>>> WebADEAuthoritiesPopulator
>>>
>>> Is there any information available on how to migrate this to the 2.2.x
>>> Security model?
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Everyone hates slow websites. So do we.
>>> Make your web apps faster with AppDynamics
>>> Download AppDynamics Lite for free today:
>>> http://p.sf.net/sfu/appdyn_d2d_feb
>>> _______________________________________________
>>> Geoserver-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>>
>>>
>>
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
