Thanks for the detailed reply, Justin.
We may change the design to avoid the need for LDAP authentication, but if
not then it's good to know about the built-in LDAP Auth.
We'll be working on this in about a month, so may have more questions then.
Martin
On Wed, Mar 6, 2013 at 8:51 PM, Justin Deoliveira <[email protected]>wrote:
> Hey Martin!
>
> If i can interject I think what Christian is trying to say is that there
> have been some good improvements to the new security authentication
> subsystem going from 2.2 to 2.3. Mostly surrounding authentication filters.
> Since one of the classes you mentioned is a filter class you may be
> affected going from 2.2 to 2.3 but the api changes are relatively minor.
> The big job will be going moving to 2.2. Going to 2.2 to 2.3 will be
> relatively minor.
>
> The security docs in the user guide give a good overview of the system,
> and how security filters and authentication providers play with each other,
> but as christian says there is not much in terms of developer docs. Best
> thing would be to see how the existing filters and providers and follow
> suite.
>
> Based on the classes you original mentioned here are some thoughts.
>
> - LdapAuthenticationProvider
>
> WE now ship with an ldap provider out of the box in geoserver, which uses
> this same class so i imagine that can probably replace this. Look at
> LDAPAuthenticationProvider
> in the sec-ldap module.
>
> - ProviderManager
>
> This is a core class in spring security that manages the authentication
> provider. In GeoServer we override this class with GeoServerSecurityManager
> in the main module.
>
> - SmProcessingFilter
>
> This sounds like a "pre-authentication" filter that recognizes a header or
> some token passed through by siteminder. There are examples of filters that
> do this in the main module, look at all the subclasses of
> GeoServerPreAuthenticationFilter.
>
> - SmAuthenticationDetailsSource
>
> This one i am not so sure about.. Does it implement the UserDetailsService
> interface?
>
> - WebADEAuthoritiesPopulator
>
> Sounds like this is used by the authentication provider to assign roles to
> the principal. You should probably be able to use this as is from your
> authentication provider, see the ldap provider for an example, it used the
> spring security LdapAuthoritiesPopulator to determine roles from the ldap
> server in addition to doing the authentication.
>
> Hope that helps.
>
> -Justin
>
>
>
>
>
>
> On Wed, Mar 6, 2013 at 10:51 AM, Martin Davis <[email protected]> wrote:
>
>> Thanks for the info, Christian.
>>
>> Do you mean that the code we would write for 2.2.x will need to be
>> changed for 2.3.x? Or just that 2.3 is more functional than 2.2? I ask
>> because it may not be an option to move straight to 2.3 yet, so we will
>> have to make a decision about which version to target if they are different.
>>
>> Martin
>>
>>
>> On Wed, Mar 6, 2013 at 3:48 AM, Christian Mueller <
>> [email protected]> wrote:
>>
>>> Hi Martin
>>>
>>> First I would recommend to invest in Geoserver 2.3 because the security
>>> subsystem in 2.2.x is a little bit experimental.
>>>
>>> The architecture of the new security subsystems allows to add custom
>>> authentication mechanisms including configuration pages for the admin GUI.
>>>
>>> Unfortunately there is no developer documentation until now because at
>>> the moment I have no time left.
>>>
>>> Cheers
>>> Christian
>>>
>>>
>>> On 5 March 2013 21:05, Martin Davis <[email protected]> wrote:
>>>
>>>> We have a custom authentication/authorization plugin developed for use
>>>> with GeoServer 2.1. It uses the Netegrity SiteMinder security proxy and a
>>>> custom authorization provider called WebADE. It consists of the following
>>>> classes implementing various Spring Security interfaces:
>>>>
>>>> LdapAuthenticationProvider
>>>> ProviderManager
>>>> SmAuthenticationDetailsSource
>>>> SmProcessingFilter
>>>> WebADEAuthoritiesPopulator
>>>>
>>>> Is there any information available on how to migrate this to the 2.2.x
>>>> Security model?
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Everyone hates slow websites. So do we.
>>>> Make your web apps faster with AppDynamics
>>>> Download AppDynamics Lite for free today:
>>>> http://p.sf.net/sfu/appdyn_d2d_feb
>>>> _______________________________________________
>>>> Geoserver-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>>>
>>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
>> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
>> endpoint security space. For insight on selecting the right partner to
>> tackle endpoint security challenges, access the full report.
>> http://p.sf.net/sfu/symantec-dev2dev
>>
>> _______________________________________________
>> Geoserver-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>>
>
>
> --
> Justin Deoliveira
> OpenGeo - http://opengeo.org
> Enterprise support for open source geospatial.
>
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
