On Sat, May 18, 2013 at 11:11 AM, Christian Mueller <
[email protected]> wrote:
> Hi Henrik
>
> I am not sure if disabling security works as described in the link. A
> quick look into the GeoServerHomePage class indicates that the full GUI is
> only available if you are authenticated and you have the role
> ROLE_ADMINISTRATOR.
>
When we wrote this one
http://docs.geoserver.org/latest/en/user/security/disable.html
disabling the security system opened the UI fully too (the note is clear,
when you disable it,
protect the UI because it's open ended).
If this changed, we had a regression.
I have vague memory, but as far as I remember the code used to check if the
current user was null,
and if it was, it allowed access (since when the security subsystem is
operating you never get that,
not auth results in the anonymous user, not null).
Cheers
Andrea
--
==
GeoServer training in Milan, 6th & 7th June 2013! Visit
http://geoserver.geo-solutions.it for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
