Strange. First, it is possible to disable security for a filter chain
completely, no need for manipulation of the web.xml file.
I disabled security for the web filter chain and did a debug session. I
had a breakpoint in the GeoserverHomePage constructor. The authentication
is null as expected, but the code in this constructor skips some GUI
components because of the missing administrator role. As far as I can
remember I did not modify this class.
Unfortunately this is a trap door because you are not admin, you cannot
reactivate security for the GUI and have to manipulate the
security/config.xml file manually.
Cheers
Christian
2013/5/19 Andrea Aime <[email protected]>
> On Sat, May 18, 2013 at 11:11 AM, Christian Mueller <
> [email protected]> wrote:
>
>> Hi Henrik
>>
>> I am not sure if disabling security works as described in the link. A
>> quick look into the GeoServerHomePage class indicates that the full GUI is
>> only available if you are authenticated and you have the role
>> ROLE_ADMINISTRATOR.
>>
>
> When we wrote this one
> http://docs.geoserver.org/latest/en/user/security/disable.html
> disabling the security system opened the UI fully too (the note is clear,
> when you disable it,
> protect the UI because it's open ended).
> If this changed, we had a regression.
> I have vague memory, but as far as I remember the code used to check if
> the current user was null,
> and if it was, it allowed access (since when the security subsystem is
> operating you never get that,
> not auth results in the anonymous user, not null).
>
> Cheers
> Andrea
>
>
> --
> ==
> GeoServer training in Milan, 6th & 7th June 2013! Visit
> http://geoserver.geo-solutions.it for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
