Forgot to ask, should I open a JIRA issue.
2013/5/19 Christian Mueller <[email protected]>
> Strange. First, it is possible to disable security for a filter chain
> completely, no need for manipulation of the web.xml file.
>
> I disabled security for the web filter chain and did a debug session. I
> had a breakpoint in the GeoserverHomePage constructor. The authentication
> is null as expected, but the code in this constructor skips some GUI
> components because of the missing administrator role. As far as I can
> remember I did not modify this class.
>
> Unfortunately this is a trap door because you are not admin, you cannot
> reactivate security for the GUI and have to manipulate the
> security/config.xml file manually.
>
> Cheers
> Christian
>
>
>
> 2013/5/19 Andrea Aime <[email protected]>
>
>> On Sat, May 18, 2013 at 11:11 AM, Christian Mueller <
>> [email protected]> wrote:
>>
>>> Hi Henrik
>>>
>>> I am not sure if disabling security works as described in the link. A
>>> quick look into the GeoServerHomePage class indicates that the full GUI is
>>> only available if you are authenticated and you have the role
>>> ROLE_ADMINISTRATOR.
>>>
>>
>> When we wrote this one
>> http://docs.geoserver.org/latest/en/user/security/disable.html
>> disabling the security system opened the UI fully too (the note is
>> clear, when you disable it,
>> protect the UI because it's open ended).
>> If this changed, we had a regression.
>> I have vague memory, but as far as I remember the code used to check if
>> the current user was null,
>> and if it was, it allowed access (since when the security subsystem is
>> operating you never get that,
>> not auth results in the anonymous user, not null).
>>
>> Cheers
>> Andrea
>>
>>
>> --
>> ==
>> GeoServer training in Milan, 6th & 7th June 2013! Visit
>> http://geoserver.geo-solutions.it for more information.
>> ==
>>
>> Ing. Andrea Aime
>> @geowolf
>> Technical Lead
>>
>> GeoSolutions S.A.S.
>> Via Poggio alle Viti 1187
>> 55054 Massarosa (LU)
>> Italy
>> phone: +39 0584 962313
>> fax: +39 0584 1660272
>> mob: +39 339 8844549
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>
>
>
> --
> DI Christian Mueller MSc (GIS), MSc (IT-Security)
> OSS Open Source Solutions GmbH
>
>
--
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
