Hi About the restart. The security subsystem caches the the roles of a user (and the roles derived from group membership) for performance reasons. This holds true for stateless authentication (e. g. Basic Authentication) and for session cookies (interactive login). Otherwise we would pay a high performance penalty for each request. Look at the J2EE architecture, (web.xml as an example). If you change the security settings in the web.xml file you have to restart the container.
About the group concept. I think it is not the best idea to assign rules to users directly. IMHO a good practice is to assign roles to user groups and configure group membership for individual users. Again, this is not my concept, it is a J2EE concept. To be fair I have to say that the user documentation is lacking a lot of information and I understand the confusion. Cheers Christian On Thu, Oct 1, 2015 at 9:46 AM, Andrea Aime <andrea.a...@geo-solutions.it> wrote: > On Thu, Oct 1, 2015 at 8:31 AM, Hakala Oiva (Luke) <oiva.hak...@luke.fi> > wrote: > >> The simpe job would be to create a group of basic users and some users >> into it. But then the role service is confusing. As I understand, I >> should add a role to that user's group, right? But then the only derivative >> roles are ADMIN and GROUP_ADMIN, but I don't want such type of roles. Just >> basic user role, but there is not such? So, how to go on? Geoserver version >> 2.6.4. >> > > I normally just create the roles that make sense for the kind of security > I need (e..g, WFS_USER, RESTRICTED_WRITER), associate them > with users, and then work in the authorization subsystem to apply the > access rules based on the roles. > > I too find the group concept overkill and confusing, so I just end up > ignoring them... but probably it's because I did not have to manage > very complicated setup so far (lots of users yes, but relatively few roles) > > Cheers > Andrea > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > > ------------------------------------------------------- > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Geoserver-users mailing list > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users > > -- DI Christian Mueller MSc (GIS), MSc (IT-Security) OSS Open Source Solutions GmbH
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
