Thanks, Mauro. We are aware of the ability to pass roles as well as the
user. That's certainly a nice facility to have. Unfortunately in the
context we are in it is non-trivial to map the supplied group to roles (for
various reasons, one of which is that the filter would essentially need to
implement its own Role Service to access the roles defined in the GeoServer
environment).
We were hoping that if there was a way to pass groups as well as the user
to the Security Subsystem, we could leave the work of computing the
group-role-layer query to it.
Instead, we may look at implementing a ResourceAccessManager plugin that
can access the Authorization mechanism that is already in place.
Martin
On Wed, Feb 24, 2016 at 12:19 AM, Mauro Bartolomeoli <
[email protected]> wrote:
> Hi Martin,
>
> 2016-02-24 2:03 GMT+01:00 Martin Davis <[email protected]>:
>
>> We are running GeoServer behind a HTTP security proxy which provides both
>> user authentication and user group membership information (via HTTP
>> Headers).
>>
>> Is it possible to somehow pass the user groups into GeoServer for use by
>> Security subsystem, against a suitably configured Role Service?
>>
>
> What you can currently do is use the HTTP Header Authentication Filter to
> extract both the username and a list of roles (not groups) from two
> distinct HTTP headers.
> To accomplish that you need to choose Request Header as the Role Source in
> the filter configuration.
>
> From related help: If the *role source* is *Request header*, the name of
> the HTTP header attribute has to be specified.The content of this attribute
> are the roles of the principal. The default role delimiter is the semicolon
> *;*.GeoServer accepts the sent roles without verification.
>
> Since roles are used for authorization purposes, probably it's not an
> issue mapping your groups to GeoServer roles.
>
> If you need something more flexible, some customization of this filter is
> needed.
>
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
