So is there anything that will stop the user from misconfiguring the root
login chain?
On Wed, Aug 14, 2013 at 6:01 AM, Christian Mueller <
christian.muel...@os-solutions.at> wrote:
> Hi Justin
>
> Yep, with talked about a constant system filter chain, but it is not
> implemented yet. At the moment, each authentication filter has the burden
> to handle the login for the root user.
>
> Your understanding of the issue is correct.
>
> I would be happy to have a constant URI for the root login and kick out
> all the root login code and tests scattered over the security code.
>
> Christian
>
>
>
>
>
> On Wed, Aug 14, 2013 at 1:27 PM, Justin Deoliveira
> <jdeol...@opengeo.org>wrote:
>
>> Hi Christian,
>>
>> I thought this issue was addressed previously with the idea of a constant
>> filter chain, one that the user could not take away through
>> misconfiguration. Is that not he case?
>>
>> The idea sounds reasonable but i want to make sure i understand the
>> issue.
>>
>> -Justin
>>
>>
>>
>>
>> On Thu, Aug 8, 2013 at 9:43 AM, Christian Mueller <
>> christian.muel...@os-solutions.at> wrote:
>>
>>>
>>> The issue is about disabling the login page if no form based login is
>>> possible.
>>>
>>> https://jira.codehaus.org/browse/GEOS-5958
>>>
>>> All these security configuration issues may be dangerous if a
>>> configuration error happens. At the end of the day, the admin can lock out
>>> itself.
>>>
>>> IMHO, a dedicated login for the root user with the master password
>>> should always be possible. (The "root" user has administrative privileges).
>>>
>>> My idea:
>>>
>>> - Add a special filter chain /web/rootlogin (checked before /web/**)
>>> - Force digest authentication, no GUI needed, the browser pops up a
>>> login box
>>> - Upon success, redirect the the request to /web/
>>>
>>> This is quite a simple solution and helps fixing GEOS-5958.
>>> Additionally, I can remove a lot of code concerning the root login in the
>>> individual authentication filters and test cases.
>>>
>>> Opinions ?
>>>
>>>
>>>
>>> --
>>> DI Christian Mueller MSc (GIS), MSc (IT-Security)
>>> OSS Open Source Solutions GmbH
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>>> It's a free troubleshooting tool designed for production.
>>> Get down to code-level detail for bottlenecks, with <2% overhead.
>>> Download for free and get started troubleshooting in minutes.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> GeoTools-Devel mailing list
>>> GeoTools-Devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/geotools-devel
>>>
>>>
>>
>>
>> --
>> Justin Deoliveira
>> OpenGeo - http://opengeo.org
>> Enterprise support for open source geospatial.
>>
>
>
>
> --
> DI Christian Mueller MSc (GIS), MSc (IT-Security)
> OSS Open Source Solutions GmbH
>
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
GeoTools-Devel mailing list
GeoTools-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel
