[GeoNetwork-devel] XML user login and logout with spring security

Hi,

With Geonetwork 2.10.3 and the addition of spring security, do these XML user login and logout services still work?

For the xml.user.login, I get a 403 as re-direction has been configured to the spring security check URL. Following up with a xml.search returns results of non-authenticated search (only records published to All group).

No re-direction was configured for xml.user.logout.

Should I still be able to use these services within the new spring security mechanism?

Cheers

Kevin


The information contained within this transmission is for the use of the intended recipient only and may contain confidential and/or legally privileged material and/or material the subject of copyright and/or personal information and/or sensitive information that is subject to the Privacy Act 1988. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please notify the AIMS Privacy Officer on (07) 4753 4444 and delete all copies of this transmission together with any attachments.


To use the old APIs I think you need to modify the urlrewrite.xml file to change the code from redirect to forward.

···

On Thu, Mar 27, 2014 at 5:01 AM, Kevin Gunn <K.Gunn@anonymised.com> wrote:

Hi,

With Geonetwork 2.10.3 and the addition of spring security, do these XML user login and logout services still work?

For the xml.user.login, I get a 403 as re-direction has been configured to the spring security check URL. Following up with a xml.search returns results of non-authenticated search (only records published to All group).

No re-direction was configured for xml.user.logout.

Should I still be able to use these services within the new spring security mechanism?

Cheers

Kevin


The information contained within this transmission is for the use of the intended recipient only and may contain confidential and/or legally privileged material and/or material the subject of copyright and/or personal information and/or sensitive information that is subject to the Privacy Act 1988. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please notify the AIMS Privacy Officer on (07) 4753 4444 and delete all copies of this transmission together with any attachments.




GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork

Thanks Jesse.

Also found this which recommends invoking the spring URLs directly.

http://osgeo-org.1560.x6.nabble.com/XML-Login-Service-in-Geonetwork-2-10-td5064670.html

Cheers

Kevin

From: Jesse Eichar [mailto:jesse.eichar@…189…]
Sent: Thursday, 27 March 2014 4:44 PM
To: Kevin Gunn
Cc: geonetwork-devel@lists.sourceforge.net
Subject: Re: [GeoNetwork-devel] XML user login and logout with spring security

To use the old APIs I think you need to modify the urlrewrite.xml file to change the code from redirect to forward.

On Thu, Mar 27, 2014 at 5:01 AM, Kevin Gunn <K.Gunn@…187…> wrote:

Hi,

With Geonetwork 2.10.3 and the addition of spring security, do these XML user login and logout services still work?

For the xml.user.login, I get a 403 as re-direction has been configured to the spring security check URL. Following up with a xml.search returns results of non-authenticated search (only records published to All group).

No re-direction was configured for xml.user.logout.

Should I still be able to use these services within the new spring security mechanism?

Cheers

Kevin


The information contained within this transmission is for the use of the intended recipient only and may contain confidential and/or legally privileged material and/or material the subject of copyright and/or personal information and/or sensitive information that is subject to the Privacy Act 1988. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please notify the AIMS Privacy Officer on (07) 4753 4444 and delete all copies of this transmission together with any attachments.




GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork


The information contained within this transmission is for the use of the intended recipient only and may contain confidential and/or legally privileged material and/or material the subject of copyright and/or personal information and/or sensitive information that is subject to the Privacy Act 1988. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please notify the AIMS Privacy Officer on (07) 4753 4444 and delete all copies of this transmission together with any attachments.


Yes it is better to change your client API if you can.

···

On Fri, Mar 28, 2014 at 5:15 AM, Kevin Gunn <K.Gunn@anonymised.com> wrote:

Thanks Jesse.

Also found this which recommends invoking the spring URLs directly.

http://osgeo-org.1560.x6.nabble.com/XML-Login-Service-in-Geonetwork-2-10-td5064670.html

Cheers

Kevin

From: Jesse Eichar [mailto:jesse.eichar@anonymised.com]
Sent: Thursday, 27 March 2014 4:44 PM
To: Kevin Gunn
Cc: geonetwork-devel@lists.sourceforge.net
Subject: Re: [GeoNetwork-devel] XML user login and logout with spring security

To use the old APIs I think you need to modify the urlrewrite.xml file to change the code from redirect to forward.

On Thu, Mar 27, 2014 at 5:01 AM, Kevin Gunn <K.Gunn@anonymised.com7…> wrote:

Hi,

With Geonetwork 2.10.3 and the addition of spring security, do these XML user login and logout services still work?

For the xml.user.login, I get a 403 as re-direction has been configured to the spring security check URL. Following up with a xml.search returns results of non-authenticated search (only records published to All group).

No re-direction was configured for xml.user.logout.

Should I still be able to use these services within the new spring security mechanism?

Cheers

Kevin


The information contained within this transmission is for the use of the intended recipient only and may contain confidential and/or legally privileged material and/or material the subject of copyright and/or personal information and/or sensitive information that is subject to the Privacy Act 1988. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please notify the AIMS Privacy Officer on (07) 4753 4444 and delete all copies of this transmission together with any attachments.




GeoNetwork-devel mailing list
GeoNetwork-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork


The information contained within this transmission is for the use of the intended recipient only and may contain confidential and/or legally privileged material and/or material the subject of copyright and/or personal information and/or sensitive information that is subject to the Privacy Act 1988. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you have received this email in error please notify the AIMS Privacy Officer on (07) 4753 4444 and delete all copies of this transmission together with any attachments.