···
2013/6/12 Justin Deoliveira <jdeolive@anonymised.com>
Ah ok I see, i misinterpreted “on-the fly”. I think this is a bit confusing to include in the user documentation which is what got me. All the user is concerned with is disabling the filter, how the system does it internally shouldn’t really matter.
Anyways, +1 on the change (it would be nice to tweak the docs) and agree with Ben’s assessment of not including the backport in the upcoming release, but waiting a month.
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Wed, Jun 12, 2013 at 1:11 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Justin
No, its a one step process.
- Disable the relevant filter chains → finish
The special flag is handled internally. As an example, if you disable security on the web filter chain, http://…/geoserver/web will show you the full admin GUI, no need to log in.
Cheers
Christian
–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
2013/6/10 Justin Deoliveira <jdeolive@anonymised.com>
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Mon, Jun 10, 2013 at 8:56 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Justin
The idea is the following:
You can disable security for each filter chain individually. Any filter chain protecting resources has a GeoServerPersistenceContextFilter at first position. Disabling security for a filter chain results in an empty filter chain.
An incoming request is flagged with “security is off” using a servlet attribute. If a request travels through a disabled filter chain nothing happens. Traveling through an enabled filter chain requires that the request travels through a GeoServerPerstinceContextFilter . This filter flags the request “security on”.
Ok, i still don’t quite understand. So disabling security is a two step process?
- Disable the relevant filter chains
- Make the request with with the special flag disabled
?
The request itself is stored in a thread local variable and there is a static public method informing you if security is on/off for this particular request. All GeoServer code can query this information.
The code checking for admin access checks if security is off. If it is off, access is allowed in any case. (For the admin, the logic is centralized in GeoServerSecurityManager).
Concerning your questions
- Authentication and authorization is disabled for the concrete filter chain
- The http request parameter and GeoServerPersistenceContextFilter do the trick. If such a filter is on the chain → security on, if not → security off
Hope this helps
Christian
–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
2013/6/10 Justin Deoliveira <jdeolive@anonymised.com.1501…>
Just looked over the patch. Code wise it looks ok, i made a few comments about documentation. It is not clear to me what exactly gets disabled? It is just the authentication system? Or authorization with data and service security?
And sorry if i am missing something obvious but what are the prerequisites for disabling security other than the http request parameter?
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Sun, Jun 9, 2013 at 11:31 PM, Christian Mueller <christian.mueller@anonymised.com> wrote:
The patch was triggered by the following thread on the mailing list
http://sourceforge.net/mailarchive/forum.php?thread_name=CA%2BnxMTvfXH2%3DD7Dt_roHbU76OMw3WAiWmLLvqY7wENDt8MKGUw%40mail.gmail.com&forum_name=geoserver-users
The user wants to protect the admin GUI with an ssh tunnel, no GoeServer security features are needed.
I am fine with 2.3.5 and I am hoping for vote of Justin because he was involved in the new security architecture.
Cheers
Christian
How ServiceNow helps IT people transform IT departments:
- A cloud service to automate IT design, transition and operations
- Dashboards that offer high-level views of enterprise services
- A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
2013/6/10 Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
-1 for backport to 2.3.x for inclusion in 2.3.4. We are too close, and in my view, living with this broken feature is better than a late change to stable.
+0 for backport to 2.3.x for inclusion in 2.3.5. I am not sure how important the ability to disable a feature is. You are right, these are a lot of changes, with a significant risk of unintended side-effects.
I am open to argument, particularly from our expert (you).
Kind regards,
Ben.
On 09/06/13 16:54, Christian Mueller wrote:
Disabling security does not work for 2.3.x and 2.4.x.
The problem is described here
https://jira.codehaus.org/browse/GEOS-5820
The fix is committed to master and the changes are here
https://github.com/mcrmcr/geoserver-1/commit/eaf2de921028dc1e8dcb66d4547b835868b5cac0
This is not a trivial fix. We can stay with a broken feature on 2.3.x
or we can decide to backport.
Thanks for you votes in advance.
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
How ServiceNow helps IT people transform IT departments:
- A cloud service to automate IT design, transition and operations
- Dashboards that offer high-level views of enterprise services
- A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
Ben Caradoc-Davies Ben.Caradoc-Davies@anonymised.com
Software Engineer
CSIRO Earth Science and Resource Engineering
Australian Resources Research Centre
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH