[Geoserver-devel] Call for vote GSIP-91

The GSIP is here

http://geoserver.org/display/GEOS/GSIP+91±+Enhance+authentication+filter+chain+configuration

This is the last round concerning authentication filter chains and I want to bring it in during the open development phase for 2.3.x. (This week)

Thanks
Christian

On Mon, Jan 14, 2013 at 10:30 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

The GSIP is here

http://geoserver.org/display/GEOS/GSIP+91±+Enhance+authentication+filter+chain+configuration

This is the last round concerning authentication filter chains and I want to bring it in during the open development phase for 2.3.x. (This week)

Hi,
I located the portion of the GUI where the filter chains are managed, but I cannot related that to the
contents of the proposal, nor I can find where the filter chains presented by the GUI
are configured. So… I have no idea?

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


Exactly this is the problem. On the top of the page you can manage individual authentication filters. (add,remove,edit). I want to have the same logic/look and feel for authentication chains. Until now, we have a fixed set of chains and I want to add flexibility. This is the hard part.

The additional SSL filter and including the HTTP method into the chain matching is the easy job.

Christian

2013/1/15 Andrea Aime <andrea.aime@anonymised.com>

On Mon, Jan 14, 2013 at 10:30 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

The GSIP is here

http://geoserver.org/display/GEOS/GSIP+91±+Enhance+authentication+filter+chain+configuration

This is the last round concerning authentication filter chains and I want to bring it in during the open development phase for 2.3.x. (This week)

Hi,
I located the portion of the GUI where the filter chains are managed, but I cannot related that to the
contents of the proposal, nor I can find where the filter chains presented by the GUI
are configured. So… I have no idea?

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


On Tue, Jan 15, 2013 at 5:03 PM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Exactly this is the problem. On the top of the page you can manage individual authentication filters. (add,remove,edit). I want to have the same logic/look and feel for authentication chains. Until now, we have a fixed set of chains and I want to add flexibility. This is the hard part.

Ah I see. Yep, allowing the configuration of the filter chains seems indeed useful.
However, the GSIP is talking about some sort of pattern language, is that going to be exposed
in the GUI directly or is it just an example:

/rest/** (GET,POST)
/rest/** , SSL required

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


Hey Christian,

How does this relate to GSIP-82?

Also, is there a patch i can check out?

-Justin

···

On Tue, Jan 15, 2013 at 11:16 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Tue, Jan 15, 2013 at 5:03 PM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Exactly this is the problem. On the top of the page you can manage individual authentication filters. (add,remove,edit). I want to have the same logic/look and feel for authentication chains. Until now, we have a fixed set of chains and I want to add flexibility. This is the hard part.

Ah I see. Yep, allowing the configuration of the filter chains seems indeed useful.
However, the GSIP is talking about some sort of pattern language, is that going to be exposed
in the GUI directly or is it just an example:

/rest/** (GET,POST)
/rest/** , SSL required

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it



Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

@Andrea: No, there is no new pattern language, this is only an example. The admin has to deal with simple ANT patterns.

@Justin
GSIP 91 could be named “GSIP 82, part II”. It is the successor for completing chain configuration logic. This will be the last major rework in the security core code. I want to bring it in before Andrea is doing 2.3-beta1. I will push to finish this work until the weekend and create a patch.I hope you can spend some time on Monday for reviewing.

Christian

2013/1/15 Justin Deoliveira <jdeolive@anonymised.com>

···

On Tue, Jan 15, 2013 at 11:16 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Tue, Jan 15, 2013 at 5:03 PM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:

Exactly this is the problem. On the top of the page you can manage individual authentication filters. (add,remove,edit). I want to have the same logic/look and feel for authentication chains. Until now, we have a fixed set of chains and I want to add flexibility. This is the hard part.

Ah I see. Yep, allowing the configuration of the filter chains seems indeed useful.
However, the GSIP is talking about some sort of pattern language, is that going to be exposed
in the GUI directly or is it just an example:

/rest/** (GET,POST)
/rest/** , SSL required

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it



Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

On Wed, Jan 16, 2013 at 6:51 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

@Andrea: No, there is no new pattern language, this is only an example. The admin has to deal with simple ANT patterns.

Ok, works for me, +1 (pending review of the patch

@Justin
GSIP 91 could be named “GSIP 82, part II”. It is the successor for completing chain configuration logic. This will be the last major rework in the security core code. I want to bring it in before Andrea is doing 2.3-beta1. I will push to finish this work until the weekend and create a patch.I hope you can spend some time on Monday for reviewing.

Ah, this poses a problem.
The release procedure takes the last revision that passed the cite tests, and the relase is scheduled for Monday,
which means it will take a revision from a nightly build done in the night between Sunday and Monday,
too late for a patch review.

Moreover, using the last day implies that there won’t be any feedback requiring changes to the patch.

You can talk with Jody, that is going to do the beta release, but it would be much better if you
had the patch ready for Friday, assuming that Justin has time to have a look at it

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


Thanks for the hint, in this situation I will try to finish the core code until Friday and hope for a review from Justin. Fortunately, Justin is 8 hours behind me :slight_smile:

I think the admin GUI is not so critical and I try to finish until Sunday.

Cheers
Christian

2013/1/16 Andrea Aime <andrea.aime@anonymised.com>

On Wed, Jan 16, 2013 at 6:51 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

@Andrea: No, there is no new pattern language, this is only an example. The admin has to deal with simple ANT patterns.

Ok, works for me, +1 (pending review of the patch

@Justin
GSIP 91 could be named “GSIP 82, part II”. It is the successor for completing chain configuration logic. This will be the last major rework in the security core code. I want to bring it in before Andrea is doing 2.3-beta1. I will push to finish this work until the weekend and create a patch.I hope you can spend some time on Monday for reviewing.

Ah, this poses a problem.
The release procedure takes the last revision that passed the cite tests, and the relase is scheduled for Monday,
which means it will take a revision from a nightly build done in the night between Sunday and Monday,
too late for a patch review.

Moreover, using the last day implies that there won’t be any feedback requiring changes to the patch.

You can talk with Jody, that is going to do the beta release, but it would be much better if you
had the patch ready for Friday, assuming that Justin has time to have a look at it

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


+0 on the proposal from me :slight_smile:

I have my monday slightly earlier than you, and need to complete the release promptly (or try again the next weekend).


Jody Garnett

On Wednesday, 16 January 2013 at 11:02 PM, Christian Mueller wrote:

Thanks for the hint, in this situation I will try to finish the core code until Friday and hope for a review from Justin. Fortunately, Justin is 8 hours behind me :slight_smile:

I think the admin GUI is not so critical and I try to finish until Sunday.

Cheers
Christian

2013/1/16 Andrea Aime <andrea.aime@anonymised.com>

On Wed, Jan 16, 2013 at 6:51 AM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:

@Andrea: No, there is no new pattern language, this is only an example. The admin has to deal with simple ANT patterns.

Ok, works for me, +1 (pending review of the patch

@Justin
GSIP 91 could be named “GSIP 82, part II”. It is the successor for completing chain configuration logic. This will be the last major rework in the security core code. I want to bring it in before Andrea is doing 2.3-beta1. I will push to finish this work until the weekend and create a patch.I hope you can spend some time on Monday for reviewing.

Ah, this poses a problem.
The release procedure takes the last revision that passed the cite tests, and the relase is scheduled for Monday,
which means it will take a revision from a nightly build done in the night between Sunday and Monday,
too late for a patch review.

Moreover, using the last day implies that there won’t be any feedback requiring changes to the patch.

You can talk with Jody, that is going to do the beta release, but it would be much better if you
had the patch ready for Friday, assuming that Justin has time to have a look at it

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


Sounds good Christian. I will try to review as soon as the patch is available.

···

On Tue, Jan 15, 2013 at 10:51 PM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

@Andrea: No, there is no new pattern language, this is only an example. The admin has to deal with simple ANT patterns.

@Justin
GSIP 91 could be named “GSIP 82, part II”. It is the successor for completing chain configuration logic. This will be the last major rework in the security core code. I want to bring it in before Andrea is doing 2.3-beta1. I will push to finish this work until the weekend and create a patch.I hope you can spend some time on Monday for reviewing.

Christian

2013/1/15 Justin Deoliveira <jdeolive@anonymised.com…>

Hey Christian,

How does this relate to GSIP-82?

Also, is there a patch i can check out?

-Justin


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

On Tue, Jan 15, 2013 at 11:16 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Tue, Jan 15, 2013 at 5:03 PM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:

Exactly this is the problem. On the top of the page you can manage individual authentication filters. (add,remove,edit). I want to have the same logic/look and feel for authentication chains. Until now, we have a fixed set of chains and I want to add flexibility. This is the hard part.

Ah I see. Yep, allowing the configuration of the filter chains seems indeed useful.
However, the GSIP is talking about some sort of pattern language, is that going to be exposed
in the GUI directly or is it just an example:

/rest/** (GET,POST)
/rest/** , SSL required

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it



Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

Hi Justin, the core code is available for review.

https://github.com/mcrmcr/geoserver-1/commit/3a648f8465f33a8c924d2c9ec00f0e3bec5c938a

Tests are passing. The important classes are

GeoServerSSLFilter
GeoServerRequestMatcher

I will start working on the admin GUI now.

2013/1/16 Justin Deoliveira <jdeolive@anonymised.com>

···

On Tue, Jan 15, 2013 at 10:51 PM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:

@Andrea: No, there is no new pattern language, this is only an example. The admin has to deal with simple ANT patterns.

@Justin
GSIP 91 could be named “GSIP 82, part II”. It is the successor for completing chain configuration logic. This will be the last major rework in the security core code. I want to bring it in before Andrea is doing 2.3-beta1. I will push to finish this work until the weekend and create a patch.I hope you can spend some time on Monday for reviewing.

Christian

2013/1/15 Justin Deoliveira <jdeolive@anonymised.com>

Hey Christian,

How does this relate to GSIP-82?

Also, is there a patch i can check out?

-Justin


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

On Tue, Jan 15, 2013 at 11:16 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Tue, Jan 15, 2013 at 5:03 PM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:

Exactly this is the problem. On the top of the page you can manage individual authentication filters. (add,remove,edit). I want to have the same logic/look and feel for authentication chains. Until now, we have a fixed set of chains and I want to add flexibility. This is the hard part.

Ah I see. Yep, allowing the configuration of the filter chains seems indeed useful.
However, the GSIP is talking about some sort of pattern language, is that going to be exposed
in the GUI directly or is it just an example:

/rest/** (GET,POST)
/rest/** , SSL required

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it



Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

0

Regards,
Simone Giannecchini

Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

On Wed, Jan 16, 2013 at 2:47 PM, Jody Garnett <jody.garnett@anonymised.com> wrote:

+0 on the proposal from me :slight_smile:

I have my monday slightly earlier than you, and need to complete the release
promptly (or try again the next weekend).

--
Jody Garnett

On Wednesday, 16 January 2013 at 11:02 PM, Christian Mueller wrote:

Thanks for the hint, in this situation I will try to finish the core code
until Friday and hope for a review from Justin. Fortunately, Justin is 8
hours behind me :slight_smile:

I think the admin GUI is not so critical and I try to finish until Sunday.

Cheers
Christian

2013/1/16 Andrea Aime <andrea.aime@anonymised.com>

On Wed, Jan 16, 2013 at 6:51 AM, Christian Mueller <mcrmcr21@anonymised.com>
wrote:

@Andrea: No, there is no new pattern language, this is only an example. The
admin has to deal with simple ANT patterns.

Ok, works for me, +1 (pending review of the patch

@Justin
GSIP 91 could be named "GSIP 82, part II". It is the successor for
completing chain configuration logic. This will be the last major rework in
the security core code. I want to bring it in before Andrea is doing
2.3-beta1. I will push to finish this work until the weekend and create a
patch.I hope you can spend some time on Monday for reviewing.

Ah, this poses a problem.
The release procedure takes the last revision that passed the cite tests,
and the relase is scheduled for Monday,
which means it will take a revision from a nightly build done in the night
between Sunday and Monday,
too late for a patch review.

Moreover, using the last day implies that there won't be any feedback
requiring changes to the patch.

You can talk with Jody, that is going to do the beta release, but it would
be much better if you
had the patch ready for Friday, assuming that Justin has time to have a look
at it

Cheers
Andrea

--

Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Hey Christian,

Looked over this commit and it looks good. No issues here.

-Justin

···

On Thu, Jan 17, 2013 at 5:43 AM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

Hi Justin, the core code is available for review.

https://github.com/mcrmcr/geoserver-1/commit/3a648f8465f33a8c924d2c9ec00f0e3bec5c938a

Tests are passing. The important classes are

GeoServerSSLFilter
GeoServerRequestMatcher

I will start working on the admin GUI now.

2013/1/16 Justin Deoliveira <jdeolive@anonymised.com>

Sounds good Christian. I will try to review as soon as the patch is available.


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

On Tue, Jan 15, 2013 at 10:51 PM, Christian Mueller <mcrmcr21@anonymised.com> wrote:

@Andrea: No, there is no new pattern language, this is only an example. The admin has to deal with simple ANT patterns.

@Justin
GSIP 91 could be named “GSIP 82, part II”. It is the successor for completing chain configuration logic. This will be the last major rework in the security core code. I want to bring it in before Andrea is doing 2.3-beta1. I will push to finish this work until the weekend and create a patch.I hope you can spend some time on Monday for reviewing.

Christian

2013/1/15 Justin Deoliveira <jdeolive@anonymised.com>

Hey Christian,

How does this relate to GSIP-82?

Also, is there a patch i can check out?

-Justin


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

On Tue, Jan 15, 2013 at 11:16 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Tue, Jan 15, 2013 at 5:03 PM, Christian Mueller <mcrmcr21@anonymised.com…> wrote:

Exactly this is the problem. On the top of the page you can manage individual authentication filters. (add,remove,edit). I want to have the same logic/look and feel for authentication chains. Until now, we have a fixed set of chains and I want to add flexibility. This is the hard part.

Ah I see. Yep, allowing the configuration of the filter chains seems indeed useful.
However, the GSIP is talking about some sort of pattern language, is that going to be exposed
in the GUI directly or is it just an example:

/rest/** (GET,POST)
/rest/** , SSL required

Cheers

Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it



Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.

+0

On the face of it, I am all for improvements and better control on
security but I dont think I have engaged enough with the recent
enhancements to judge this one.

Notice: This email and any attachments are confidential. If received in error please destroy and immediately notify us. Do not copy or disclose the contents.

+1 here.

Having al SSL filter on the chain seems to be a very good improvement, especially on REST responses which send clear text and is possible in some cases to have back the store passwords in clear.

Had a quick look at the code, the headers look fine, javadoc on methods fine and there are test cases.

It would be possible to have also a doc update on filters configuration? If still there ignore this question, I did not checked.

Alessio.

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


On Tue, Jan 22, 2013 at 8:57 PM, Phil Scadden <p.scadden@anonymised.com> wrote:

+0

On the face of it, I am all for improvements and better control on
security but I dont think I have engaged enough with the recent
enhancements to judge this one.

Notice: This email and any attachments are confidential. If received in error please destroy and immediately notify us. Do not copy or disclose the contents.


Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only – learn more at:

http://p.sf.net/sfu/learnnow-d2d


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

The whole security doc needs some love, this is on my TODO list

Christian

2013/1/23 Alessio Fabiani <alessio.fabiani@anonymised.com>

+1 here.

Having al SSL filter on the chain seems to be a very good improvement, especially on REST responses which send clear text and is possible in some cases to have back the store passwords in clear.

Had a quick look at the code, the headers look fine, javadoc on methods fine and there are test cases.

It would be possible to have also a doc update on filters configuration? If still there ignore this question, I did not checked.

Alessio.

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


On Tue, Jan 22, 2013 at 8:57 PM, Phil Scadden <p.scadden@anonymised.com> wrote:

+0

On the face of it, I am all for improvements and better control on
security but I dont think I have engaged enough with the recent
enhancements to judge this one.

Notice: This email and any attachments are confidential. If received in error please destroy and immediately notify us. Do not copy or disclose the contents.


Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only – learn more at:

http://p.sf.net/sfu/learnnow-d2d


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only – learn more at:
http://p.sf.net/sfu/learnnow-d2d


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel