[Geoserver-devel] Geoserver security improvement proposal

GeoServer GeoServer Developer
1

Hi all, I have to write a Master Thesis for my study "Applied IT Security" at the university of Bochum, Germany.

I convinced my mentors to have a topic about security of geodata infrastructures. The title will be something like

"Building a secure GDI using Geoserver,Spring Security,SAML and GeoXACML"

The thesis has 3 main parts.

1) Integration of Spring Security 3.0 into geoserver. This gives us the possibility to offer a lot of authentication mechanisms including customized plugins.
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/introduction.html#what-is-acegi-security
There are also nice possibilities for access control like a new expression syntax.

2) Examine how to integrate the geoxacml community module as spring access plugin into geoserver.

3) Take a deeper look into SAML ( "Single Sign On" would be a nice thing).

The first part has top priority. The existing file based access control system should be refactored to fit into Spring 3.0. No user action should be necessary. I do not want to break existing security deployments.

It is also possible to write the thesis in English. The idea is to have about 60 pages as documentation, the rest of the work is coding/integrating. Since I am not a native English speaker, is there anybody who can read my thesis and correct my mistakes ?

Opinions, Votes ?

Cheers
Christian

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

2

On Mon, Oct 4, 2010 at 11:55 AM, <christian.mueller@anonymised.com> wrote:

Hi all, I have to write a Master Thesis for my study "Applied IT
Security" at the university of Bochum, Germany.

I convinced my mentors to have a topic about security of geodata
infrastructures. The title will be something like

"Building a secure GDI using Geoserver,Spring Security,SAML and GeoXACML"

The thesis has 3 main parts.

1) Integration of Spring Security 3.0 into geoserver. This gives us
the possibility to offer a lot of authentication mechanisms including
customized plugins.
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/introduction.html#what-is-acegi-security
There are also nice possibilities for access control like a new
expression syntax.

Sounds good (as long as, as you say, it does not break existing
functionality :-p )
However I'm wondering, would this require an upgrade of the whole project to
Spring 3? Did you assess what kind of changes would be needed to do that?

2) Examine how to integrate the geoxacml community module as spring
access plugin into geoserver.

Sounds good as well. Also see the work done by Lennart at:
http://jira.codehaus.org/browse/GEOS-4049
http://jira.codehaus.org/browse/GEOS-4045

3) Take a deeper look into SAML ( "Single Sign On" would be a nice thing).

Don't know much about this. The SSO I hear people talking about the most is CAS.

The first part has top priority. The existing file based access
control system should be refactored to fit into Spring 3.0. No user
action should be necessary. I do not want to break existing security
deployments.

It is also possible to write the thesis in English. The idea is to
have about 60 pages as documentation, the rest of the work is
coding/integrating. Since I am not a native English speaker, is there
anybody who can read my thesis and correct my mistakes ?

I can have a look if you give me some time so that I can fit it
into empty spaces in the weekends, but I'm not a native speaker either.
Some actual native speaker would be better: take my offer as a backup plan :slight_smile:

Cheers
Andrea

-----------------------------------------------------
Ing. Andrea Aime
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy

phone: +39 0584962313
fax: +39 0584962313

http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf

-----------------------------------------------------

3

About Spring 3.0, taken from Spring Security FAQ
********************************************
What Java and Spring Framework versions are required?

Spring Security 2.0.x requires a minimum JDK version of 1.4 and is built against Spring 2.0.x. It should also be compatible with applications using Spring 2.5.x.

Spring Security 3.0 requires JDK 1.5 as a minimum and will also require Spring 3.0.
********************************************

I think, we currently use Spring 2.5.5 ?

A migration guide is here
http://static.springsource.org/spring/docs/upgrade/spring3/html/

I think if we want geoserver security on a professional level, I should study the guide and try to migrate. If you feel that this is a big risk, I have to fall back and use Spring Security 2.0.

And btw, thank you for your backup offer.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

4

Hi Christian, sounds like a very interesting project.

I would be ok with moving to Spring 3.0, may be we can just schedule
that for geoserver 2.2.x. I'm not sure when we'll push for a 2.1 release
but hopefully it won't be that long.
If at all, a minimal assessment of the incompatibilities and an
estimation of the effort required would be very much appreciated.I'll
try to give it a read to the Spring migration guide, but probably moving
to Spring 3 also means migrating the web app from wicket 1.3 to 1.4?
I don't think it's gonna be a small task, but worthwhile one.

Best regards,
Gabriel

On Mon, 2010-10-04 at 13:54 +0200, christian.mueller@anonymised.com wrote:

About Spring 3.0, taken from Spring Security FAQ
********************************************
What Java and Spring Framework versions are required?

Spring Security 2.0.x requires a minimum JDK version of 1.4 and is
built against Spring 2.0.x. It should also be compatible with
applications using Spring 2.5.x.

Spring Security 3.0 requires JDK 1.5 as a minimum and will also
require Spring 3.0.
********************************************

I think, we currently use Spring 2.5.5 ?

A migration guide is here
http://static.springsource.org/spring/docs/upgrade/spring3/html/

I think if we want geoserver security on a professional level, I
should study the guide and try to migrate. If you feel that this is a
big risk, I have to fall back and use Spring Security 2.0.

And btw, thank you for your backup offer.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

--
Gabriel Roldan
groldan@anonymised.com
Expert service straight from the developers

5

As a native English speaker, I’d be willing to provide review of the documentation for grammar etc. I know a bit of computer security terminology (mostly picked up working on Spring Security stuff in GeoServer) but have never really studied it so you may want to keep looking for someone to review for technical accuracy.


David Winslow
OpenGeo - http://opengeo.org/

On Mon, Oct 4, 2010 at 9:37 AM, Gabriel Roldán <groldan@anonymised.com> wrote:

Hi Christian, sounds like a very interesting project.

I would be ok with moving to Spring 3.0, may be we can just schedule
that for geoserver 2.2.x. I’m not sure when we’ll push for a 2.1 release
but hopefully it won’t be that long.
If at all, a minimal assessment of the incompatibilities and an
estimation of the effort required would be very much appreciated.I’ll
try to give it a read to the Spring migration guide, but probably moving
to Spring 3 also means migrating the web app from wicket 1.3 to 1.4?
I don’t think it’s gonna be a small task, but worthwhile one.

Best regards,
Gabriel

On Mon, 2010-10-04 at 13:54 +0200, christian.mueller@anonymised.com wrote:

About Spring 3.0, taken from Spring Security FAQ

What Java and Spring Framework versions are required?

Spring Security 2.0.x requires a minimum JDK version of 1.4 and is
built against Spring 2.0.x. It should also be compatible with
applications using Spring 2.5.x.

Spring Security 3.0 requires JDK 1.5 as a minimum and will also
require Spring 3.0.

I think, we currently use Spring 2.5.5 ?

A migration guide is here
http://static.springsource.org/spring/docs/upgrade/spring3/html/

I think if we want geoserver security on a professional level, I
should study the guide and try to migrate. If you feel that this is a
big risk, I have to fall back and use Spring Security 2.0.

And btw, thank you for your backup offer.

This message was sent using IMP, the Internet Messaging Program.

Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Gabriel Roldan
groldan@anonymised.com
Expert service straight from the developers

Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d

Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

6

Since I have no idea about the impact of using Spring 3.0, we could do a smaller step and integrate Spring Security 2.0. This should be possible without taking to much risk. Would be an option, I do not want to wait until next year for Spring 3.0 because I have a time frame (12 month max, starting soon)

Quoting Gabriel Roldán <groldan@anonymised.com>:

Hi Christian, sounds like a very interesting project.

I would be ok with moving to Spring 3.0, may be we can just schedule
that for geoserver 2.2.x. I'm not sure when we'll push for a 2.1 release
but hopefully it won't be that long.
If at all, a minimal assessment of the incompatibilities and an
estimation of the effort required would be very much appreciated.I'll
try to give it a read to the Spring migration guide, but probably moving
to Spring 3 also means migrating the web app from wicket 1.3 to 1.4?
I don't think it's gonna be a small task, but worthwhile one.

Best regards,
Gabriel

On Mon, 2010-10-04 at 13:54 +0200, christian.mueller@anonymised.com wrote:

About Spring 3.0, taken from Spring Security FAQ
********************************************
What Java and Spring Framework versions are required?

Spring Security 2.0.x requires a minimum JDK version of 1.4 and is
built against Spring 2.0.x. It should also be compatible with
applications using Spring 2.5.x.

Spring Security 3.0 requires JDK 1.5 as a minimum and will also
require Spring 3.0.
********************************************

I think, we currently use Spring 2.5.5 ?

A migration guide is here
http://static.springsource.org/spring/docs/upgrade/spring3/html/

I think if we want geoserver security on a professional level, I
should study the guide and try to migrate. If you feel that this is a
big risk, I have to fall back and use Spring Security 2.0.

And btw, thank you for your backup offer.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

--
Gabriel Roldan
groldan@anonymised.com
Expert service straight from the developers

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

7

Hi, I am missing some votes about my proposal to integrate spring security 2.0 as a first smaller step, deferring the migration to 3.0 until the whole geoserver project is migrating to spring 3.0.

In the case of acceptance I would open a jira improvement issue and start working on trunk.

Cheers
Christian

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

8

Hello Christian,

I think no voting at all has been made yet but an general expression of
interest in the work you're about to accomplish. A GSIP would be in
order though:
<http://docs.geoserver.org/latest/en/developer/policies/gsip.html&gt;

Feel free to start your GSIP and use it to explain what needs to be
done, the benefits, the impact on the code base, etc.

It doesn't need to be too much bureaucracy, the idea is to help you move
forward, not to slow you down.

2c.-

Cheers,
Gabriel

On Thu, 2010-10-07 at 09:25 +0200, christian.mueller@anonymised.com wrote:

Hi, I am missing some votes about my proposal to integrate spring
security 2.0 as a first smaller step, deferring the migration to 3.0
until the whole geoserver project is migrating to spring 3.0.

In the case of acceptance I would open a jira improvement issue and
start working on trunk.

Cheers
Christian

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

--
Gabriel Roldan
groldan@anonymised.com
Expert service straight from the developers

9

Aside, please also feel free to start experimenting on the code base as
you see fit. Git is recommended these days as most of us already have
our git branches (on github) where to perform any kind of development
and experimentation, and with the help of git-svn it's easier and
cleaner to commit to the formal svn repo when the time comes.

Best regards,
Gabriel
On Thu, 2010-10-07 at 15:01 -0300, Gabriel Roldán wrote:

Hello Christian,

I think no voting at all has been made yet but an general expression of
interest in the work you're about to accomplish. A GSIP would be in
order though:
<http://docs.geoserver.org/latest/en/developer/policies/gsip.html&gt;

Feel free to start your GSIP and use it to explain what needs to be
done, the benefits, the impact on the code base, etc.

It doesn't need to be too much bureaucracy, the idea is to help you move
forward, not to slow you down.

2c.-

Cheers,
Gabriel

On Thu, 2010-10-07 at 09:25 +0200, christian.mueller@anonymised.com wrote:
> Hi, I am missing some votes about my proposal to integrate spring
> security 2.0 as a first smaller step, deferring the migration to 3.0
> until the whole geoserver project is migrating to spring 3.0.
>
> In the case of acceptance I would open a jira improvement issue and
> start working on trunk.
>
> Cheers
> Christian
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>

--
Gabriel Roldan
groldan@anonymised.com
Expert service straight from the developers

10

  Hi,

For those who are interested, I already worked on a patch on revision 14534 on the trunk, to integrate spring-security 2.0.5 which is API compatible with spring-security 3.0.
It's not fully tested but it works for me, but I have no time at the moment to continue. It could be a great thing for geoserver because the GeoserverUserDao could be made compatible with the new interface UserDetailsManager and it could be possible to replace UserDao by custom implementation to introduce other storage support (like JDBC or Ldap which is in use in the georchestra project).

Best regards,
Philippe

Le 07/10/2010 20:05, Gabriel Roldán a écrit :

Aside, please also feel free to start experimenting on the code base as
you see fit. Git is recommended these days as most of us already have
our git branches (on github) where to perform any kind of development
and experimentation, and with the help of git-svn it's easier and
cleaner to commit to the formal svn repo when the time comes.

Best regards,
Gabriel
On Thu, 2010-10-07 at 15:01 -0300, Gabriel Roldán wrote:

Hello Christian,

I think no voting at all has been made yet but an general expression of
interest in the work you're about to accomplish. A GSIP would be in
order though:
<http://docs.geoserver.org/latest/en/developer/policies/gsip.html&gt;

Feel free to start your GSIP and use it to explain what needs to be
done, the benefits, the impact on the code base, etc.

It doesn't need to be too much bureaucracy, the idea is to help you move
forward, not to slow you down.

2c.-

Cheers,
Gabriel

On Thu, 2010-10-07 at 09:25 +0200, christian.mueller@anonymised.com wrote:

Hi, I am missing some votes about my proposal to integrate spring
security 2.0 as a first smaller step, deferring the migration to 3.0
until the whole geoserver project is migrating to spring 3.0.

In the case of acceptance I would open a jira improvement issue and
start working on trunk.

Cheers
Christian

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

--
Le contenu de ce message n'engage que son auteur et aucunement la soci�t�
DotGEE.