Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
The API change is clear, I could of used an example filter to have a better understanding of how it is used.
+1
Jody Garnett
On Wed, Apr 16, 2014 at 7:04 AM, Kevin Smith <ksmith@anonymised.com> wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
On Tue, Apr 15, 2014 at 11:04 PM, Kevin Smith <ksmith@anonymised.com>wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113+-+ResourceAccessManager+to+Build+Security+Filter
Yep, makes sense... but why is CatalogFilterAccessManager getting a method
without the user name
as parameter?
Cheers
Andrea
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
That isn’t for CatalogFilterAccessManager, it’s for CatalogFilter, and it doesn’t take an Authentication parameter because none of the existing methods on that interface take that parameter. CatalogFilterAccessManager’s toFilter method can then call toFilter on its delegate and each of its CatalogFilters and combine the results to get the final filter.
Doing a bit of preliminary implementation, I have noticed I may have missed one thing. I think the toFilter methods are going to need a reference to the catalog, so the signatures would be Filter ResourceAccessManager.toFilter(Authentication user, Class<? extends CatalogInfo> clazz, Catalog catalog) and Filter CatalogFilter.toFilter(Class<? extends CatalogInfo> clazz, Catalog catalog) Alternatively, those specific implementations that need a catalog could have it as a member, but the specific cases that most need it are the default implementations for the abstract base classes AbstractResourceAccessManager and AbstractCatalogFilter.
On 17 April 2014 01:42, Andrea Aime <andrea.aime@anonymised.com> wrote:
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
On Tue, Apr 15, 2014 at 11:04 PM, Kevin Smith <ksmith@anonymised.com> wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
Yep, makes sense… but why is CatalogFilterAccessManager getting a method without the user name
as parameter?
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Thu, Apr 17, 2014 at 6:32 PM, Kevin Smith <ksmith@anonymised.com>wrote:
That isn't for CatalogFilterAccessManager, it's for CatalogFilter, and it
doesn't take an Authentication parameter because none of the existing
methods on that interface take that parameter.
CatalogFilterAccessManager's toFilter method can then call toFilter on its
delegate and each of its CatalogFilters and combine the results to get the
final filter.
I see. There is no toFilter method in your proposal, you mean
getSecurityFilter yes?
toFilter would imply some sort of conversion, getSecurityFilter (or
getCatalogFilter if you like) seem more appropriate.
Doing a bit of preliminary implementation, I have noticed I may have
missed one thing. I think the toFilter methods are going to need a
reference to the catalog, so the signatures would be Filter
ResourceAccessManager.toFilter(Authentication user, Class<? extends
CatalogInfo> clazz, Catalog catalog) and Filter
CatalogFilter.toFilter(Class<? extends CatalogInfo> clazz, Catalog
catalog) Alternatively, those specific implementations that need a catalog
could have it as a member, but the specific cases that most need it are the
default implementations for the abstract base classes
AbstractResourceAccessManager and AbstractCatalogFilter.
I would avoid polluting the interface with a reference to catalog, we live
in a spring world, implementation can either have it injected (better), or
call GeoServerExtensions.bean("catalog")
(uglier, still working) to grab a reference if they need to
Cheers
Andrea
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
On 17 April 2014 11:11, Andrea Aime <andrea.aime@anonymised.com> wrote
I see. There is no toFilter method in your proposal, you mean
getSecurityFilter yes?
toFilter would imply some sort of conversion, getSecurityFilter (or
getCatalogFilter if you like) seem more appropriate.
Sorry, toFilter is what I had first thought of, and I renamed it to
getSecurityFilter when writing the proposal. I must have switched back
without thinking about it.
I would avoid polluting the interface with a reference to catalog, we live
in a spring world, implementation can either have it injected (better), or
call GeoServerExtensions.bean("catalog")
(uglier, still working) to grab a reference if they need toUgh, those static calls to GeoServerExtensions.bean can be such a pain
when it comes to testing. I take your point about going for a Springy
solution though and leave the function signatures as is.
--
Kevin Smith
Junior Software Engineer | Boundless
ksmith@anonymised.com
+1-778-785-7459
@boundlessgeo <https://twitter.com/boundlessgeo>
On Tue, Apr 15, 2014 at 11:04 PM, Kevin Smith <ksmith@anonymised.com>wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113+-+ResourceAccessManager+to+Build+Security+Filter
By the way, +1
Cheers
Andrea
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
+1 here too
==
Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Fri, Apr 18, 2014 at 11:18 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
On Tue, Apr 15, 2014 at 11:04 PM, Kevin Smith <ksmith@anonymised.com> wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
By the way, +1
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
So it’s been two weeks and 3 PSC members have +1ed it with no -1s. Is that a sufficient time/quorum? Implementation is about ready: https://github.com/smithkm/geoserver/tree/security_filter
On 29 April 2014 01:15, Alessio Fabiani <alessio.fabiani@anonymised.com> wrote:
+1 here too
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
==
Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Fri, Apr 18, 2014 at 11:18 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
On Tue, Apr 15, 2014 at 11:04 PM, Kevin Smith <ksmith@anonymised.com> wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
By the way, +1
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
Yeah two weeks is our grace period, so you can assume the remaining votes are +0
Jody Garnett
On Thu, May 1, 2014 at 10:13 AM, Kevin Smith <ksmith@anonymised.com> wrote:
So it’s been two weeks and 3 PSC members have +1ed it with no -1s. Is that a sufficient time/quorum? Implementation is about ready: https://github.com/smithkm/geoserver/tree/security_filter
“Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free.”
http://p.sf.net/sfu/SauceLabs
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
On 29 April 2014 01:15, Alessio Fabiani <alessio.fabiani@anonymised.com> wrote:
+1 here too
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
==
Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Fri, Apr 18, 2014 at 11:18 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
On Tue, Apr 15, 2014 at 11:04 PM, Kevin Smith <ksmith@anonymised.com> wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
By the way, +1
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
I moved the proposal to active, and marked down the votes, and linked to this email discussion.
Aside: I had asked that the proposal be updated with an example of how the API change is used
Jody Garnett
On Thu, May 1, 2014 at 10:22 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:
Yeah two weeks is our grace period, so you can assume the remaining votes are +0
Jody Garnett
On Thu, May 1, 2014 at 10:13 AM, Kevin Smith <ksmith@anonymised.com> wrote:
So it’s been two weeks and 3 PSC members have +1ed it with no -1s. Is that a sufficient time/quorum? Implementation is about ready: https://github.com/smithkm/geoserver/tree/security_filter
“Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free.”
http://p.sf.net/sfu/SauceLabs
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
On 29 April 2014 01:15, Alessio Fabiani <alessio.fabiani@anonymised.com68…> wrote:
+1 here too
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
==
Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Fri, Apr 18, 2014 at 11:18 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
Learn Graph Databases - Download FREE O’Reilly Book
“Graph Databases” is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
On Tue, Apr 15, 2014 at 11:04 PM, Kevin Smith <ksmith@anonymised.com> wrote:
Proposal for the extension to ResourceAccessManager I brought up earlier.
http://geoserver.org/display/GEOS/GSIP+113±+ResourceAccessManager+to+Build+Security+Filter
By the way, +1
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Thu, May 1, 2014 at 2:22 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:
Yeah two weeks is our grace period, so you can assume the remaining votes
are +0
Jody, where is the two weeks coming from? Here is the official policy:
http://docs.geoserver.org/stable/en/developer/policies/gsip.html
I agree two weeks wait is long enough, if not too long, but the only
measure of success
we have in there is:
"The proposal is considered successful after a majority of positive votes
is a achieved and all feedback from any negative votes has been addressed"
When things settle down I normally go for the opposite question: "If nobody
has further feedback I'll got ahead and merge the work tomorrow/in x days"
Works well in a world of busy people that might simply not respond mails :-p
Cheers
Andrea
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Sorry I was getting confused with the geotools page - http://docs.geotools.org/latest/developer/procedures/proposal.html
Which has an elapsed time of 15 days - I thought we had a similar mechanism in place for GeoServer to prevent proposals being stalled.
Jody Garnett
On Thu, May 1, 2014 at 5:10 PM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Thu, May 1, 2014 at 2:22 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:
Yeah two weeks is our grace period, so you can assume the remaining votes are +0
Jody, where is the two weeks coming from? Here is the official policy:
http://docs.geoserver.org/stable/en/developer/policies/gsip.html
I agree two weeks wait is long enough, if not too long, but the only measure of success
we have in there is:
“The proposal is considered successful after a majority of positive votes is a achieved and all feedback from any negative votes has been addressed”
When things settle down I normally go for the opposite question: “If nobody
has further feedback I’ll got ahead and merge the work tomorrow/in x days”
Works well in a world of busy people that might simply not respond mails :-p
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
OK, here are some examples for Jody,
AllowAllResourceAccessManager which just allows access to everything would have a getSecurityFilter like this
public Filter getSecurityFilter(Authentication user, Class<? extends CatalogInfo> clazz) {
return Predicates.allowAll();
}
While WorkspaceCatalogFilter which hides one specific workspace might have a getSecurityFilter like this:
public Filter getSecurityFilter(Class<? extends CatalogInfo> clazz) {
if(WorkspaceInfo.class.isAssignableFrom(clazz)) {
return Predicates.not(Predicates.equals(“id”, workspace.getId()));
} else {
return Predicates.not(Predicates.equals(“workspace.id”, workspace.getId()));
}
}
This isn’t actually in the proposal but is in my implementation; AbstractResourceAccessManager and AbstractCatalogFilter provide implementations equivalent to the existing filter. They are implemented based on calls to other methods of the RAM or CF that require the deserialized CatalogInfo object, and hence not are not “well known” filters that JDBCConfig can handle. Overriding them allows for the RAM or CF to replace that with a well known filter if it can, or to call super for cases where it can’t.
This is how I implemented it for DataAccessManagerAdapter
@SuppressWarnings(“deprecation”)
@Override
public Filter getSecurityFilter(Authentication user,
Class<? extends CatalogInfo> clazz) {
if(delegate.getMode()==CatalogMode.CHALLENGE)
// If we’re in CHALLENGE mode, everything should be visible
return Predicates.acceptAll();
else
return super.toFilter(user, clazz);
}
It returns a well known filter when that’s possible, and falls back to the non well known default when it can’t.
On 1 May 2014 05:30, Jody Garnett <jody.garnett@anonymised.com> wrote:
Sorry I was getting confused with the geotools page - http://docs.geotools.org/latest/developer/procedures/proposal.html
Which has an elapsed time of 15 days - I thought we had a similar mechanism in place for GeoServer to prevent proposals being stalled.
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
Jody Garnett
On Thu, May 1, 2014 at 5:10 PM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Thu, May 1, 2014 at 2:22 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:
Yeah two weeks is our grace period, so you can assume the remaining votes are +0
Jody, where is the two weeks coming from? Here is the official policy:
http://docs.geoserver.org/stable/en/developer/policies/gsip.html
I agree two weeks wait is long enough, if not too long, but the only measure of success
we have in there is:
“The proposal is considered successful after a majority of positive votes is a achieved and all feedback from any negative votes has been addressed”
When things settle down I normally go for the opposite question: “If nobody
has further feedback I’ll got ahead and merge the work tomorrow/in x days”
Works well in a world of busy people that might simply not respond mails :-p
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
Thanks Kevin, hoaxing those as part of the proposal makes it more real for people who come to implement a security filter later. These GSIP proposals form our GeoServer “design documentation” such as it is …
Jody Garnett
On Sat, May 3, 2014 at 5:14 AM, Kevin Smith <ksmith@anonymised.com> wrote:
OK, here are some examples for Jody,
AllowAllResourceAccessManager which just allows access to everything would have a getSecurityFilter like this
public Filter getSecurityFilter(Authentication user, Class<? extends CatalogInfo> clazz) {
return Predicates.allowAll();
}
While WorkspaceCatalogFilter which hides one specific workspace might have a getSecurityFilter like this:
public Filter getSecurityFilter(Class<? extends CatalogInfo> clazz) {
if(WorkspaceInfo.class.isAssignableFrom(clazz)) {
return Predicates.not(Predicates.equals(“id”, workspace.getId()));
} else {
return Predicates.not(Predicates.equals(“workspace.id”, workspace.getId()));
}
}This isn’t actually in the proposal but is in my implementation; AbstractResourceAccessManager and AbstractCatalogFilter provide implementations equivalent to the existing filter. They are implemented based on calls to other methods of the RAM or CF that require the deserialized CatalogInfo object, and hence not are not “well known” filters that JDBCConfig can handle. Overriding them allows for the RAM or CF to replace that with a well known filter if it can, or to call super for cases where it can’t.
This is how I implemented it for DataAccessManagerAdapter
@SuppressWarnings(“deprecation”)
@Override
public Filter getSecurityFilter(Authentication user,
Class<? extends CatalogInfo> clazz) {if(delegate.getMode()==CatalogMode.CHALLENGE)
// If we’re in CHALLENGE mode, everything should be visible
return Predicates.acceptAll();
else
return super.toFilter(user, clazz);
}It returns a well known filter when that’s possible, and falls back to the non well known default when it can’t.
On 1 May 2014 05:30, Jody Garnett <jody.garnett@anonymised.com03…> wrote:
Sorry I was getting confused with the geotools page - http://docs.geotools.org/latest/developer/procedures/proposal.html
Which has an elapsed time of 15 days - I thought we had a similar mechanism in place for GeoServer to prevent proposals being stalled.
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
Jody Garnett
On Thu, May 1, 2014 at 5:10 PM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Thu, May 1, 2014 at 2:22 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:
Yeah two weeks is our grace period, so you can assume the remaining votes are +0
Jody, where is the two weeks coming from? Here is the official policy:
http://docs.geoserver.org/stable/en/developer/policies/gsip.html
I agree two weeks wait is long enough, if not too long, but the only measure of success
we have in there is:
“The proposal is considered successful after a majority of positive votes is a achieved and all feedback from any negative votes has been addressed”
When things settle down I normally go for the opposite question: “If nobody
has further feedback I’ll got ahead and merge the work tomorrow/in x days”
Works well in a world of busy people that might simply not respond mails :-p
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
So we’re at 5 votes, all +1, can we call it accepted?
On 2 May 2014 17:14, Jody Garnett <jody.garnett@anonymised.com> wrote:
Thanks Kevin, hoaxing those as part of the proposal makes it more real for people who come to implement a security filter later. These GSIP proposals form our GeoServer “design documentation” such as it is …
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
Jody Garnett
On Sat, May 3, 2014 at 5:14 AM, Kevin Smith <ksmith@anonymised.com> wrote:
OK, here are some examples for Jody,
AllowAllResourceAccessManager which just allows access to everything would have a getSecurityFilter like this
public Filter getSecurityFilter(Authentication user, Class<? extends CatalogInfo> clazz) {
return Predicates.allowAll();
}
While WorkspaceCatalogFilter which hides one specific workspace might have a getSecurityFilter like this:
public Filter getSecurityFilter(Class<? extends CatalogInfo> clazz) {
if(WorkspaceInfo.class.isAssignableFrom(clazz)) {
return Predicates.not(Predicates.equals(“id”, workspace.getId()));
} else {
return Predicates.not(Predicates.equals(“workspace.id”, workspace.getId()));
}
}This isn’t actually in the proposal but is in my implementation; AbstractResourceAccessManager and AbstractCatalogFilter provide implementations equivalent to the existing filter. They are implemented based on calls to other methods of the RAM or CF that require the deserialized CatalogInfo object, and hence not are not “well known” filters that JDBCConfig can handle. Overriding them allows for the RAM or CF to replace that with a well known filter if it can, or to call super for cases where it can’t.
This is how I implemented it for DataAccessManagerAdapter
@SuppressWarnings(“deprecation”)
@Override
public Filter getSecurityFilter(Authentication user,
Class<? extends CatalogInfo> clazz) {if(delegate.getMode()==CatalogMode.CHALLENGE)
// If we’re in CHALLENGE mode, everything should be visible
return Predicates.acceptAll();
else
return super.toFilter(user, clazz);
}It returns a well known filter when that’s possible, and falls back to the non well known default when it can’t.
On 1 May 2014 05:30, Jody Garnett <jody.garnett@anonymised.com> wrote:
Sorry I was getting confused with the geotools page - http://docs.geotools.org/latest/developer/procedures/proposal.html
Which has an elapsed time of 15 days - I thought we had a similar mechanism in place for GeoServer to prevent proposals being stalled.
–
Kevin Smith
Junior Software Engineer | Boundless
+1-778-785-7459
Jody Garnett
On Thu, May 1, 2014 at 5:10 PM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Thu, May 1, 2014 at 2:22 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:
Yeah two weeks is our grace period, so you can assume the remaining votes are +0
Jody, where is the two weeks coming from? Here is the official policy:
http://docs.geoserver.org/stable/en/developer/policies/gsip.html
I agree two weeks wait is long enough, if not too long, but the only measure of success
we have in there is:
“The proposal is considered successful after a majority of positive votes is a achieved and all feedback from any negative votes has been addressed”
When things settle down I normally go for the opposite question: “If nobody
has further feedback I’ll got ahead and merge the work tomorrow/in x days”
Works well in a world of busy people that might simply not respond mails :-p
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Wed, May 21, 2014 at 8:27 PM, Kevin Smith <ksmith@anonymised.com>wrote:
So we're at 5 votes, all +1, can we call it accepted?
Oh yes, a lot of time passed and we have no -1 so it's accepted all right
Cheers
Andrea
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------