GeoServer currently uses a rather ugly and brittle mechanism to apply data security (Certain users should only be able to view certain layers or certain parts of layers) to the service endpoints of its internal GWC instance.
This proposal is to add an API to GeoWebCache to do security checks which GeoServer can extend to apply its own security rules deeper inside GWC, after the service endpoints have parsed the request into a universal Conveyor object.
Extension point that the GeoWebCacheDispatcher can call to generate appropriate security context object to be stored on the resulting Conveyor
interface SecurityContextProvider<Context> {
public Context getSecurityContext(HttpRequest request)
}
Add accessors for a securityContext property to Conveyor. GeoWebCacheDispatcher calls Service.getConveyor to get a Conveyor, then handles it. The context would be attached in between those steps.
Add a SecurityException class. Allow it to wrap another exception so it can wrap the GeoServer one, which might then be extracted if need be. Amend method signatures to allow throwing this exception.
···
--
Kevin Michael Smith
[<smithkm@anonymised.com>](mailto:smithkm@anonymised.com)
GeoServer currently uses a rather ugly and brittle mechanism to apply data security (Certain users should only be able to view certain layers or certain parts of layers) to the service endpoints of its internal GWC instance.
This proposal is to add an API to GeoWebCache to do security checks which GeoServer can extend to apply its own security rules deeper inside GWC, after the service endpoints have parsed the request into a universal Conveyor object.
Extension point that the GeoWebCacheDispatcher can call to generate appropriate security context object to be stored on the resulting Conveyor
interface SecurityContextProvider<Context> {
public Context getSecurityContext(HttpRequest request)
}
Add accessors for a securityContext property to Conveyor. GeoWebCacheDispatcher calls Service.getConveyor to get a Conveyor, then handles it. The context would be attached in between those steps.
Add a SecurityException class. Allow it to wrap another exception so it can wrap the GeoServer one, which might then be extracted if need be. Amend method signatures to allow throwing this exception.
--
Kevin Michael Smith
[<smithkm@anonymised.com>](mailto:smithkm@anonymised.com)
Hi Kevin,
the current security mechanism in GeoServer work off an Authentication, this one
seems to be based on Spring own SecurityContext, but the API you shown says that’s an Object…
Can you clarify how that fits toghether and the rationale behind the different approach?
GeoServer currently uses a rather ugly and brittle mechanism to apply data security (Certain users should only be able to view certain layers or certain parts of layers) to the service endpoints of its internal GWC instance.
This proposal is to add an API to GeoWebCache to do security checks which GeoServer can extend to apply its own security rules deeper inside GWC, after the service endpoints have parsed the request into a universal Conveyor object.
Extension point that the GeoWebCacheDispatcher can call to generate appropriate security context object to be stored on the resulting Conveyor
interface SecurityContextProvider<Context> {
public Context getSecurityContext(HttpRequest request)
}
Add accessors for a securityContext property to Conveyor. GeoWebCacheDispatcher calls Service.getConveyor to get a Conveyor, then handles it. The context would be attached in between those steps.
Add a SecurityException class. Allow it to wrap another exception so it can wrap the GeoServer one, which might then be extracted if need be. Amend method signatures to allow throwing this exception.
--
Kevin Michael Smith
[<smithkm@anonymised.com>](mailto:smithkm@anonymised.com)
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
Hi Kevin,
the current security mechanism in GeoServer work off an
Authentication, this one
seems to be based on Spring own SecurityContext, but the API you shown
says that's an Object....
Can you clarify how that fits toghether and the rationale behind the
different approach?
This is the API for upstream GeoWebCache and I didn't want to unduly
restrict future development there. I'm happy to consider making Spring
Security part of the GWC API, but being flexible seemed like a better
starting point for discussion.
Kevin do you want to take this opportunity to make use of spring security?
This proposal has been held open for a while now and I want to make sure you are not stuck.
Hi Kevin,
the current security mechanism in GeoServer work off an
Authentication, this one
seems to be based on Spring own SecurityContext, but the API you shown
says that’s an Object…
Can you clarify how that fits toghether and the rationale behind the
different approach?
This is the API for upstream GeoWebCache and I didn’t want to unduly
restrict future development there. I’m happy to consider making Spring
Security part of the GWC API, but being flexible seemed like a better
starting point for discussion.
I’ve updated the proposal with Andrea’s suggestion of not passing the context as a parameter and using out of band context like a thread local from Spring Security)
At this point there’s not a lot of API change left. Just adding the new interface and expanding which exceptions are thrown.
Using AcessControlException as Jody suggested bothers me a bit as the Javadocs tie it to specific other components. I do like the idea of existing exception classes, although a subclass of GeoWebCacheException would probably be less disruptive.
···
On 6/26/17 10:48 AM, Jody Garnett wrote:
Kevin do you want to take this opportunity to make use of spring security?
This proposal has been held open for a while now and I want to make sure you are not stuck.
Hi Kevin,
the current security mechanism in GeoServer work off an
Authentication, this one
seems to be based on Spring own SecurityContext, but the API you shown
says that’s an Object…
Can you clarify how that fits toghether and the rationale behind the
different approach?
This is the API for upstream GeoWebCache and I didn’t want to unduly
restrict future development there. I’m happy to consider making Spring
Security part of the GWC API, but being flexible seemed like a better
starting point for discussion.
I’ve updated the proposal with Andrea’s suggestion of not passing the context as a parameter and using out of band context like a thread local from Spring Security)
At this point there’s not a lot of API change left. Just adding the new interface and expanding which exceptions are thrown.
Using AcessControlException as Jody suggested bothers me a bit as the Javadocs tie it to specific other components. I do like the idea of existing exception classes, although a subclass of GeoWebCacheException would probably be less disruptive.
On 6/26/17 10:48 AM, Jody Garnett wrote:
Kevin do you want to take this opportunity to make use of spring security?
This proposal has been held open for a while now and I want to make sure you are not stuck.
--
Kevin Michael Smith
[<smithkm@anonymised.com>](mailto:smithkm@anonymised.com)
Hi Kevin,
the current security mechanism in GeoServer work off an
Authentication, this one
seems to be based on Spring own SecurityContext, but the API you shown
says that’s an Object…
Can you clarify how that fits toghether and the rationale behind the
different approach?
This is the API for upstream GeoWebCache and I didn’t want to unduly
restrict future development there. I’m happy to consider making Spring
Security part of the GWC API, but being flexible seemed like a better
starting point for discussion.
I've updated the proposal with Andrea's suggestion of not passing the
context as a parameter and using out of band context like a thread local
from Spring Security)
At this point there's not a lot of API change left. Just adding the new
interface and expanding which exceptions are thrown.
Using AcessControlException as Jody suggested bothers me a bit as the
Javadocs tie it to specific other components. I do like the idea of
existing exception classes, although a subclass of GeoWebCacheException
would probably be less disruptive.
On 6/26/17 10:48 AM, Jody Garnett wrote:
Kevin do you want to take this opportunity to make use of spring security?
This proposal has been held open for a while now and I want to make
sure you are not stuck.
--
Jody Garnett
On 19 June 2017 at 14:29, Kevin Smith <smithkm@anonymised.com
<mailto:smithkm@anonymised.com>> wrote:
On 6/17/17 10:53 AM, Andrea Aime wrote:
> Hi Kevin,
> the current security mechanism in GeoServer work off an
> Authentication, this one
> seems to be based on Spring own SecurityContext, but the API you
shown
> says that's an Object....
> Can you clarify how that fits toghether and the rationale behind the
> different approach?
>
This is the API for upstream GeoWebCache and I didn't want to unduly
restrict future development there. I'm happy to consider making
Spring
Security part of the GWC API, but being flexible seemed like a better
starting point for discussion.
--
Kevin Michael Smith
<smithkm@anonymised.com <mailto:smithkm@anonymised.com>>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot