[Geoserver-devel] [JIRA] (GEOS-10420) GeoFence group list is too limiting

Emanuele Tajariol created an issue

GeoServer / ImprovementGEOS-10420

GeoFence group list is too limiting

Issue Type:

ImprovementImprovement

Assignee:

Unassigned

Components:

GeoFence

Created:

15/Mar/22 10:57 AM

Priority:

MediumMedium

Reporter:

Emanuele Tajariol

When the option “Use GeoServer roles to get authorizations” is used, the logic requires a list of predefined groups, so that the last matching group (a break is missing?) is used for the authorization in GeoFence

see https://github.com/geoserver/geoserver/blob/84557570531bda5d9ce03703bba379fb2a4b1cfa/src/extension/geofence/src/main/java/org/geoserver/geofence/GeofenceAccessManager.java#L572

In architectures where the authentication is plugged, we may not know in advance the list of available roles, so we may want just take any role (probably there will be only one assigned when the user logs in).

We may add regex handling in this list, but, in order not to overengineer the logic, we may just consider the case where the “Comma delimited list of mutually exclusive roles for authorization” only contains a “*”; in that case, the first group associated to the current user should be used.

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100197-sha1:8522567)

Atlassian logo