|
|
Andreas Schmitz created an issue |
|
GeoFence does not use roles from SecurityContext when checking rules |
|
Issue Type: |
|
|---|---|
|
Affects Versions: |
2.12.2 |
|
Assignee: |
Unassigned |
|
Components: |
GeoFence |
|
Created: |
15/Mar/18 10:42 AM |
|
Environment: |
Tested with GeoServer 2.12.2 and latest GeoFence (internal) |
|
Priority: |
|
|
Reporter: |
|
When GeoFence/GeoServer is configured with authorization from HTTP header (preauthorized), the configured header fields are correctly extracted and synthesized to users and roles. When manually adding one of the roles set through the configured header and restricting access to eg. a layer via GeoFence rules, GeoFence does not use those. I’m proposing a PR that extracts any roles from the Spring SecurityContext and adds them to the current user’s roles determined by the GeoFence user resolver. While this approach certainly works, I’d like some input from someone with the bigger picture in mind, I’m not that familiar with GeoServer/GeoFence security yet. Proposed PR: https://github.com/geoserver/geofence/pull/101 |
|
|
|
Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS |
|
|
This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100082-sha1:198c0c5) |
|
|
|