Hi everybody,
after some discussion with Christian and Andrea about current security modules configuration limits in the ability to backport them, I was thinking if we could try to introduce some flexibility to allow backporting in simple cases.
Talking with Andrea we found that 1.4.5 version of XStream allows ignoring unknown attributes (so that the unmarshalling doesn’t break loading a newer configuration with unrecognized properties): you can find some reference here: http://jira.codehaus.org/browse/XSTR-691.
Moreover, we could introduce a metadata map, similar to the one used in Catalog objects, to be used in backported versions.
So, what we could do is:
- upgrade XStream to 1.4.5 (from the current 1.4.3) and enable the unrecognized attributes ignore flag
- introduce the metadata map in security configurations
Any opinions on this?
Regards,
Mauro Bartolomeoli
–
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Tue, Oct 8, 2013 at 9:22 AM, Mauro Bartolomeoli <
mauro.bartolomeoli@anonymised.com> wrote:
Hi everybody,
after some discussion with Christian and Andrea about current security
modules configuration limits in the ability to backport them, I was
thinking if we could try to introduce some flexibility to allow backporting
in simple cases.
Talking with Andrea we found that 1.4.5 version of XStream allows ignoring
unknown attributes (so that the unmarshalling doesn't break loading a newer
configuration with unrecognized properties): you can find some reference
here: http://jira.codehaus.org/browse/XSTR-691.
Moreover, we could introduce a metadata map, similar to the one used in
Catalog objects, to be used in backported versions.
So, what we could do is:
- upgrade XStream to 1.4.5 (from the current 1.4.3) and enable the
unrecognized attributes ignore flag
- introduce the metadata map in security configurations
Any opinions on this?
If we upgrade XStream, I guess we would have a lesser need for the metadata
map.
I believe it would still be handy for out of core code, that might use the
metadata map to carry information
with special significance to them, without having to alter the core data
model, but probably less urgent
to implement
Cheers
Andrea
--
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Big +1 for updating to Xsteam 1.4.5.
Cheers
Christian
···
On Tue, Oct 8, 2013 at 9:35 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Tue, Oct 8, 2013 at 9:22 AM, Mauro Bartolomeoli <mauro.bartolomeoli@…1268…> wrote:
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi everybody,
after some discussion with Christian and Andrea about current security modules configuration limits in the ability to backport them, I was thinking if we could try to introduce some flexibility to allow backporting in simple cases.
Talking with Andrea we found that 1.4.5 version of XStream allows ignoring unknown attributes (so that the unmarshalling doesn’t break loading a newer configuration with unrecognized properties): you can find some reference here: http://jira.codehaus.org/browse/XSTR-691.
Moreover, we could introduce a metadata map, similar to the one used in Catalog objects, to be used in backported versions.
So, what we could do is:
- upgrade XStream to 1.4.5 (from the current 1.4.3) and enable the unrecognized attributes ignore flag
- introduce the metadata map in security configurations
Any opinions on this?
If we upgrade XStream, I guess we would have a lesser need for the metadata map.
I believe it would still be handy for out of core code, that might use the metadata map to carry information
with special significance to them, without having to alter the core data model, but probably less urgent
to implement
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
+1 on both the xstream upgrade and the metadata map. Would this be backported? Or would the addition of the metadata map itself be considered a configuration that we dont allow on the stable branch?
···
On Tue, Oct 8, 2013 at 4:49 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Big +1 for updating to Xsteam 1.4.5.
Cheers
Christian
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
Justin Deoliveira
Vice President, Engineering | Boundless
jdeolive@anonymised.com
@j_deolive
On Tue, Oct 8, 2013 at 9:35 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:
On Tue, Oct 8, 2013 at 9:22 AM, Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com> wrote:
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi everybody,
after some discussion with Christian and Andrea about current security modules configuration limits in the ability to backport them, I was thinking if we could try to introduce some flexibility to allow backporting in simple cases.
Talking with Andrea we found that 1.4.5 version of XStream allows ignoring unknown attributes (so that the unmarshalling doesn’t break loading a newer configuration with unrecognized properties): you can find some reference here: http://jira.codehaus.org/browse/XSTR-691.
Moreover, we could introduce a metadata map, similar to the one used in Catalog objects, to be used in backported versions.
So, what we could do is:
- upgrade XStream to 1.4.5 (from the current 1.4.3) and enable the unrecognized attributes ignore flag
- introduce the metadata map in security configurations
Any opinions on this?
If we upgrade XStream, I guess we would have a lesser need for the metadata map.
I believe it would still be handy for out of core code, that might use the metadata map to carry information
with special significance to them, without having to alter the core data model, but probably less urgent
to implement
Cheers
Andrea
–
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
On Wed, Oct 9, 2013 at 5:09 AM, Justin Deoliveira <jdeolive@anonymised.com
wrote:
+1 on both the xstream upgrade and the metadata map. Would this be
backported? Or would the addition of the metadata map itself be considered
a configuration that we dont allow on the stable branch?
The latter I'm afraid: 1.4.0 is out with the old version of XStream and
without the metadata map, so it would not be able to deal with the new
fields, the metadata map being one of them
Cheers
Andrea
--
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------