Hi,
the new security subsystem has been merged onto trunk.
You can find some documentation about it here:
http://docs.codehaus.org/display/GEOSDEV/Geoserver+security+implementation%2C+initial+version
Now, the initial implementaion is sure a step forward, yet
it's incomplete in many ways:
* lack of SSL support. This should be easy to add thought, at
least for the web console, yet I'm not sure how we should allow configuration of SSL on the service/data level (that is, how do you
specify a certain data/service combination has to be run on SSL).
* lack of data security. This would be relatively straigthforward
to support too is we limited ourselves to a configuratoin like:
namespace + data + role -> (read/write allowed or not)
which could be easily expressed in another proprerty file.
Yet, we would leave outside the possibily to hide just certain
features, or certain attributes. That would definitely push
us beyond the simple property file thought, an XML of some sort
would be needed.
* passwords are kept in cleartext (just like before), but it would
be better to keep them encrypted instead. We would need an UI for
this.
So, most of the stuff we could add boils down to more config or
more UI, two subsystems we're going to change soon (and no, I
won't make an UI for those property files in Struts unless OpenPlans
orders me to do so, ok? )
Soo... how are we going to approach this? I'm open to suggestions.
Cheers
Andrea