Hello folks.
Quick question, here is the setup:
We are using 2.2 beta2 with the new security framework to integrate Geoserver and our users database, using the JDBC connector. The goal is to have Geoserver access our user info, wich is already in place.
Initially I thought about “spring-extending” the sec-jdbc package so I could change how it access the databases, however, digging in the code it became clear that I can accomplish it by simply giving it my own ddl.xml (+10 cool points for that). But that still leaves me the problem of how the password is encrypted. The point is that Geoserver will have absolutely no write access to that database, as all the users are managed by our own application.
However, in my tests the Geoserver encoded pass does not match the password created by our product (as was the expectation), so my guess is Geoserver wont be able to match what authentication pass the user provides with the one in the database. In our user management we use a digest SHA-512 to encrypt the users password.
Now, I am having a spot of trouble locating where in the code the user supplied password is encrypted and matched against the one in the database.
Could anyone point me at the right direction as to how to accomplish that and extend (doing a pluggable jar would be ideal) to provide another option on how the encryption is done, therefore adding to the Weak PBE, Strong PBE, etc, options of the security settings.
Any info is hugely appreciated!
Cheers!
Rodrigo