I would like to configure GeoServer to use Sping’s session fixation protection as described here: http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html
Basically, this copies the user session into a new one, with a new id, when logging in.
After some searching I can’t seem to find the pertinent application config file.
Can anyone point me in the right direction?
Jason Newmoyer
Newmoyer Geospatial Solutions
843.606.0424
jason@anonymised.com
Each module in geoserver as an application-context.xml config file, they are all read in and used to configure the resulting applicaiton (this is why GeoServer can have “dropin” extensions that wire in new functionality).
Here is an example from the gs-main.jar:
https://github.com/geoserver/geoserver/blob/master/src/main/src/main/java/applicationContext.xml
On 21 June 2016 at 11:51, Jason Newmoyer <jason@anonymised.com> wrote:
I would like to configure GeoServer to use Sping’s session fixation protection as described here: http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html
Basically, this copies the user session into a new one, with a new id, when logging in.
After some searching I can’t seem to find the pertinent application config file.
Can anyone point me in the right direction?
Jason Newmoyer
Newmoyer Geospatial Solutions
843.606.0424
jason@anonymised.com
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
Jody Garnett
All the spring configuration related to security actually lives in this file: https://github.com/geoserver/geoserver/blob/master/src/main/src/main/java/applicationSecurityContext.xml
The way GeoServer configures spring security is pretty different from what you’ll find in the spring security docs, especially since they use the newer style where you work with higher level elements rather than raw bean definitions.
You may be able to mix the two, or if you can figure out what those elements boil down to into terms of bean definitions you can use that.
–
Jody Garnett
On 21 June 2016 at 11:51, Jason Newmoyer <jason@anonymised.com> wrote:
I would like to configure GeoServer to use Sping’s session fixation protection as described here: http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html
Basically, this copies the user session into a new one, with a new id, when logging in.
After some searching I can’t seem to find the pertinent application config file.
Can anyone point me in the right direction?
Jason Newmoyer
Newmoyer Geospatial Solutions
843.606.0424
jason@anonymised.com
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel