–
Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@anonymised.com> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@anonymised.com…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@anonymised.com> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

On Sun, Mar 13, 2016 at 5:20 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Do not worry about login/logout for GeoExplorer.

However I think the endpoint may be used by others so we should supply migration instructions for anyone else affected.

On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeolive@anonymised.com> wrote:

An update on this one.

Basically where it stands is that I think everything minus CAS has been ported over the new spring apis and afaik all tests are passing. I’ve run the server (with just the core modules) and can confirm that a quick smoke test doesn’t show any problems.

In terms of compability issues the only issue I have found thus far is the issue with the spring security login endpoints changing (ie. /j_spring_security_check is now /login). It’s on my list to circle back to see if we can somehow change some config to use the old paths. However when I looked before it didn’t look possible. I only know of one application (GeoExplorer) that utilizes the endpoints to login so i am not sure how far reaching this issue actually is.

So off the top of my head the remaining tasks are:

• Port CAS
• Look at the login/logout endpoint issue
• Decide what to do about the login/logout issue if we can’t change them back
• Do some more general and thorough testing

On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Christian, I will write up the blog post - and talk to you all next week with respect to planning.

---

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

–
Jody Garnett

–

–
Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@anonymised.com> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@anonymised.com…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@anonymised.com> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeolive@…403…> wrote:

An update on this one.

Basically where it stands is that I think everything minus CAS has been ported over the new spring apis and afaik all tests are passing. I’ve run the server (with just the core modules) and can confirm that a quick smoke test doesn’t show any problems.

In terms of compability issues the only issue I have found thus far is the issue with the spring security login endpoints changing (ie. /j_spring_security_check is now /login). It’s on my list to circle back to see if we can somehow change some config to use the old paths. However when I looked before it didn’t look possible. I only know of one application (GeoExplorer) that utilizes the endpoints to login so i am not sure how far reaching this issue actually is.

So off the top of my head the remaining tasks are:

• Port CAS

• Look at the login/logout endpoint issue

• Decide what to do about the login/logout issue if we can’t change them back

• Do some more general and thorough testing

On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garnett@…403…> wrote:

Thanks Christian, I will write up the blog post - and talk to you all next week with respect to planning.

–

Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@…3674…> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@…403…> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

–

Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@…1268…> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@…403…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@…4091…> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)

OSS Open Source Solutions GmbH

---

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

–

Jody Garnett

Hey Chris,

Thanks for the info. If we added a redirect from /j_spring_security_check to the new endpoint do you think that would help much? I’m trying to guage whether it’s worth the added complexity or if this is just something we can document as part of the upgrade.

-Justin

On Mon, Mar 14, 2016 at 7:29 AM Chris Snider <chris.snider@…2565…> wrote:

Hi,

I know we trap for the j_spring_security_check using JavaScript on page load to redirect the logout to our authentication server. If this changes, we just need to update our scripts. If there is a configuration update we have to do to maintain the current endpoint, I’m ok with that as well.

Thanks for getting the Spring 4 upgrade accomplished…it will help us immensely.

Chris Snider

Senior Software Engineer

Intelligent Software Solutions, Inc.

From: Jody Garnett [mailto:jody.garnett@…403…]
Sent: Saturday, March 12, 2016 9:20 PM
To: Justin Deoliveira <jdeolive@…403…>; Christian Mueller <christian.mueller@…3674…>
Cc: Geoserver Developers <geoserver-devel@lists.sourceforge.net>
Subject: Re: [Geoserver-devel] spring 4 upgrade

Do not worry about login/logout for GeoExplorer.

However I think the endpoint may be used by others so we should supply migration instructions for anyone else affected.

On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeolive@…403…> wrote:

An update on this one.

Basically where it stands is that I think everything minus CAS has been ported over the new spring apis and afaik all tests are passing. I’ve run the server (with just the core modules) and can confirm that a quick smoke test doesn’t show any problems.

In terms of compability issues the only issue I have found thus far is the issue with the spring security login endpoints changing (ie. /j_spring_security_check is now /login). It’s on my list to circle back to see if we can somehow change some config to use the old paths. However when I looked before it didn’t look possible. I only know of one application (GeoExplorer) that utilizes the endpoints to login so i am not sure how far reaching this issue actually is.

So off the top of my head the remaining tasks are:

• Port CAS

• Look at the login/logout endpoint issue

• Decide what to do about the login/logout issue if we can’t change them back

• Do some more general and thorough testing

On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garnett@…403…> wrote:

Thanks Christian, I will write up the blog post - and talk to you all next week with respect to planning.

–

Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@…3674…> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@…403…> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

–

Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@…1268…> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@…403…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@…4091…> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)

OSS Open Source Solutions GmbH

---

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

–

Jody Garnett

On 14 March 2016 at 08:35, Justin Deoliveira <jdeolive@anonymised.com> wrote:

Great, thanks Chris. I would have to say I agree so unless someone else has a strong opinion on this one I vote we go with this approach.

On Mon, Mar 14, 2016 at 8:34 AM Chris Snider <chris.snider@anonymised.com> wrote:

Justin,

For us it is a simple change to a wrapping HTML page. It doesn’t make sense for us to have the added complexity to trap the old endpoint to the new endpoint since we end up redirecting the browser to a completely different service endpoint that supports our overall single sign on process.

I would vote to simply take in the new endpoint and update applicable front ends that need to do something special.

Chris Snider

Senior Software Engineer

Intelligent Software Solutions, Inc.

From: Justin Deoliveira [mailto:jdeolive@anonymised.com]
Sent: Monday, March 14, 2016 8:28 AM
To: Chris Snider <chris.snider@anonymised.com>; Jody Garnett <jody.garnett@anonymised.com>; Christian Mueller <christian.mueller@anonymised.com>

Cc: Geoserver Developers <geoserver-devel@lists.sourceforge.net>
Subject: Re: [Geoserver-devel] spring 4 upgrade

Hey Chris,

Thanks for the info. If we added a redirect from /j_spring_security_check to the new endpoint do you think that would help much? I’m trying to guage whether it’s worth the added complexity or if this is just something we can document as part of the upgrade.

-Justin

On Mon, Mar 14, 2016 at 7:29 AM Chris Snider <chris.snider@anonymised.com565…> wrote:

Hi,

I know we trap for the j_spring_security_check using JavaScript on page load to redirect the logout to our authentication server. If this changes, we just need to update our scripts. If there is a configuration update we have to do to maintain the current endpoint, I’m ok with that as well.

Thanks for getting the Spring 4 upgrade accomplished…it will help us immensely.

Chris Snider

Senior Software Engineer

Intelligent Software Solutions, Inc.

From: Jody Garnett [mailto:jody.garnett@anonymised.com]
Sent: Saturday, March 12, 2016 9:20 PM
To: Justin Deoliveira <jdeolive@anonymised.com>; Christian Mueller <christian.mueller@anonymised.com.3674…>
Cc: Geoserver Developers <geoserver-devel@lists.sourceforge.net>
Subject: Re: [Geoserver-devel] spring 4 upgrade

Do not worry about login/logout for GeoExplorer.

However I think the endpoint may be used by others so we should supply migration instructions for anyone else affected.

On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeolive@anonymised.com…> wrote:

An update on this one.

Basically where it stands is that I think everything minus CAS has been ported over the new spring apis and afaik all tests are passing. I’ve run the server (with just the core modules) and can confirm that a quick smoke test doesn’t show any problems.

In terms of compability issues the only issue I have found thus far is the issue with the spring security login endpoints changing (ie. /j_spring_security_check is now /login). It’s on my list to circle back to see if we can somehow change some config to use the old paths. However when I looked before it didn’t look possible. I only know of one application (GeoExplorer) that utilizes the endpoints to login so i am not sure how far reaching this issue actually is.

So off the top of my head the remaining tasks are:

• Port CAS

• Look at the login/logout endpoint issue

• Decide what to do about the login/logout issue if we can’t change them back

• Do some more general and thorough testing

On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garnett@anonymised.com3…> wrote:

Thanks Christian, I will write up the blog post - and talk to you all next week with respect to planning.

–

Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@anonymised.com3…> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

–

Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@anonymised.com> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@anonymised.com3…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@anonymised.com> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)

OSS Open Source Solutions GmbH

---

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

–

Jody Garnett

–
Jody Garnett

On 13 March 2016 at 09:01, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi

I have do done the the CAS Port and pushed the commit to the spring4-upgrade branch.

Cheers

–
Jody Garnett

On Sun, Mar 13, 2016 at 5:20 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Do not worry about login/logout for GeoExplorer.

However I think the endpoint may be used by others so we should supply migration instructions for anyone else affected.

On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeolive@anonymised.com…> wrote:

An update on this one.

Basically where it stands is that I think everything minus CAS has been ported over the new spring apis and afaik all tests are passing. I’ve run the server (with just the core modules) and can confirm that a quick smoke test doesn’t show any problems.

In terms of compability issues the only issue I have found thus far is the issue with the spring security login endpoints changing (ie. /j_spring_security_check is now /login). It’s on my list to circle back to see if we can somehow change some config to use the old paths. However when I looked before it didn’t look possible. I only know of one application (GeoExplorer) that utilizes the endpoints to login so i am not sure how far reaching this issue actually is.

So off the top of my head the remaining tasks are:

• Port CAS
• Look at the login/logout endpoint issue
• Decide what to do about the login/logout issue if we can’t change them back
• Do some more general and thorough testing

On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Christian, I will write up the blog post - and talk to you all next week with respect to planning.

---

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

–
Jody Garnett

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@anonymised.com> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@anonymised.com…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@anonymised.com> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

On Tue, Mar 15, 2016 at 1:02 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Christian, I have updated the wiki page to reflect this progress:

• https://github.com/geoserver/geoserver/wiki/Spring-4-Upgrade

Trying to get a handle on what is left to do, especially testing. If security-cas requires any additional testing please add it to the page above.

What we have remaining before beta2:

3. Migrate tests from mock runner to spring-test
   (done) core building
   (done) extension building
   (volunteer needed) community modules (-PcommunityRelease) could not fix everything

4. GWC - also uses spring and will require update
   (done) Upgrade to Servlet 3.0
   (kevin) Migrate from Acegi 1.0.7 to Spring Security

5. GeoFence Integration

(volunteer) needed

7. community modules (-PcommunityRelease)
   need a list of these

8. Merge feature branch, release 2.9-beta2

–

–
Jody Garnett

On 13 March 2016 at 09:01, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi

I have do done the the CAS Port and pushed the commit to the spring4-upgrade branch.

Cheers

On Sun, Mar 13, 2016 at 5:20 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Do not worry about login/logout for GeoExplorer.

However I think the endpoint may be used by others so we should supply migration instructions for anyone else affected.

On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeolive@anonymised.com> wrote:

An update on this one.

Basically where it stands is that I think everything minus CAS has been ported over the new spring apis and afaik all tests are passing. I’ve run the server (with just the core modules) and can confirm that a quick smoke test doesn’t show any problems.

In terms of compability issues the only issue I have found thus far is the issue with the spring security login endpoints changing (ie. /j_spring_security_check is now /login). It’s on my list to circle back to see if we can somehow change some config to use the old paths. However when I looked before it didn’t look possible. I only know of one application (GeoExplorer) that utilizes the endpoints to login so i am not sure how far reaching this issue actually is.

So off the top of my head the remaining tasks are:

• Port CAS
• Look at the login/logout endpoint issue
• Decide what to do about the login/logout issue if we can’t change them back
• Do some more general and thorough testing

On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Christian, I will write up the blog post - and talk to you all next week with respect to planning.

---

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

–
Jody Garnett

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@anonymised.com> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@anonymised.com…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@anonymised.com> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

On Tue, Mar 15, 2016 at 1:02 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Christian, I have updated the wiki page to reflect this progress:

• https://github.com/geoserver/geoserver/wiki/Spring-4-Upgrade

Trying to get a handle on what is left to do, especially testing. If security-cas requires any additional testing please add it to the page above.

What we have remaining before beta2:

3. Migrate tests from mock runner to spring-test
   (done) core building
   (done) extension building
   (volunteer needed) community modules (-PcommunityRelease) could not fix everything

4. GWC - also uses spring and will require update
   (done) Upgrade to Servlet 3.0
   (kevin) Migrate from Acegi 1.0.7 to Spring Security

5. GeoFence Integration

(volunteer) needed

7. community modules (-PcommunityRelease)
   need a list of these

8. Merge feature branch, release 2.9-beta2

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 13 March 2016 at 09:01, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi

I have do done the the CAS Port and pushed the commit to the spring4-upgrade branch.

Cheers

On Sun, Mar 13, 2016 at 5:20 AM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Do not worry about login/logout for GeoExplorer.

However I think the endpoint may be used by others so we should supply migration instructions for anyone else affected.

On Sat, Mar 12, 2016 at 12:32 PM Justin Deoliveira <jdeolive@anonymised.com> wrote:

An update on this one.

Basically where it stands is that I think everything minus CAS has been ported over the new spring apis and afaik all tests are passing. I’ve run the server (with just the core modules) and can confirm that a quick smoke test doesn’t show any problems.

In terms of compability issues the only issue I have found thus far is the issue with the spring security login endpoints changing (ie. /j_spring_security_check is now /login). It’s on my list to circle back to see if we can somehow change some config to use the old paths. However when I looked before it didn’t look possible. I only know of one application (GeoExplorer) that utilizes the endpoints to login so i am not sure how far reaching this issue actually is.

So off the top of my head the remaining tasks are:

• Port CAS
• Look at the login/logout endpoint issue
• Decide what to do about the login/logout issue if we can’t change them back
• Do some more general and thorough testing

On Fri, Mar 4, 2016 at 12:19 PM Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Christian, I will write up the blog post - and talk to you all next week with respect to planning.

---

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

–
Jody Garnett

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 23:24, Christian Mueller <christian.mueller@anonymised.com> wrote:

Hi all

I think it is necessary to upgrade, +1 here. I have seen Justin created a branch spring4-upgrade fixing the broken security code.

For CAS I have an online test scenario.

Cheers

On Thu, Mar 3, 2016 at 6:19 PM, Jody Garnett <jody.garnett@anonymised.com> wrote:

Thanks Simone, updating the page. I will give Christian another day and then I would like to start making plans.

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

–

DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH

–
Jody Garnett

On 3 March 2016 at 09:16, Simone Giannecchini <simone.giannecchini@anonymised.com> wrote:

Ciao Jody,
I am for upgrading to Spring 4 + delaying the release.

I already told Andrea we can devote resources to help with the upgrade.

Regards,
Simone Giannecchini

GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.

Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.

On Thu, Mar 3, 2016 at 6:04 PM, Jody Garnett <jody.garnett@anonymised.com…> wrote:

Thanks Brad, updated the table accordingly. I probably should of phrased
this as a yes/no question.

We are waiting on two PSC members:

• Christian Mueller
• Simone Giannecchini

–
Jody Garnett

On 3 March 2016 at 06:18, Brad Hards <bradh@anonymised.com> wrote:

On Thu, 3 Mar 2016 06:08:39 PM Ben Caradoc-Davies wrote:

Thank you so much Jody for all your work rounding this up.

I am +1 to delay the release and upgrade now to Spring 4.
I’m OK with either solution (with a very slight preference for keeping a
Java
8 solution). Happy for those who understand the implications (in
particular,
the risks and work involved) at a deeper level to make the call on this.

Brad

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

---

Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140

---

Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel