Hmmm, because of my work of implementing and integrating GeoXACML into geoserver, I had to dig into the spring security concept and
how geoserver uses it.
Your proposal here is about authentication (which has nothing to do with GeoXACML) and is handled in the user properties file.
This file is also the base for role assignment. I feel not comfortable by offering a possibility that anybody can get an account. And if we offer this possibility, it will not be easy to revoke it later.
As far as I have seen, geoserver should rely on the spring framework for authentication issues. Spring Security offers a lot of possibilities like using JAAS or SAML Tokens. There are a many authentication concepts covered by Spring. It should also be possible to delegate the authentication part to the J2EE Container or using certificates. In my opinion, this is not an easy topic and for the moment, it ist not a good idea to have a dynamic user database.
Btw, there is no user group concept at the moment and assigning/modifying/removing roles for every user will make the admin unhappy. From my experience with J2EE Containers, roles are always assigned to groups, a user belongs to a set of groups. Makes live easier
In the near future, Andrea and me will start a community discussion about authorization with GeoXACML. Perhaps we should also discuss the authentication issue.
Opinions ?
Chris Holmes writes:
+1, looks great. One suggestion - it'd be great if there was a way for any user to sign up for an account. As far as I can tell right now the only way to add a new user is the admin doing it. And the admin setting the password.
Ideally there'd be a 'sign up' link by 'login', where a user can enter their own username and password (and indeed a password the admin would not know). Then the admin can set the permissions of what a new user can view. Ideally you might even have a role that can set user permissions but not have full access to the geoserver config.
And it'd obviously be great if the user new account interface had things like emailing a forgotten password, email confirmation, captchas, etc. Another direction to consider is allowing openid - let people sign in with their open id account.
Anyways, just some food for thought, this is a really nice start.
best regards,
Chris
Francesco Izzi wrote:
Hi list,
I created this GSIP which explains my proposal and the development state.
The proposal is available here:
http://geoserver.org/display/GEOS/GSIP+41+-+Promote+perLayerSecurity+UI+to+extension
For further information please reach me via mail or on the geoserver irc channel.
Cheers,
--
Francesco Izzi
CNR - IMAA
geoSDI - NSDI
Responsabile Sviluppo Software
C.da S. Loja
85050 Tito Scalo - POTENZA (PZ)
Italia
phone: +39 0971427305
fax: +39 0971 427271
mob: +39 3402640314
mail: francesco.izzi@anonymised.com <mailto:francesco.izzi@anonymised.com>
skype: neofx8080
web: http://www.geosdi.org
------------------------------------------------------------------------
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
------------------------------------------------------------------------
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
--
Chris Holmes
OpenGeo - http://opengeo.org
Expert service straight from the developers.
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users