Hi every body,
I want to impersonate Tomcat in order to use the client request user authentication in Geoserver.
To do it, I installed the Waffle librairies in Tomcat, then I was able to perform correctly the impersonation with test web application.
In contrast, with Geoserver it doesn’t work.
Waffle documentation (https://github.com/dblock/waffle/blob/master/Docs/ServletSingleSignOnSecurityFilter.md) indicates :
“Note that there is no mapping between the Windows native threads, under which the impersonation takes place, and the Java threads. Thus you’ll need to use Windows native APIs to perform impersonated actions. Any action done in Java will still be performed with the user account running the servlet container.”
I want to know, if someone has already use the impersonation with Geoserver by using Waffle or by an other methode.
My environment is :
- Windows 2008 R2 x64
- Oracle 11g R2 x64
- Geoserver 2.61
- Apache 7.0.47 x64
- Java 1.7
Thanks for your help.
Best regards,
Kamardine
Hi Kamardine,
I don’t think you can directly use the waffle libraries with GeoServer, without writing some wrapper codes to integrate it with the GeoServer Security system (I see from the documentation that the libraries include Spring filters, so it should not be that difficult). Talking about impersonation in particular, I am curious to know what you need impersonation for, so that I can understand if there is any way to achieve what you need with GeoServer security.
Mauro
···
2015-01-05 11:29 GMT+01:00 Kamardine YOUSSOUFA <Kamardine.YOUSSOUFA@anonymised.com>:
Hi every body,
I want to impersonate Tomcat in order to use the client request user authentication in Geoserver.
To do it, I installed the Waffle librairies in Tomcat, then I was able to perform correctly the impersonation with test web application.
In contrast, with Geoserver it doesn’t work.
Waffle documentation (https://github.com/dblock/waffle/blob/master/Docs/ServletSingleSignOnSecurityFilter.md) indicates :
“Note that there is no mapping between the Windows native threads, under which the impersonation takes place, and the Java threads. Thus you’ll need to use Windows native APIs to perform impersonated actions. Any action done in Java will still be performed with the user account running the servlet container.”
I want to know, if someone has already use the impersonation with Geoserver by using Waffle or by an other methode.
My environment is :
- Windows 2008 R2 x64
- Oracle 11g R2 x64
- Geoserver 2.61
- Apache 7.0.47 x64
- Java 1.7
Thanks for your help.
Best regards,
Kamardine
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Hi Mauro,
My initial need was to make a SSO authentication in order to manage security on database level. I tried more solutions for example :
- The connecting to my Oracle Datastores by a SSO authentication on database level
- The using of waffle to impersonate the Apache context with the web request user
All this solutions did not worked, now I try an other solution by using the LDAP authentication and the custom SQL session startup script of the Oracle store in order to set the authorizations on database level.
By this way, I must use a basic authentication in each header of Geoserver web request.
I’d want to know if is it possible to use a NTLM or KERBEROS token in a web request header what I’ll supplied to make the LDAP authentication in Geoserver?
Thanks in advance for your help.
Best regards
Kamardine
···
De : Mauro Bartolomeoli maurobartolomeoli@anonymised.com
Envoyé : mercredi 7 janvier 2015 09:37
À : Kamardine YOUSSOUFA
Cc : geoserver-users@lists.sourceforge.net
Objet : Re: [Geoserver-users] How use impersonation with Geoserver
Hi Kamardine,
I don’t think you can directly use the waffle libraries with GeoServer, without writing some wrapper codes to integrate it with the GeoServer Security system (I see from the documentation that the libraries include Spring filters, so it should not be that difficult). Talking about impersonation in particular, I am curious to know what you need impersonation for, so that I can understand if there is any way to achieve what you need with GeoServer security.
Mauro
2015-01-05 11:29 GMT+01:00 Kamardine YOUSSOUFA <Kamardine.YOUSSOUFA@anonymised.com>:
Hi every body,
I want to impersonate Tomcat in order to use the client request user authentication in Geoserver.
To do it, I installed the Waffle librairies in Tomcat, then I was able to perform correctly the impersonation with test web application.
In contrast, with Geoserver it doesn’t work.
Waffle documentation (https://github.com/dblock/waffle/blob/master/Docs/ServletSingleSignOnSecurityFilter.md) indicates :
“Note that there is no mapping between the Windows native threads, under which the impersonation takes place, and the Java threads. Thus you’ll need to use Windows native APIs to perform impersonated actions. Any action done in Java will still be performed with the user account running the servlet container.”
I want to know, if someone has already use the impersonation with Geoserver by using Waffle or by an other methode.
My environment is :
- Windows 2008 R2 x64
- Oracle 11g R2 x64
- Geoserver 2.61
- Apache 7.0.47 x64
- Java 1.7
Thanks for your help.
Best regards,
Kamardine
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users