On Mon, Feb 13, 2012 at 12:59 PM, <[email protected]> wrote:
> Hi Andrea, now I am confused.
>
> I thought we are talking about the following optional feature:
>
> If an authenticated user originates a request geoservers sends back the
> roles of THIS user in a http response header attribute.
>
> If no user is authenticated and anonymous authentication is allowed,
> geoserver sends back ROLE_ANONYMOUS
>
> There is no direct relation to user/role databases. You cannot query the
> roles of other users. (Security disaster)
>
> I thought about injecting a servlet filter.
>
> A use case would be to have a dynamic web front end showing/hiding html
> components depending on the roles of the authenticated user.
>
Ah, reading also Rahkonen answer I realized I misinterpreted your sentence.
When you said:
"Does it make sense to offer this feature for administrative tasks (GUI or
REST). I think not but I am quite unsure."
I thought about the GeoServer own GUI and own REST configuration api.
Providing the user role information as part of the HTTP headers to front
ends
(user facing apps and/or replacements of the admin interface) of course
makes sense
Cheers
Andrea
--
-------------------------------------------------------
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
-------------------------------------------------------
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
