Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headers based security and external authentication improvements #192

Merged
merged 4 commits into from
Oct 16, 2019
Merged

Headers based security and external authentication improvements #192

merged 4 commits into from
Oct 16, 2019

Conversation

mbarto
Copy link
Contributor

@mbarto mbarto commented Oct 16, 2019
edited by tdipisa
Loading

No description provided.

@mbarto mbarto requested a review from offtherailz October 16, 2019 12:20
@coveralls
Copy link

coveralls commented Oct 16, 2019
edited
Loading

Coverage Status

Coverage increased (+0.4%) to 34.304% when pulling e1a3881 on mbarto:headers_based_security into 90d4ff6 on geosolutions-it:master.

offtherailz
offtherailz reviewed Oct 16, 2019
View reviewed changes
Copy link
Member

@offtherailz offtherailz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. 👍

Only a couple of questions:

  1. If you want to switch you have to configure a both token authentication (to disable user retrival from service) and configure an headerfilter in context.
    Am I Right? This looks complicate. Is there a way to switch between the two set-ups configuring only one of them, or setting them in cascade, so checkToken is not called automatically'

  2. Can you document a little bit how to configure HeaderAuthenticationFilter ( enable it, configure user and role mapping and so on...).
    this wiki is ok. So we can copy it on mapstore docs soon

@mbarto
Copy link
Contributor Author

mbarto commented Oct 16, 2019
edited
Loading

Example of config (that I am working on):

<security:http auto-config="true" create-session="never" >
    <security:http-basic entry-point-ref="restAuthenticationEntryPoint"/>
    <!--security:custom-filter ref="authenticationTokenProcessingFilter" before="FORM_LOGIN_FILTER"/-->
    <security:custom-filter ref="sessionTokenProcessingFilter" after="FORM_LOGIN_FILTER"/>
    <security:custom-filter ref="headersProcessingFilter" before="FORM_LOGIN_FILTER"/>
    <security:anonymous />
</security:http>

<security:authentication-manager>
    <security:authentication-provider ref='georchestraAuthenticationProvider' />
</security:authentication-manager>

<bean class="it.geosolutions.geostore.services.rest.security.HeadersAuthenticationFilter" id="headersProcessingFilter">
</bean>

<bean id="georchestraAuthenticationProvider" class="it.geosolutions.geostore.services.rest.security.PreAuthenticatedAuthenticationProvider">
</bean>

This is the way Spring Security works: we have a bit of complexity to allow a lot of flexibility.
I am going to add commented examples of configuration, like we have for other supported scenarios in the config xml.

@mbarto mbarto merged commit 7d261df into geosolutions-it:master Oct 16, 2019
@mbarto mbarto mentioned this pull request Oct 21, 2019
Closed
@mbarto mbarto mentioned this pull request Jan 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@offtherailz offtherailz offtherailz left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mbarto @coveralls @offtherailz