GeoNode extends GeoServer with certain JSON, REST, and security capabilities.
GeoServer delegates authentication and authorization to GeoNode.
When the GeoServer plugin sees a request, it attempts to authorize with GeoNode:
If the request has a valid
sessionidcookie (this links to a user in GeoNode), GeoNode looks up the user's permissions and replies.
If there are HTTP credentials in the request (via the
HTTP_AUTHORIZATIONheader) and they match those configured in the
OGC_SETTINGS, GeoNode replies that this user is a super-user.
Uploads is a special case: here, GeoNode makes the original request using the
.. todo:: Document GeoServer GeoJSON extensions
.. todo:: Document GeoServer REST extensions