Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security - Security extension #37

Closed
4 tasks done
tdipisa opened this issue Sep 25, 2019 · 2 comments
Closed
4 tasks done

Security - Security extension #37

tdipisa opened this issue Sep 25, 2019 · 2 comments
Assignees
@mbarto @francoxyz
Labels
Accepted Priority: High Task
Milestone
Phase I

Comments

@tdipisa
Copy link
Collaborator

tdipisa commented Sep 25, 2019
edited
Loading

The viewer must be integrated in the geOrchestra security tier with this extension (for this reason it can be activated/deactivated by the administrator in backoffice in the same way of other extensions)

  • The authentication of an user by the geOrchestra security context that involves: Security proxy, CAS and LDAP
  • The viewer only retrieves the information related to the user rights on extensions, layers and other protected information
  • User rights are managed in backoffice by the administrator and are mapped to user roles

We need to implement this:

  • backend authentication filter using security proxy headers
  • backend authorization using user / roles data from authentication and ignoring on-db user and groups
  • backend integration with LDAP to retrieve roles list
  • frontend automatic login from backend authentication filter
@tdipisa tdipisa added this to the Phase I milestone Sep 25, 2019
@fvanderbiest
Copy link
Member

This may help: https://github.com/georchestra/georchestra/blob/master/security-proxy/README.md#how-to-integrate-a-new-application-in-georchestra-

@mbarto
Copy link
Contributor

mbarto commented Oct 16, 2019
edited by tdipisa
Loading

We need this on the mapstore backend side:

mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 16, 2019
@mbarto
georchestra#37: security integration (WIP)
2ced7fb
mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 17, 2019
@mbarto
georchestra#37: initial implementation of security integration (autom…
49b97af 
…atic login using georchestra security headers)
mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 17, 2019
@mbarto
Fixes georchestra#37: initial implementation of security integration …
c93e690 
…(automatic login using georchestra security headers)
mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 17, 2019
@mbarto
Fixes georchestra#37: initial implementation of security integration …
f1c867a 
…(automatic login using georchestra security headers)
mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 18, 2019
@mbarto
georchestra#37: updated spring security configuration to enable georc…
1fa0939 
…hestra security proxy headers usage, also updated geostore to latest version to use latest security improvements
mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 18, 2019
@mbarto
georchestra#37: frontend initial support for authentication through t…
9df391a 
…he georchestra security-proxy
mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 21, 2019
@mbarto
georchestra#37: simplified backend security configuration and switche…
8349dad 
…d SecurityDAO to the one supporting external users
mbarto added a commit to mbarto/mapstore2-georchestra that referenced this issue Oct 21, 2019
@mbarto
georchestra#37: added skeleton of maps page and route for mapviewer o…
1f355c9 
…n a specific map
@mbarto mbarto closed this as completed in 7b5ac64 Oct 24, 2019
@tdipisa tdipisa reopened this Oct 24, 2019
mbarto added a commit that referenced this issue Oct 25, 2019
@mbarto
#37: fixed roles mapping
120886c
@tdipisa tdipisa added the Task label Nov 25, 2019
@francoxyz francoxyz self-assigned this Nov 26, 2019
@Gaetanbrl Gaetanbrl mentioned this issue Aug 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mbarto mbarto

@francoxyz francoxyz

Labels
Accepted Priority: High Task
Projects
None yet
Milestone
Phase I
Development

No branches or pull requests
4 participants
@fvanderbiest @tdipisa @mbarto @francoxyz