GSIP 182

GSIP 182 - Add a security tab and table of roles for each layer, layer group, workspace

Overview

The aim of this improvement is to make possible the managing of access rules for layer/layerGroup and workspaces by adding a security tab to their edit page.

Proposed By

• Nuno Oliveira
• Imran Rajjad
• Marco Volpini

Assigned to Release

This proposal is for GeoServer 2.17.0 and backport to 2.16.1.

State

• Under Discussion
• In Progress
• Completed
• Rejected
• Deferred

Motivation

The improvement will allow a easier way to edit access rule for users, who will be able to manage data security contextually to layer/group workspace configuration.

Proposal

First step will be to add a new wicket Panel class that will handle generically the view of the box with roles and access modes. Also it will be necessary to create a new access rule class, in addition to the existing, to properly map attributes to the new interface and a class that will manage the conversion mechanism between the new rule data access rule class and the existing one. For what concerns layer/group side, two class are needed to got the Panel added to the PublishedConfigurationPage as a tab:

• one extending PublishedEditTabPanel;
• one extending CommonPublishedEditTabPanelInfo.

The two classes will be in a dependency relation with the new Panel class.

Regarding Workspace, it should be straightforward to integrate the new Panel class in existing wicket Page classes.

Finally it would be necessary to enable and disable the new tab according to geofence respectively not being or being active. To avoid looking explicitly for geofence in a core module, we have foreseen the possibility to create the concept of ModuleCapabilities, as an interface with an Enum Capability which will include the AdvancedSecurityConfiguration capability . The interface would then be extended by module status and will declare a single method boolean hasCapability(Capability capability). Thus, this will make possible to look for the advancedSecurity capability instead of searching explicitly for geofence.

Summarizing, changes in the following classes are foreseen:

• PublishedConfigurationPage.java will get the new Panel added as a tab to current tab list;
• WorkspaceEditPage.java and WorkspaceNewPage.java will be modified to get the new panel class and made tabbed.
• ModuleStatus.javawill extend the above mentioned ModuleCapabilities interface.
• ModuleStatusImpl.java will implement hasCapabilityMethod.

Backwards Compatibility

We don't foreseen any backwards compatibility issue:

• another UI component to manage data access rule will be added but current possibility to handle them from the existing page will be mantained;
• no changes will be done to current rules mechanism.

Feedback

Voting

Project Steering Committee:

• Alessio Fabiani: +1
• Andrea Aime: +1
• Ian Turton:+1
• Jody Garnett: +1
• Jukka Rahkonen:
• Kevin Smith:
• Simone Giannecchini: +1 and +0
• Torben Barsballe:
• Nuno Oliveira: +0

Links

• Ticket
• PullRequest
• Mailing list discussion

---