-
Notifications
You must be signed in to change notification settings - Fork 94
Proposal #2: integration of GeoStore with Spring Security
Most of our Geo-components, GeoServer, GeoFence, OpenSDI and others, rely on Spring Security as a security infrastructure, by using or implementing Authentication Providers allowing us to connect to external AA systems, like LDAP and CAS.
We propose to:
- refactor the GeoStore REST modules using the Spring Security annotations
- refactor the AA infrastructure using Spring Security
The first main milestone is to refactor the RESTfull infrastructure allowing the methods to be secured with psringframework security annotations. We don't need to touch the logic, we only need to tweak the dependencies, change the annotations and the beans declarations on WEB.XML and applicationContext.xml and make sure the output is backward compatible.
The basic AA shipped with the default GeoStore implementation must be revised a bit, since we need to configure a Spring Auth Provider for that, but this is also a minor improvement.
Created from issue #49 and issue #50
Implementation proposal available on pull request #51