GSIP 54 Upgrade Geoserver security to Spring Security 2.0

Overview

Upgrade from Acegi Security to Spring Security 2.0. This update is a prerequisite to continue with GSIP 53 Geoserver security improvement

Proposed By

Christian Mueller

Assigned to Release

The update is scheduled for Geoserver 2.1.0

State

Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred

Motivation

Geoserver already supports authentication and authorization, but this is a minimal implementation. At the moment it is tricky to add custom security plugins. Spring Security offers a lot of authentication/authorization mechanisms , including customized security modules.

Proposal

Spring security offers a lot off Authentication mechanisms and authorization plug ins. This security architecture is independent of specific J2EE implementations and does not cause a vendor lock in.

The existing file based security modules will be migrated to fit into the new architecture. Additionally, the admin GUI has to be extended to offer a lot of security settings to the Geoserver administrator. Last not least, some new configuration files will be necessary.

Feedback

This section should contain feedback provided by PSC members who may have a problem with the proposal.

Backwards Compatibility

The current file based modules are redesigned to fit into the new architecture. No migration is necessary for already deployed Geoserver installations.

Voting

(official voting never quite happened on this, but all were for it and it moved forward without a formal vote)

- [~afabiani]
- [~aaime]
- [~cholmes] (Chair)
- [~jive]
- Rob Atkinson
- [~simboss]
- Ben Caradoc-Davies
- Mark Leslie

Links

[JIRA Task|]
[Email Discussion|]
[Wiki Page|]

Added by Christian Mueller, last edited by Chris Holmes on Dec 15, 2011  (view change)
View Attachments (0) Info