Page Operations
Browse SpaceIntroduction
This is a page to discuss what a security framework in GeoServer might look like. For the first step we only really want 'attribution', which just requires a log in for any operation. But further on we'd likely prefer more granular operations like who has view access, who has write access, ect.
Requirements
(please add more)
- Not writing our own user permissioning management, handled by someone else
- Able to plug in to other user management systems, like LDAP, ect.
- Fairly independant of GeoServer (like perhaps its own module)
- Ability for GeoServer services to access the permission information.
- ?
Possibilities.
- JAAS - The Java Authentication and Authorization Service (JAAS) is a set of APIs that enable services to authenticate and enforce access controls upon users. It implements a Java technology version of the standard Pluggable Authentication Module (PAM) framework, and supports user-based authorization. This is included in JDK 1.4. Not sure if it really does everything we need. There has been some geoserver work with this, see: [GEOTOOLS:SIS Meta Infrastructure current software], which has code for security. There may be stuff in there that can be reused.
- Distribute Access Control System. These guys have worked with uDig in the past. They implemented with a WFS as well. It stands completely independant, and plugs in to a number of role backends. It's also very fast. Works with apache, installed separately. Can have integration at the code level without too much difficulty. Could be a very good option. Downside is that it's not java, would require people to install an extra piece of software.
- Seraph. Looks a bit light, but it's what confluence and jira use, and I do like how stuff works for them. It may be that we want something more light like it. Interesting thread on it here: http://forums.atlassian.com/thread.jspa?threadID=5020&tstart=0
- Acegi - Security services for Spring. Lots of nice features. Suggested by Seraph, they said it's more complex, probably a bit of a higher learning curve. But if we've got spring going already it could be good... article about it.
- more?