Upgrade from Acegi Security to Spring Security 2.0. This update is a prerequisite to continue with GSIP 53 Geoserver security improvement

Christian Mueller

The update is scheduled for Geoserver 2.1.0

Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred

Geoserver already supports authentication and authorization, but this is a minimal implementation. At the moment it is tricky to add custom security plugins. Spring Security offers a lot of authentication/authorization mechanisms , including customized security modules.

Spring security offers a lot off Authentication mechanisms and authorization plug ins. This security architecture is independent of specific J2EE implementations and does not cause a vendor lock in.

The existing file based security modules will be migrated to fit into the new architecture. Additionally, the admin GUI has to be extended to offer a lot of security settings to the Geoserver administrator. Last not least, some new configuration files will be necessary.

This section should contain feedback provided by PSC members who may have a problem with the proposal.

The current file based modules are redesigned to fit into the new architecture. No migration is necessary for already deployed Geoserver installations.

(official voting never quite happened on this, but all were for it and it moved forward without a formal vote)

\- \[~afabiani\] \- \[~aaime\] \- \[~cholmes\] (Chair) \- \[~jive\] \- Rob Atkinson \- \[~simboss\] \- Ben Caradoc-Davies \- Mark Leslie

JIRA Task Email Discussion Wiki Page