Overview

Allow login/logout through the OpenSDI session service. Also, allow GeoStore interaction using an authentication token instead of simple Basic Authentication.

Proposed By

Mauro Bartolomeoli (mbarto)

Assigned to Release

TBD, tentatively 1.7

State

Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred

Motivation

Currently login and all GeoStore / OpenSDI interactions are done using basic authentication. Since we have a session service inside OpenSDI, we should use it to allow:

• creating a session token upon login
• use the token to interact with OpenSDI / GeoStore
• remove the token on logout

The session token could also be used for GeoServer authkey authentication.

Proposal

SessionLogin plugin

A new plugin will be implemented. This plugin will implement login / logout operations through the OpenSDI session service. These are the main behaviours of the plugin:

• Upon login the session token will be stored into the application userDetails object.
• The token will be used to authenticate following OpenSDI / GeoStore requests.
• The token will be recognized by WMSSource as an authkey for GeoServer authentication.
• Sessions expiration can be configured
• A checkSession method can be called to refresh the current session or validate it's not expired

Session template

A new template, similar to loginpage, will be implemented. This template will use the SessionLogin plugin to login and implement periodic session refresh.

GeoStoreLogin refactoring

Common functionality of GeoStoreLogin and SessionLogin will be refactored to a base (abstract) class.

General cleanup

Authentication headers and tokens handling will be cleaned up in related modules / plugins to make it consistent with different use cases.

Future work

Currently MapManager will not be improved. A separate proposal / pull request will be needed.

Feedback

This section should contain feedback provided by members who may have a problem with the proposal.

Tobia Di Pisa: Consider that the code which assigns the authparam string name to the WMSSource I think should not be removed. This is used in order to manage at the same time multiple authParams from different providers and is currently set by the GeoStoreLogin (or other custom Login tools) into the userDetails information.

Backwards Compatibility

Latest GeoStore / OpenSDI are needed for session login / logout. Some custom applications could need some fixes due to the refactoring / cleanup.

Voting

Mauro Bartolomeoli:+1:

Lorenzo Natali :

Lorenzo Pini: :+1:

Tobia Di Pisa:+1: