GSIP 182
The aim of this improvement is to make possible the managing of access rules for layer/layerGroup and workspaces by adding a security tab to their edit page.
- Nuno Oliveira
- Imran Rajjad
- Marco Volpini
This proposal is for GeoServer 2.17.0 and backport to 2.16.1.
- Under Discussion
- In Progress
- Completed
- Rejected
- Deferred
The improvement will allow a easier way to edit access rule for users, who will be able to manage data security contextually to layer/group workspace configuration.
First step will be to add a new wicket Panel class that will handle generically the view of the box with roles and access modes. Also it will be necessary to create a new access rule class, in addition to the existing, to properly map attributes to the new interface and a class that will manage the conversion mechanism between the new rule data access rule class and the existing one. For what concerns layer/group side, two class are needed to got the Panel added to the PublishedConfigurationPage as a tab:
- one extending PublishedEditTabPanel;
- one extending CommonPublishedEditTabPanelInfo.
The two classes will be in a dependency relation with the new Panel class.
Regarding Workspace, it should be straightforward to integrate the new Panel class in existing wicket Page classes.
Finally it would be necessary to enable and disable the new tab according to geofence respectively not being or being active. To avoid looking explicitly for geofence in a core module, we have foreseen the possibility to create the concept of ModuleCapabilities, as an interface with an Enum Capability which will include the AdvancedSecurityConfiguration capability . The interface would then be extended by module status and will declare a single method boolean hasCapability(Capability capability). Thus, this will make possible to look for the advancedSecurity capability instead of searching explicitly for geofence.
Summarizing, changes in the following classes are foreseen:
- PublishedConfigurationPage.java will get the new Panel added as a tab to current tab list;
- WorkspaceEditPage.java and WorkspaceNewPage.java will be modified to get the new panel class and made tabbed.
- ModuleStatus.javawill extend the above mentioned ModuleCapabilities interface.
- ModuleStatusImpl.java will implement hasCapabilityMethod.
We don't foreseen any backwards compatibility issue:
- another UI component to manage data access rule will be added but current possibility to handle them from the existing page will be mantained;
- no changes will be done to current rules mechanism.
Project Steering Committee:
- Alessio Fabiani: +1
- Andrea Aime: +1
- Ian Turton:+1
- Jody Garnett: +1
- Jukka Rahkonen:
- Kevin Smith:
- Simone Giannecchini: +1 and +0
- Torben Barsballe:
- Nuno Oliveira: +0