Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

GeoFence group list is too limiting, add '*' to match any role

Description

When the option “Use GeoServer roles to get authorizations” is used, the logic requires a list of predefined groups, so that the last matching group (a break is missing?) is used for the authorization in GeoFence

see

In architectures where the authentication is plugged, we may not know in advance the list of available roles, so we may want just take any role (probably there will be only one assigned when the user logs in).

We may add regex handling in this list, but, in order not to overengineer the logic, we may just consider the case where the “Comma delimited list of mutually exclusive roles for authorization” only contains a “*”; in that case, the first group associated to the current user should be used.

Environment

None

Activity

Show:

Jody Garnett May 8, 2022 at 3:35 AM

Marco what is the actual fix or improvement made here? You present the problem in the above description but there is not an indication of what was changed for the release anouncement.

Marco Volpini April 1, 2022 at 12:07 PM
Edited

main pr

2.20.x backport

Fixed

Details

Assignee

Reporter

Fix versions

Components

Priority

Created March 15, 2022 at 9:57 AM
Updated May 8, 2022 at 3:36 AM
Resolved April 1, 2022 at 12:06 PM
Configure