Inicio Explorar Axuda
Rexistro Iniciar sesión
siwei
/
web-server
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Rama: master
Ramas Etiquetas
web-server
/
doc
/
en
/
user
/
source
/
community
/
oauth2
/
installing.rst

installing.rst 2.0 KB
Permalink Histórico Raw

12345678910111213141516171819202122232425262728293031323334 
  1. Installing an OAuth2 Protocol
    2. 

  2. -----------------------------
    3. 

  3. 

  4. This module allows GeoServer to authenticate against the `OAuth2 Protocol <https://tools.ietf.org/html/rfc6749>`_.
    5. 

  5. 

  6. In order to let the module work, it is mandatory to setup and configure an ``oauth2-xxxx-extension``:
    7. 

  7. 

  8. * :download_community:`sec-oauth2-google`
    9. 

  9. * :download_community:`sec-oauth2-geonode`
    10. 

  10. * :download_community:`sec-oauth2-github`
    11. 

  11. * :download_community:`sec-oauth2-openid-connect`
    12. 

  12. 

  13. Each ZIP files contains the oauth2-core extension, and the  jars and the jars for the provider. 
    14. 

  14. 

  15. The first one contains the necessary dependencies of the OAuth2 core module. This module contains the
    16. 

  16. GeoServer security filter, the base classes for the OAuth2 Token services and the GeoServer GUI panel.
    17. 

  17. 

  18. The second one provides the OAuth2 implementation for each provider.  Since in almost all cases the only difference
    19. 

  19. between OAuth2 Providers are the endpoint URIs and the client connection information (not only the keys -
    20. 

  20. public and secret - but also the user profile representations).
    21. 

  21. In order to allow GeoServer to connect to a specific OAuth2 provider it is sufficient to install the OAuth2 Core module
    22. 

  22. plugin (and correctly configure the parameters through the GeoServer GUI - see next section for the details) and the
    23. 

  23. concrete implementation of the OAuth2 REST token template and resource details.
    24. 

  24. 

  25. Currently this module is shipped with a sample extension for Google OAuth2 Provider. This is a particular case since the 
    26. 

  26. Google JWT response is not standard and therefore we had to define and inject also a ``GoogleUserAuthenticationConverter`` taking
    27. 

  27. the Google REST response against a valid ``access_token`` and converting it to an OAuth2 standard one.
    28. 

  28. 

  29. Other than this the most interesting part is the implementation of the base class ``GeoServerOAuth2SecurityConfiguration``.
    30. 

  30. 

  31. The latter contains the Google implementation of the ``OAuth2RestTemplate``.
    32. 

  32. 

  33. In the next section we will see how to install and configure the OAuth2 security filter on GeoServer authenticating against 
    34. 

  34. Google OAuth2 Provider.
    35.