This page last changed on Dec 15, 2011 by cholmes.


Upgrade from Acegi Security to Spring Security 2.0. This update is a prerequisite to continue with GSIP 53 Geoserver security improvement

Proposed By

Christian Mueller

Assigned to Release

The update is scheduled for Geoserver 2.1.0


Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred


Geoserver already supports authentication and authorization, but this is a minimal implementation. At the moment it is tricky to add custom security plugins. Spring Security offers a lot of authentication/authorization mechanisms , including customized security modules.


Spring security offers a lot off Authentication mechanisms and authorization plug ins. This security architecture is independent of specific J2EE implementations and does not cause a vendor lock in.

The existing file based security modules will be migrated to fit into the new architecture. Additionally, the admin GUI has to be extended to offer a lot of security settings to the Geoserver administrator. Last not least, some new configuration files will be necessary.


This section should contain feedback provided by PSC members who may have a problem with the proposal.

Backwards Compatibility

The current file based modules are redesigned to fit into the new architecture. No migration is necessary for already deployed Geoserver installations.


(official voting never quite happened on this, but all were for it and it moved forward without a formal vote)

- [~afabiani]
- [~aaime]
- [~cholmes] (Chair)
- [~jive]
- Rob Atkinson
- [~simboss]
- Ben Caradoc-Davies
- Mark Leslie


[JIRA Task|]
[Email Discussion|]
[Wiki Page|]

Document generated by Confluence on May 14, 2014 23:00