wiki:MapGuideRfc20

MapGuide RFC 20 - Obtain user, group, role information from MapGuide session id

This page contains a change request (RFC) for the MapGuide Open Source project. More MapGuide RFCs can be found on the RFCs page.

Status

RFC Template Version(1.0)
Submission DateOctober 23, 2007
Last ModifiedTrevor Wekel Timestamp?
AuthorTrevor Wekel
RFC StatusAdopted
Implementation Statusimplemented
Proposed Milestone2.0
Assigned PSC guide(s)
Voting HistoryOct 31, 2007
+1Paul, Bob, Tom, Bruce, Andy, Jason
+0
-0
-1

Overview

This RFC exposes existing functionality within MapGuide to allow the MapGuide session identifier to be used to obtain userid, group, and role information for the user associated with the session identifier.

Motivation

User, group and role information has to be currently maintained by the web applications. Adding this functionality will make web applications easier to develop and has been requested by a number of users.

Proposed Solution

Add additional API to MgSite:

 STRING MgSite::GetUserForSession()
 MgByteReader* MgSite::EnumerateGroups( CREFSTRING user )
 MgStringCollection* MgSite::EnumerateRoles( CREFSTRING user )

Make the following internal changes:

Modify permissions on EnumerateGroups and EnumerateRoles so that a user can enumerate his own groups and roles.

Implications

This RFC is strictly an API enhancement. GetUserForSession exposes information already maintained by the MapGuide Server. EnumerateGroups and EnumerateRoles will be implemented using existing functionality.

With the new API, hijacking a session identifier will allow access to the userid, groups, and roles for a particular user. Use of HTTPS will reduce the likelihood of session hijack for web sites requiring security.

Test Plan

Write a simple web application to verify that users can access their own groups and roles and cannot access information from other groups and roles unless they have author or administrator privileges.

Funding/Resources?

Autodesk to provide resources / funding.

Last modified 10 years ago Last modified on Jan 3, 2008 1:42:11 PM