Layer Level security in Mapfish application
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Layer Level security in Mapfish application
by GlennM
() ::
Rate this Message:
Hi All
I need to be able to only allow certain users access to specific layers in my Mapfish application. I've configured layer level security - and this works perfectly in the Geoserver admin interface etc. To authenticate the user in Mapfish for each layer, I used the mode=MIXED directive in layer.properties. IE works fine - it opens a prompt for username and password etc. Fierefox (v3.011), however pops up hundreds of these prompts (supposedly as each AJAX request for a tile reaches the server). So I thought about approaching it a different way - providing a login box for the user that would then authenticate against geoserver setting the URL in the Ext XHR to '/geoserver/j_acegi_security_check'. This seems to work i.t.o. authenticating the user - in firebug, the server returns '/geoserver/admin/login.do?login_error=1' with and incorrect username and password and '/geoserver' with a correct combination. However, I am (either way) unable to trap the 200 OK response (i.e. success:true) from the server. After this long story, I have some questions: 1. could you create a REST service that handles the authentication and sends the success:true response? 2. if this is possible - how would you do it? 3. I've read a bit about acegi and LDAP - has anybody come right with using this in combo with Geoserver? 4. In front of my Mapfish application I have a Wordpress site - could I use Wordpress's php/mysql authentication and apply it to Geoserver i.t.o. layer level authentication? Any help would be greatly appreciated - I'm kinda a newbie to authentication mechanisms - maybe someone can point me in the right direction i.t.o. understanding how this stuff works? Thanks. Regards, Glenn |
|
|
Re: Layer Level security in Mapfish application
by Andrea Aime-4
::
Rate this Message:
GlennM ha scritto:
> Hi All > > I need to be able to only allow certain users access to specific layers in > my Mapfish application. I've configured layer level security - and this > works perfectly in the Geoserver admin interface etc. To authenticate the > user in Mapfish for each layer, I used the mode=MIXED directive in > layer.properties. IE works fine - it opens a prompt for username and > password etc. Fierefox (v3.011), however pops up hundreds of these prompts > (supposedly as each AJAX request for a tile reaches the server). We made a few application using this approach and FF always popped up just one login dialog. But I think we made the user authenticate before showing any mapping interface. > So I > thought about approaching it a different way - providing a login box for the > user that would then authenticate against geoserver setting the URL in the > Ext XHR to '/geoserver/j_acegi_security_check'. This seems to work i.t.o. > authenticating the user - in firebug, the server returns > '/geoserver/admin/login.do?login_error=1' with and incorrect username and > password and '/geoserver' with a correct combination. However, I am (either > way) unable to trap the 200 OK response (i.e. success:true) from the server. > > After this long story, I have some questions: > 1. could you create a REST service that handles the authentication and sends > the success:true response? It is doable (and a good idea too), but not in any short term roadmap. Can you add a feature request at jira.codehaus.org (our bug tracker) > 2. if this is possible - how would you do it? There is some documentation about this on the GeoServer dev guide: http://docs.geoserver.org/1.7.5/developer/ > 3. I've read a bit about acegi and LDAP - has anybody come right with using > this in combo with Geoserver? Nope, but it would be cool to have that as a security plugin. > 4. In front of my Mapfish application I have a Wordpress site - could I use > Wordpress's php/mysql authentication and apply it to Geoserver i.t.o. layer > level authentication? It is doable, we just miss a clean extension point (an interface that one can implement and be done with it), but even without it (and some trickery) I know of people that implemented authentication against another site by using its cookies and some network requests to double check the cookie contents. See the "openplans-authentication" module in the GeoServer sources (community section). > Any help would be greatly appreciated - I'm kinda a newbie to authentication > mechanisms - maybe someone can point me in the right direction i.t.o. > understanding how this stuff works? It's really a plain jane implementation of the Acegi security system, refer to their docs for details. Cheers Andrea -- Andrea Aime OpenGeo - http://opengeo.org Expert service straight from the developers. ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Geoserver-users mailing list Geoserver-users@... https://lists.sourceforge.net/lists/listinfo/geoserver-users |
| Free embeddable forum powered by Nabble | Forum Help |
