« Return to Thread: Layer Level security in Mapfish application
Re: Layer Level security in Mapfish application
by Andrea Aime-4
::
Rate this Message:
GlennM ha scritto:
> Hi All
>
> I need to be able to only allow certain users access to specific layers in
> my Mapfish application. I've configured layer level security - and this
> works perfectly in the Geoserver admin interface etc. To authenticate the
> user in Mapfish for each layer, I used the mode=MIXED directive in
> layer.properties. IE works fine - it opens a prompt for username and
> password etc. Fierefox (v3.011), however pops up hundreds of these prompts
> (supposedly as each AJAX request for a tile reaches the server).
We made a few application using this approach and FF always popped up
just one login dialog. But I think we made the user authenticate before
showing any mapping interface.
> So I
> thought about approaching it a different way - providing a login box for the
> user that would then authenticate against geoserver setting the URL in the
> Ext XHR to '/geoserver/j_acegi_security_check'. This seems to work i.t.o.
> authenticating the user - in firebug, the server returns
> '/geoserver/admin/login.do?login_error=1' with and incorrect username and
> password and '/geoserver' with a correct combination. However, I am (either
> way) unable to trap the 200 OK response (i.e. success:true) from the server.
>
> After this long story, I have some questions:
> 1. could you create a REST service that handles the authentication and sends
> the success:true response?
It is doable (and a good idea too), but not in any short term roadmap.
Can you add a feature request at jira.codehaus.org (our bug tracker)
> 2. if this is possible - how would you do it?
There is some documentation about this on the GeoServer dev guide:
http://docs.geoserver.org/1.7.5/developer/
> 3. I've read a bit about acegi and LDAP - has anybody come right with using
> this in combo with Geoserver?
Nope, but it would be cool to have that as a security plugin.
> 4. In front of my Mapfish application I have a Wordpress site - could I use
> Wordpress's php/mysql authentication and apply it to Geoserver i.t.o. layer
> level authentication?
It is doable, we just miss a clean extension point (an interface that
one can implement and be done with it), but even without it
(and some trickery) I know of people that implemented authentication
against another site by using its cookies and some network requests to
double check the cookie contents.
See the "openplans-authentication" module in the GeoServer sources
(community section).
> Any help would be greatly appreciated - I'm kinda a newbie to authentication
> mechanisms - maybe someone can point me in the right direction i.t.o.
> understanding how this stuff works?
It's really a plain jane implementation of the Acegi security system,
refer to their docs for details.
Cheers
Andrea
--
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Geoserver-users mailing list
Geoserver-users@...
https://lists.sourceforge.net/lists/listinfo/geoserver-users
> Hi All
>
> I need to be able to only allow certain users access to specific layers in
> my Mapfish application. I've configured layer level security - and this
> works perfectly in the Geoserver admin interface etc. To authenticate the
> user in Mapfish for each layer, I used the mode=MIXED directive in
> layer.properties. IE works fine - it opens a prompt for username and
> password etc. Fierefox (v3.011), however pops up hundreds of these prompts
> (supposedly as each AJAX request for a tile reaches the server).
We made a few application using this approach and FF always popped up
just one login dialog. But I think we made the user authenticate before
showing any mapping interface.
> So I
> thought about approaching it a different way - providing a login box for the
> user that would then authenticate against geoserver setting the URL in the
> Ext XHR to '/geoserver/j_acegi_security_check'. This seems to work i.t.o.
> authenticating the user - in firebug, the server returns
> '/geoserver/admin/login.do?login_error=1' with and incorrect username and
> password and '/geoserver' with a correct combination. However, I am (either
> way) unable to trap the 200 OK response (i.e. success:true) from the server.
>
> After this long story, I have some questions:
> 1. could you create a REST service that handles the authentication and sends
> the success:true response?
It is doable (and a good idea too), but not in any short term roadmap.
Can you add a feature request at jira.codehaus.org (our bug tracker)
> 2. if this is possible - how would you do it?
There is some documentation about this on the GeoServer dev guide:
http://docs.geoserver.org/1.7.5/developer/
> 3. I've read a bit about acegi and LDAP - has anybody come right with using
> this in combo with Geoserver?
Nope, but it would be cool to have that as a security plugin.
> 4. In front of my Mapfish application I have a Wordpress site - could I use
> Wordpress's php/mysql authentication and apply it to Geoserver i.t.o. layer
> level authentication?
It is doable, we just miss a clean extension point (an interface that
one can implement and be done with it), but even without it
(and some trickery) I know of people that implemented authentication
against another site by using its cookies and some network requests to
double check the cookie contents.
See the "openplans-authentication" module in the GeoServer sources
(community section).
> Any help would be greatly appreciated - I'm kinda a newbie to authentication
> mechanisms - maybe someone can point me in the right direction i.t.o.
> understanding how this stuff works?
It's really a plain jane implementation of the Acegi security system,
refer to their docs for details.
Cheers
Andrea
--
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Geoserver-users mailing list
Geoserver-users@...
https://lists.sourceforge.net/lists/listinfo/geoserver-users
« Return to Thread: Layer Level security in Mapfish application
| Free embeddable forum powered by Nabble | Forum Help |
