Hello Mauro
thank you very much for your help, I managed to evolve a lot. It took me to
answer because I was excited about the development I'm doing that is moving
forward after you helped me.
Now I have another question.
I need to do the following operation:
Every time I log in geoserver or use the GetCapabilities I need to do an
audit.
My initial idea was to do this in the doFilter method of
GeoServerSecurityFilter subclass, but I dont know how to configure
ServletResponse object, which comes as parameter in doFilter to
continue or return
an error.
Any example of how to do this?
2015-01-28 9:47 GMT-02:00 Mauro Bartolomeoli <
mauro.bartolome...@geo-solutions.it>:
> Hi Romulo,
> I think I understood what you are asking for.
>
> To add a new authentication provider to GeoServer, you need to create and
> register several classes in the system, the most important one is the
> security provider. This class extends GeoServerSecurityProvider and is
> responsible to create other security classes on demand (for example the
> TesteAuthenticationProvider
> you developed). It's also responsible for enabling configuration
> serialization (using XStream) for the new provider.
>
> That said, creating a new security module and configuring it properly is
> not trivial. These are some of the actions that need to be done:
> - create a new GeoServerSecurityProvider implementation and register it
> as a bean in the Spring application context.
> - make the GeoServerSecurityProvider implementation return you
> authentication provider
> - create and use configuration objects for your new security provider
> - create a web wicket module to allow configuration from the GeoServer
> WEB Admin UI
>
> You can find some example of this in the gs-sec-jdbc and gs-sec-ldap
> modules (and the related gs-web-sec-jdbc and gs-web-sec-ldap web modules).
>
> Finally, if your only purpose is to make GeoServer work with an existing
> user database for authentication, it could be simpler to use JDBC usergroup
> service, that already allows you to do this, without writing code, but only
> preparing some xml files to extract data from your database.
>
> Regards,
> Mauro
>
> 2015-01-28 12:12 GMT+01:00 Romulo Vieira da Silva <rmovie...@gmail.com>:
>
>> Hello Mauro,
>> I tried this:
>> 1- I created the TesteAuthenticationProvider class that is a copy of
>> UsernamePasswordAuthenticationProvider.
>> 2- In applicationSecurityContext.xml file added the following line <bean
>> id = "testeAuthenticationProvider" class =
>> "com.romulo.geoserver.TesteAuthenticationProvider" />
>> 3- I added testeAuthenticationProvider = Authentication Provider Test in
>> GeoServerApplication.properties file
>>
>> In GeoServer web interface:
>> 1- In "Authentication Filters", added a new record with J2EE Role source
>> J2EE default
>> 2- to "Filter Chain", I clicked on "default"
>> 3 - In "Chain Filter" added "Authentication Provider Test" and removed
>> "basic" and clicked close
>> 4- I saved all
>>
>>
>> I put a breakpoint in TesteAuthenticationProvider class but never reaches
>> it.
>> With this configuration, I realized that the breakpoint in class
>> UsernamePasswordAuthenticationProvider not work anymore.
>>
>> Can you tell me what I did wrong?
>>
>> Thanks for your help.
>>
>> 2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli <
>> mauro.bartolome...@geo-solutions.it>:
>>
>> Hi Romulo,
>>> as for REST, you can use filter chains to enable authentication
>>> providers on OGC service (WMS, WFS, etc.).
>>> The chain to use is the default one.
>>>
>>> Mauro
>>>
>>> 2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva <rmovie...@gmail.com>:
>>>
>>>> Thanks for the reply.
>>>> I'm from Brazil and I do not speak very well English language, I may
>>>> not have expressed myself correctly.
>>>> I'll try to explain better:
>>>> I have a system that connects to geoserver, Using a password and username
>>>> to access the layers that he created and that only he can see. This
>>>> same user need also use the QuantumGIS to access these same layers and
>>>> should use the same username and password.
>>>>
>>>> To be more specific: I need to check if the user can access the WMS or
>>>> WFS request. Using JDBC UserGroupService i can do this ?
>>>>
>>>> 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <
>>>> mauro.bartolome...@geo-solutions.it>:
>>>>
>>>> Hi Romulo,
>>>>> the simplest thing you can do is to use the JDBC UserGroupService.
>>>>> This can be used to take users and groups information from your custom
>>>>> database.
>>>>>
>>>>> You can find some basic documentation here:
>>>>> http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service
>>>>>
>>>>> The module itself is supposed to work with its own database structure,
>>>>> but it's configurable through a couple of XML files (where you can specify
>>>>> a set of SQL queries to read the data from your database).
>>>>>
>>>>> The only caveat is password storage: this is a bit difficult to
>>>>> configure if you don't use one of the Geoserver encodings for passwords.
>>>>>
>>>>> Let me know if you need further info on this subject.
>>>>>
>>>>> Mauro
>>>>>
>>>>> 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovie...@gmail.com
>>>>> >:
>>>>>
>>>>>> Hello, I would like to take my User database to allow access to
>>>>>> geoserver, I tried to extend the GeoServerAuthenticationProvider
>>>>>> class but it did not work, (also tried to extend
>>>>>> AbstractFilterProvider but unsuccessfully) the class is never called.
>>>>>> I tried to follow the example of
>>>>>> GeoServerUserNamePasswordAuthenticationProvider class, but also
>>>>>> failed.
>>>>>> Does anyone have any more detailed material that the manual to make
>>>>>> GeoServer 2.6 to help me do this?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you all.
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> Dive into the World of Parallel Programming. The Go Parallel Website,
>>>>>> sponsored by Intel and developed in partnership with Slashdot Media,
>>>>>> is your
>>>>>> hub for all things parallel software development, from weekly thought
>>>>>> leadership blogs to news, videos, case studies, tutorials and more.
>>>>>> Take a
>>>>>> look and join the conversation now.
>>>>>> http://goparallel.sourceforge.net/
>>>>>> _______________________________________________
>>>>>> Geoserver-devel mailing list
>>>>>> Geoserver-devel@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> ==
>>>>> GeoServer Professional Services from the experts! Visit
>>>>> http://goo.gl/NWWaa2 for more information.
>>>>> ==
>>>>>
>>>>> Dott. Mauro Bartolomeoli
>>>>> @mauro_bart
>>>>> Senior Software Engineer
>>>>>
>>>>> GeoSolutions S.A.S.
>>>>> Via Poggio alle Viti 1187
>>>>> 55054 Massarosa (LU)
>>>>> Italy
>>>>> phone: +39 0584 962313
>>>>> fax: +39 0584 1660272
>>>>>
>>>>> http://www.geo-solutions.it
>>>>> http://twitter.com/geosolutions_it
>>>>>
>>>>> -------------------------------------------------------
>>>>>
>>>>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>>>>>
>>>>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>>>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>>>>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>>>>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>>>>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>>>>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>>>>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>>>>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>>>>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>>>>> principi dettati dal D.Lgs. 196/2003.
>>>>>
>>>>>
>>>>>
>>>>> The information in this message and/or attachments, is intended solely
>>>>> for the attention and use of the named addressee(s) and may be
>>>>> confidential
>>>>> or proprietary in nature or covered by the provisions of privacy act
>>>>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>>>>> Code).Any use not in accord with its purpose, any disclosure,
>>>>> reproduction,
>>>>> copying, distribution, or either dissemination, either whole or partial,
>>>>> is
>>>>> strictly forbidden except previous formal approval of the named
>>>>> addressee(s). If you are not the intended recipient, please contact
>>>>> immediately the sender by telephone, fax or e-mail and delete the
>>>>> information in this message that has been received in error. The sender
>>>>> does not give any warranty or accept liability as the content, accuracy or
>>>>> completeness of sent messages and accepts no responsibility for changes
>>>>> made after they were sent or for other risks which arise as a result of
>>>>> e-mail transmission, viruses, etc.
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> ==
>>> GeoServer Professional Services from the experts! Visit
>>> http://goo.gl/NWWaa2 for more information.
>>> ==
>>>
>>> Dott. Mauro Bartolomeoli
>>> @mauro_bart
>>> Senior Software Engineer
>>>
>>> GeoSolutions S.A.S.
>>> Via Poggio alle Viti 1187
>>> 55054 Massarosa (LU)
>>> Italy
>>> phone: +39 0584 962313
>>> fax: +39 0584 1660272
>>>
>>> http://www.geo-solutions.it
>>> http://twitter.com/geosolutions_it
>>>
>>> -------------------------------------------------------
>>>
>>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>>>
>>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>>> principi dettati dal D.Lgs. 196/2003.
>>>
>>>
>>>
>>> The information in this message and/or attachments, is intended solely
>>> for the attention and use of the named addressee(s) and may be confidential
>>> or proprietary in nature or covered by the provisions of privacy act
>>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>>> copying, distribution, or either dissemination, either whole or partial, is
>>> strictly forbidden except previous formal approval of the named
>>> addressee(s). If you are not the intended recipient, please contact
>>> immediately the sender by telephone, fax or e-mail and delete the
>>> information in this message that has been received in error. The sender
>>> does not give any warranty or accept liability as the content, accuracy or
>>> completeness of sent messages and accepts no responsibility for changes
>>> made after they were sent or for other risks which arise as a result of
>>> e-mail transmission, viruses, etc.
>>>
>>
>>
>
>
> --
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/NWWaa2 for more information.
> ==
>
> Dott. Mauro Bartolomeoli
> @mauro_bart
> Senior Software Engineer
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
