But you are aware the Basic Authentication does not encrypt the password. The password is base64 encoded which is the same security level as sending passwords in plain text.
I am working on such issues, look here http://jira.codehaus.org/browse/GEOS-4215 For the moment I am still waiting for some feedback. Quoting Jamie Popkin <[email protected]>: > Thanks Arne. > That's good news for me... It means I'm heading in the right direction. :) > > I believe I have the format of the cookie correct. I'm starting to wonder if > the port number :8080 is tripping up the domain setting of the cookie??? > That's a shot in the dark though. > > I'm going to start testing different ways of inserting the cookie into the > browser. I'll post back here with my progress. > > Jamie > > On Tue, Nov 16, 2010 at 1:30 PM, Arne Kepp <[email protected]> wrote: > >> The trick with the "remember me" cookie should work. >> >> Note that the value of the cookie starts and ends with a double quote, >> and contains ==. Normally these four characters would be URL escaped >> (%20, %D3), but then acegi will not accept them. So make sure they're >> set exactly like you receive them, I think the cookie is just deleted if >> it's rejected. >> >> Technically, the best practice is probably to write acegi / Spring >> Security plugins linked to your frontend application. I found it quite >> challenging though. >> >> -Arne >> >> >> On 11/16/10 10:01 PM, Jamie Popkin wrote: >> > I'm trying to access some secured wms services through basic >> authentication. >> > I figured the most secure way to do this was have a cgi script grab the >> > "remember me" authentication cookie through a local curl request. Then >> have >> > that returned to the user and entered as a cookie. >> > >> > I've been unsuccessful at getting this to work. Can anyone see a problem >> > with this set-up? >> > >> > What is the best (and proper) way to authenticate with Geoserver and then >> > access the protected layers. In particular through OpenLayers? It can't >> seem >> > to find any examples that work. >> > >> > Thanks in advance. >> > Jamie >> >> >> >> ------------------------------------------------------------------------------ >> Beautiful is writing same markup. Internet Explorer 9 supports >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> Spend less time writing and rewriting code and more time creating great >> experiences on the web. Be a part of the beta today >> http://p.sf.net/sfu/msIE9-sfdev2dev >> _______________________________________________ >> Geoserver-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> > > > > -- > Jamie Popkin > Little Earth > 250 390 6816 > http://littleearth.ca > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
