Ok :-) These answers are the important ones. For 2.1.x series, you have to use basic auth and you have to add the "Authorization" request header for EACH call to GeoServer. Again, here is a java script example http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html
No need to send a request to j_spring_security_check !!! As an example, if you want to get a list of the workspaces, the URL is http://localhost:8080/geoserver/rest/workspaces and you have to add the Authorization header. For GeoServer 2.2.x, there are other possibilities, but I think this is not of interest for you at the moment. Christian Zitat von "indian.ganesh" <waits4uo...@gmail.com>: > Ok.. Christian.. > > i want to use GeoServer REST API (configuring without a GUI) for > creating / editing features , styles etc. > > and i am using GeoServer 2.1.3 > > > On 24 September 2012 12:21, <christian.muel...@nvoe.at> wrote: > >> Hi Indian >> >> First, please stay on the user list, this thread may interest some other >> users too and perhaps we get some further tips. >> >> Some questions >> >> 1) Do you want to use the GeoServer admin GUI for creating features/styles >> or the REST API (configuring without a GUI) >> >> 2) Which GeoServer do you use. Starting with 2.2.x, we have a more >> powerful security subsystem offering more possibilities for authentication. >> >> Please answer these questions >> >> Christian >> >> >> >> Zitat von "indian.ganesh" <waits4uo...@gmail.com>: >> >> Hi Christian, >>> >>> i am using login dialog only to supply the username and >>> password dynamically. and that login dialog will make a submit request to >>> local server. then local server will authenticate the user whether he is >>> authorized to make authentication to geoserver or not. >>> >>> if the credentials passed by the user are authenticated by >>> local server then i am trying to perform geoserver authentication. will >>> this create any issue in geoserver authentication? >>> >>> >>> On 20 September 2012 18:31, <christian.muel...@nvoe.at> wrote: >>> >>> Hi >>>> >>>> Some explanations. Do not mix basic auth and form based auth. If you want >>>> to log in and create a servers session using form based auth, look here >>>> >>>> https://getsatisfaction.com/****opengeo/topics/auth_in_**<https://getsatisfaction.com/**opengeo/topics/auth_in_**> >>>> geoserver_with_html_php_js<htt**ps://getsatisfaction.com/** >>>> opengeo/topics/auth_in_**geoserver_with_html_php_js<https://getsatisfaction.com/opengeo/topics/auth_in_geoserver_with_html_php_js> >>>> > >>>> >>>> >>>> You can see an example. I would recommend this for your needs. >>>> >>>> If you do not want to create an HTTP session and use basic auth, then >>>> look >>>> here >>>> http://coderseye.com/2007/how-****to-do-http-basic-auth-in-**ajax.**html<http://coderseye.com/2007/how-**to-do-http-basic-auth-in-ajax.**html> >>>> <http://coderseye.**com/2007/how-to-do-http-basic-**auth-in-ajax.html<http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html> >>>> >. >>>> >>>> If you use basic auth, you have to resend the "Authorization" header for >>>> each request. I think this is not what you want. >>>> >>>> >>>> Christian >>>> >>>> >>>> >>>> >>>> >>>> Zitat von "indian.ganesh" <waits4uo...@gmail.com>: >>>> >>>> hi Christian, >>>> >>>>> >>>>> i'm little bit confused.. >>>>> >>>>> following is my code for authentication >>>>> >>>>> showLoginDialog: function() { >>>>> var panel = new Ext.FormPanel({ >>>>> url: >>>>> "http://localhost/Ganesh/****login_response.json<http://localhost/Ganesh/**login_response.json> >>>>> <http://**localhost/Ganesh/login_**response.json<http://localhost/Ganesh/login_response.json> >>>>> > >>>>> >>>>> ", >>>>> frame: true, >>>>> labelWidth: 60, >>>>> defaultType: "textfield", >>>>> >>>>> errorReader: { >>>>> read: function(response) { >>>>> var success = false; >>>>> var records = []; >>>>> if (response.status === 200) { >>>>> success = true; >>>>> } else { >>>>> records = [ >>>>> {data: {id: "username", msg: "invalid >>>>> Username >>>>> or password."}}, >>>>> {data: {id: "password", msg: "invalid >>>>> Username >>>>> or password."}} >>>>> ]; >>>>> } >>>>> return { >>>>> success: success, >>>>> records: records >>>>> }; >>>>> } >>>>> }, >>>>> items: [{ >>>>> fieldLabel: "User", >>>>> name: "username", >>>>> allowBlank: false >>>>> }, { >>>>> fieldLabel: "password", >>>>> name: "password", >>>>> inputType: "password", >>>>> allowBlank: false >>>>> }], >>>>> buttons: [{ >>>>> text: "Login", >>>>> formBind: true, >>>>> handler: submitLogin, >>>>> scope: this >>>>> }], >>>>> keys: [{ >>>>> key: [Ext.EventObject.ENTER], >>>>> handler: submitLogin, >>>>> scope: this >>>>> }] >>>>> }); >>>>> function submitLogin() { >>>>> panel.buttons[0].disable(); >>>>> panel.getForm().submit({ >>>>> success: function(form, action) { >>>>> var response = JSON.parse(action.response.****responseText); >>>>> this.setAuthorizedRoles(["**** >>>>> ROLE_ADMINISTRATOR"]); >>>>> app.mapPanel.getTopToolbar().*** >>>>> *items.each(function(tool) >>>>> >>>>> { >>>>> if (tool.needsAuthorization === true) { >>>>> tool.enable(); >>>>> } >>>>> }); >>>>> // var user = form.findField('username').** >>>>> >>>>> getValue(); >>>>> var user = response.username; >>>>> var pwd = response.password; >>>>> >>>>> var tok = user + ':' + pwd; >>>>> var auth = "Basic "+ Base64.encode(tok); >>>>> var url = 'http://localhost:8080/****geoserver/j_spring_security_** >>>>> **check <http://localhost:8080/**geoserver/j_spring_security_**check>< >>>>> http://localhost:8080/**geoserver/j_spring_security_**check<http://localhost:8080/geoserver/j_spring_security_check> >>>>> > >>>>> >>>>> '; >>>>> Ext.Ajax.request({ >>>>> url : url, >>>>> method : 'POST', >>>>> scriptTag: true, >>>>> params: { >>>>> username: user, >>>>> password: pwd >>>>> }, >>>>> // headers : { Authorization : auth }, >>>>> success: function(response){ >>>>> app.setCookieValue(app.****cookieParamName, user); >>>>> app.showLogout(user); >>>>> }, >>>>> failure: function(response) { >>>>> app.clearCookieValue(app.****cookieParamName); >>>>> >>>>> app.showLoginDialog(); >>>>> } >>>>> }); >>>>> win.close(); >>>>> }, >>>>> failure: function(form, action) { >>>>> this.authorizedRoles = []; >>>>> panel.buttons[0].enable(); >>>>> form.markInvalid({ >>>>> "username": "invalid Username or password.", >>>>> "password": "invalid Username or password." >>>>> }); >>>>> }, >>>>> scope: this >>>>> }); >>>>> } >>>>> >>>>> var win = new Ext.Window({ >>>>> title: this.loginText, >>>>> layout: "fit", >>>>> width: 260, >>>>> height: 130, >>>>> plain: true, >>>>> border: false, >>>>> modal: true, >>>>> items: [panel] >>>>> }); >>>>> win.show(); >>>>> }, >>>>> >>>>> in which the url >>>>> "http://localhost/Ganesh/****login_response.json<http://localhost/Ganesh/**login_response.json> >>>>> <http://**localhost/Ganesh/login_**response.json<http://localhost/Ganesh/login_response.json> >>>>> >" >>>>> >>>>> provides a >>>>> json which is created for test purpose as follows >>>>> >>>>> { >>>>> "status" : true, >>>>> "username": "admin", >>>>> "password": "admin132", >>>>> "message": "the login successful" >>>>> } >>>>> >>>>> after that i make a request to the geoserver/j_spring_security_****check >>>>> as >>>>> >>>>> shown in the code >>>>> >>>>> but i do not get authenticated to the geoserver as the last two requests >>>>> to >>>>> geoserver doesn't fulfill >>>>> >>>>> if you can provide a working example related to the geoserver basic >>>>> http >>>>> authentication from client side apart from GeoExplorer one . i'll be >>>>> very >>>>> thankful to you.. sir >>>>> >>>>> >>>>> >>>> >>>> ------------------------------****----------------------------**--**---- >>>> >>>> This message was sent using IMP, the Internet Messaging Program. >>>> >>>> >>>> >>>> >>> >> >> >> ------------------------------**------------------------------**---- >> This message was sent using IMP, the Internet Messaging Program. >> >> >> > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users