On Wed, Mar 20, 2013 at 1:38 PM, Rodrigo Antonialli <[email protected]> wrote: > Our ideia was to use only the session inside geoserver to control users, and > make the application only to check this session and user roles.
OGC services are stateless, GeoServer won't create a session even if you authenticate on OGC services (it will do so only in the GUI). > (For now, the only idea we had was to request a getCapabilities and check > for a specific protected namespace . If the namespace is there, the user is > logged, otherwise, he is not. But we couldn't find a way to check user > roles.). If you are working inside GeoServer there are two extension points you can look at in order to implement and declare as beans in the spring context: * DispatcherCallback, in particular the operationDispatched method, get the first parameter from the operation, if it is a WPS Execute it will be a ExecuteType that you can explore to decide whether to allow or deny the current request * implement ProcessFilter (maybe just extend ProcessSelector) and register it as a bean, and then decide which processes to allow in output based on the current user, which you can get by using SecurityContextHolder.getSecurityContext().getAuthentication() (this is a standard Spring Security call) Of course there is also the option of modifying directly the service security, it's just that after the security subsystem refactor I don't know where it is applied now, Christian might provide pointers on that. Cheers Andrea -- == Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
