I am still able to create REST path rules, and they seem to work fine.
I want to create a web application to use the REST API to, for instance, check the entire layer list, get a layer’s GeoJSON or SLD. GeoServer may contain sensitive information that I don’t want everyone to be able to query. Having a “master password” or a single user for the application just doesn’t feel right, anyone could figure out the credentials… Is there no way for GeoServer to authenticate through an external database? Thanks, Cosme From: [email protected] [mailto:[email protected]] On Behalf Of Andrea Aime Sent: quinta-feira, 6 de Novembro de 2014 12:59 To: Cosme Benito Cc: GeoServer Mailing List List; Christian Mueller; Justin Deoliveira Subject: Re: [Geoserver-users] GeoServer REST API Authentication On Thu, Nov 6, 2014 at 12:55 PM, Cosme Benito <[email protected] <mailto:[email protected]> > wrote: Hello, how are you? I’m trying to restrict the access to the REST API by I’m unsure what is the best way. The REST API uses the authentication system like anything else, and requires a user to be an administrator to allow access. As far as I know, this is not configurable. It used to be configurable on a path by path basis, but as far as I know the "workspace specific service" work broke that in such a way that getting back that functionality might be complicated (unfortunately that patch was very large and we did not notice, we realized only months later). Christian/Justin might now more Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -------------------------------------------------------
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
