Hi Mauro, Yes you are correct, I made that exact mistake and realized soon after that the Authentication did not work as I thought it would :)
I just tried the UserGroupService with a PostGIS database and it seems to work great. I didn’t actually try using the REST API but the users I create in the database seem to be immediately available on GeoServer. However when trying with a SQLite database it simply crashes :( java.lang.RuntimeException: java.io.IOException: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (SQLite supports only TRANSACTION_SERIALIZABLE and TRANSACTION_READ_UNCOMMITTED.) I don’t mind this being the only Authentication Provider in GeoServer, this is acceptable and perfectly fine. I already have User/Role tables and being able to configure them on XML files would be a pretty good solution for me, can you point me into the correct file(s)? I can’t seem to be able to find them. Thanks a lot, you have already helped a ton! Cosme Benito From: [email protected] [mailto:[email protected]] On Behalf Of Mauro Bartolomeoli Sent: quinta-feira, 6 de Novembro de 2014 14:20 To: Cosme Benito Cc: GeoServer Mailing List List Subject: Re: [Geoserver-users] GeoServer REST API Authentication Hi Benito, 2014-11-06 12:55 GMT+01:00 Cosme Benito <[email protected] <mailto:[email protected]> >: I don’t want to have use a master password, I’d rather if each user had their own authentication. The problem is that I don’t want to use GeoServer’s users, I want to use my application’s users. I would like to use the credentials stored in my database table, and even restrict PUT/POST operations to users who do not have the Admin role . I tried creating a JDBC Authentication Provider, but it doesn’t seem to do what I intend for it to do. A little bit of confusion here (but it's not your fault). the JDBC Authentication Provider can be used to authenticate users against the database users, not against a set of users stored on database tables. To use database tables for storing users and groups information you have to use a JDBC UserGroup Service. You can configure it to use your own tables changing a couple of xml files with the SQL queries needed by GeoServer. Then you can configure an Authentication Provider (the Username Password, the same used by the default auth provide is good) to use your new service as a storage. The problem is: I don't think you can actually choose which authentication providers are used by which chain, you can only do that for filters (so for example you can say that REST can only authenticate using Basic, but not which authentication provider to use, they will be all be used in sequence). Christian can correct me if I am wrong. Mauro -- == GeoServer Professional Services from the experts! Visit <http://goo.gl/NWWaa2> http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
