On 01/20/15 10:03, Landry Breuil wrote: > Hi, > > currently using gs 2.3.2 with catalog in CHALLENGE mode, i can list the > workspaces via the geoserver REST API and all are shown. My goal is to > allow non-privileged users to POST layers & styles into a workspace on > which they have write access, which works fine in the setup i have now, > with *.*.a=ROLE_AUTHENTICATED + mode=CHALLENGE. > > I'm planning a migration to gs 2.5.4 + geofence (coming from > https://github.com/georchestra/geoserver / > https://github.com/georchestra/geofence), and in this setup it doesnt > seem possible to list all workspaces via REST as a non-admin user. Note > that this is lagging a bit behind 'upstream' geoserver/geofence, and > doesnt have the geofence admin page in geoserver web UI. > > Some questions: > - does geofence automatically switch the catalog to mode=HIDDEN ? > - according to > https://github.com/geosolutions-it/geofence/wiki/First-steps, geofence > should allow non-privileged users to see data in workspaces via the > geoserver web interface, i suppose the same dataset is shown via the > geoserver REST API ?
I've done some testing with http://build.geo-solutions.it/geofence/nightly/latest/geofence.war and http://build.geo-solutions.it/geofence/nightly/latest/2.5.x/geoserver.war, following https://github.com/geosolutions-it/geofence/wiki/First-steps - a 'tiger' user can indeed only see the layer previews he's granted access on via the geoserver web interface, but the same user doesnt see 'his' workspaces/layers via REST. $curl -u tiger:tiger http://localhost:8080/geoserver/rest/layers.xml <layers/> This is with rest.properties containing: /**;GET=ROLE_AUTHENTICATED /**;POST,DELETE,PUT=ADMIN If i try to explicitely access a workspace the user is supposed to have access on, there's a traceback in geoserver.log which seems to refer to http://jira.codehaus.org/browse/GEOS-5069. $curl -u tiger:tiger http://localhost:8080/geoserver/rest/workspaces/topp.xml No such workspace: topp 2015-01-20 11:41:42,527 ERROR [geoserver.rest] - No such workspace: topp 2015-01-20 11:41:42,527 ERROR [geoserver.rest] - org.geoserver.rest.RestletException at org.geoserver.catalog.rest.WorkspaceFinder.findTarget(WorkspaceFinder.java:33) at org.restlet.Finder.handle(Finder.java:268) at org.geoserver.rest.BeanDelegatingRestlet.handle(BeanDelegatingRestlet.java:37) at org.restlet.Filter.doHandle(Filter.java:105) at org.restlet.Filter.handle(Filter.java:134) at org.restlet.Router.handle(Router.java:444) at org.geoserver.rest.RESTDispatcher$1.handle(RESTDispatcher.java:204) at com.noelios.restlet.ext.servlet.ServletConverter.service(ServletConverter.java:129) at org.geoserver.rest.RESTDispatcher.handleRequestInternal(RESTDispatcher.java:86) Can anyone else reproduce this issue, and try to explain why this fails this way ? Is there some additional configuration to do in the authentication filters ? Or is it a problem with geofence itself ? Note that when calling REST urls, geofence doesnt seem queried at all, i dont see anything logged. Landry ------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
