On Wed, Jul 8, 2015 at 2:02 PM, Mikael Karlsson <mikael.karls...@unibase.se>
wrote:
> Typical!
>
> Maybe have to look for an alternate way to handle the authentication on
> the layers then, maybe a front proxy.
>
Writing a auth proxy is likely more work, in the long run, than passing
around the auth in GWC, but yes, it's a way.
The GeoShield project a few years ago was acting as a proxy, then they
switched to using the internal
security engine the same way GeoFence does, and they observed a significant
speedup, the proxy overhead
was higher than the time it took to run the WMS requests... since you are
talking about cached tiles instead,
beware of how much slowdown this approach might add.
We also have a little write-up on why we chose to invest on internal
security integration, instead of using
security proxies: http://demo.geo-solutions.it/share/securing_geoserver.pdf
Ah right, so as an option you could write, and plugin, your own
implementation of ResourceAccessManager (it's the interface
called when checking who can do what):
https://github.com/geoserver/geoserver/blob/master/src/main/src/main/java/org/geoserver/security/ResourceAccessManager.java
>
>
> But now I just read about geofence, is it possible to maybe make this work
> with rules in the plugin? And delete the data security rules.
>
GeoFence just drives the same GeoServer security subsystem as the internal
security, it's just using it fully instead of 30% of its abilities.
So, changing to it won't achieve anything
Cheers
Andrea
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
