Hi Andrea, Thanks, that is very informative.
I believe Chris is going to look into the AUTHKEY plugin so that or the CAS / LDAP authentication so I should think that will give him what he needs anyway? I think remoteUser is always blank in our log files but I'll investigate it as a later date. Cheers, Paul From: andrea.a...@gmail.com [mailto:andrea.a...@gmail.com] On Behalf Of Andrea Aime Sent: 01 August 2016 18:48 To: Paul Wittle Cc: geoserver-users@lists.sourceforge.net Subject: Re: [Geoserver-users] Geosever security - WFS / WMS services and Openlayers On Mon, Aug 1, 2016 at 10:39 AM, Paul Wittle <p.wit...@dorsetcc.gov.uk<mailto:p.wit...@dorsetcc.gov.uk>> wrote: Andrea, in terms of the monitoring plugin, can it log the user being used for each request? As far as I know, it should be reported by the remoteUser property: http://docs.geoserver.org/stable/en/user/extensions/monitoring/audit.html#customizing-log-contents I only wondered as the user session is maintained in the background and I'm not sure it is currently included in the outputs. Session creation is controlled at the security subsystem level, normally session creation for the users is not maintained to make horizontal clusters easier to setup (otherwise you have to setup http session sharing among the containers) I still have not had time to fully review the monitoring plugin but I have been using the audit log functionality and I have decided that the files it creates are what I'm after. These can be customised using the FreeMarker templates and I can then write something my end to summarise the data. This raises three questions: 1) Can you add the logged in user to the audit role? Read above 2) Could you just have the audit role? (i.e. no other monitoring plugin options just audit role files) The template can be made with just one property, yes 3) If you can do point 1, would this help Chris solve his issues if he was using a specific user account for QGIS? I don't see how? :-) I thought he wanted to restrict access, auditing just logs out information about the requests, after the request is served. Cheers Andrea -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. ------------------------------------------------------- "This e-mail is intended for the named addressee(s) only and may contain information about individuals or other sensitive information and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this email in error, kindly disregard the content of the message and notify the sender immediately. Please be aware that all email may be subject to recording and/or monitoring in accordance with relevant legislation."
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
