Hi Julierme,
* It is being very difficult for me to understand how to set a http-basic
authentication for an specific user <julierme> and disable the wms download
(raster) and wfs download (vector) for anonymous users
With protecting resources, I al starts with making sure you don’t have
anounymous access your data.
This directly implies that all users need to authenticate before they can use
the data/services.
Out of the box, GeoServer allows everybody to use all services (read-only) and
modification of data (using the UI/webservices) is only possible for the ADMIN
user.
Having said these two things, you need to start protecting the data/services:
Looking at your needs, I think it’s best to protect the access to your
GeoServer based on the webservices
* Starting with a clean
* Go to ‘Security’ – ‘Services’
* Modify (not delete) the rule ‘*.*’
* Remove the check ‘All roles’
* Add the ‘available’ role ‘GROUP_ADMIN’ and/or ‘ADMIN’ to the
selected roles
* At this point only the ADMIN user(s) can access the services
* Now test to see if you need to authenticate for a request (in my
case the browser did)
* Now add a new role
* Select service ‘wfs’ en method ‘*’
* Do not check the ‘all roles’ check
* Now you can two multiple things, depending on your security wishes
* Add the role ‘ROLE_AUTHENTICATED’ to the selected role, so any
user that logs in, can use the WFS service
* Create a new role ‘WFS’ en add the role to the selected roles
* Now create the user(s) which need to access the services
* Is you added the role ‘ROLE_AUTHENTICATED’, then your done
* If you’ve created a new rolw (WFS) then you need to add the role to
these new users
* Alternatively you can als create an usergroup and add users to
that group and asssing the role to the group, but this al depends on how
complex your security requirements are.
* But I think you should only use what’s needed at this time and
review your needs while time goes by.. 😉
* 1 - Not allow download of wms (geotiff) and neither download of wfs
(shapefile, csv, etc) for anonymous users;
I tried disabling Anonymous authentication <anonymous> from all filters and I
ended up crashing geoserver.
* 5 - Looking at the default filter in Filter Chains, basic and anonymous
are selected
I removed anonymous from selected and anonymous users still downloading data
(wfs (vector)/wms(raster))
I would not mess with the filters for now, as this will require some very good
understanding of what the do, without breaking things (I’ve only read about
this, as I’m also a newbie and therefor never tried this).
* keeping view with openlayers
Is this required for the user or only when your logged in as admin?
If so, my method of securing data will work, as the default service roles allow
ADMIN to do anything.
If not, I’m not able to help anymore…
* 2 - Allow download data (wms/raster) and (wfs/vector) only for a specific
user as <julierme> only after his authentication passing through http-basic
authentication request as showed in the picture attached to the previous e-mail.
This might depend on how you request the data… But I think it should work as
long a the request is a query (GET) URL (not sure if a post will work)….
Regards,
Ronald Hoek
Application Developer
ComponentAgroB.V.
Oud-Beijerland - The Netherlands
Website: http://www.componentagro.nl<http://www.componentagro.nl/>
KvK: H24264020
Van: Julierme Pinheiro <juliermeopensourcedevelo...@gmail.com>
Verzonden: woensdag 2 mei 2018 20:01
Aan: Ronald Hoek <ronald.h...@componentagro.nl>; Ian Turton <ijtur...@gmail.com>
CC: GeoServer Mailing List List <geoserver-users@lists.sourceforge.net>
Onderwerp: Re: [Geoserver-users] Geoserver WFS Authentication
Hi Ronald Hoek,
Thank you very much for your reply. That is right: I need that a htttp-basic
authentication must be required by geoserver for a specific user named
<julierme>.
It is being very difficult for me to understand how to set a http-basic
authentication for an specific user <julierme> and disable the wms download
(raster) and wfs download (vector) for anonymous users. I tried the following:
1 - Not allow download of wms (geotiff) and neither download of wfs (shapefile,
csv, etc) for anonymous users;
I tried disabling Anonymous authentication <anonymous> from all filters and I
ended up crashing geoserver.
2 - I created an user <julierme>
3 - I created a service role: wfs.*=ROLE_WFS
4 - I created a data role: topp.states.w=ROLE_Authentication
5 - Looking at the default filter in Filter Chains, basic and anonymous are
selected
I removed anonymous from selected and anonymous users still downloading data
(wfs (vector)/wms(raster))
So, I what I would like to do is to learn how:
1 - Disable download data wms (geotiff), but keeping view with openlayers and
disable download data wfs (shapefile, csv, etc) for anonymous users
2 - Allow download data (wms/raster) and (wfs/vector) only for a specific user
as <julierme> only after his authentication passing through http-basic
authentication request as showed in the picture attached to the previous e-mail.
There is the Basic HTTP Authentication among Authentication Filters but I do
not know how to set it for a specific user in case of data download.
I appreciated your time.
Kind regards
Julierme
2018-04-30 5:37 GMT-03:00 Ronald Hoek - ComponentAgro B.V.
<ronald.h...@componentagro.nl<mailto:ronald.h...@componentagro.nl>>:
Hi Julierme,
I’m not sure what you are using to test/access the GeoServer (aka the dialog
you showed in the screenshot), but I expect you just want some http-basic
authentication.
By default this is available in GeoServer (see ‘Security’ -> ‘Authentication’
-> ‘Authentication Filters’).
To secure your data, then go the ‘Data’ part of the section ‘Security’ section.
There you can protect your data by linking adding the appropriated data rules.
Info:
http://docs.geoserver.org/latest/en/user/security/webadmin/data.html#security-webadmin-data
Or protect your data based on the available services (as we did) by going to
the ‘Service’ part op the ‘Security’ section.
Info:
http://docs.geoserver.org/latest/en/user/security/webadmin/services.html#security-webadmin-services
NOTE!
Don’t forget to remove the default rules, as these will allow everbody the use
the data/services.
But read the documentation carefully!
Regards,
Ronald Hoek
Application Developer
Van: Julierme Pinheiro
<juliermeopensourcedevelo...@gmail.com<mailto:juliermeopensourcedevelo...@gmail.com>>
Verzonden: maandag 23 april 2018 17:37
Aan: GeoServer Mailing List List
<geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>>
Onderwerp: [Geoserver-users] Geoserver WFS Authentication
HI all,
I have been hitting my head in a wall trying to figure out how I can create a
web framework for Geoserver WFS Authentication as showed in attached.
I tried to configure the Credentials From Request Headers Filters, but still no
achieving my goal.
So, I want to set up a user and password and only who has them can download
raster (Geotiff) and vector data.
Thank you for your time in advance.
Julierme
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
