Hi, I was investigating how to arrange so that some workspaces/layers are writable by only specific roles and some writable by everyone (even those not logged in), via wfs transact.
It seems service security on wfs transact triggers a 401 and an authentication dialog, whereas the data security rules if set for write do not. If a layer is a secured via data security so that write is restricted to a specific role, if a wfs transact post does not include the necessary authentication the response is http 200 and "<ows:ExceptionText>Update error: Cannot access FeatureLayerDemo with the current privileges</ows:ExceptionText>". If basic auth details are provided with the same call then it works , the message is success and still http 200. Since at the moment I'm dealing with a client that does not handle authentication and needs the 401 authentication dialog a service security set to wfs transact and only editor roles, combined with data security for write set for different layers appears to work, i.e the authentication dialog appears due to service security for wfs transact and if a user logs in that is in a role valid for wfs transact as well as data security - write for the specific layer that the transact is targeting then that appears to work. For "everyone" a rewrite for any calls to the workspace the "everyone" editable layers are in with basic auth in the webserver fronting Geoserver seems to work if a user is used that is in a role valid for service security wfs transact as well as write for the specific layer in data security. My query is is it not possible to only employ data security and expect a 401? It could be the case that data security for write for wfs transact will never reply with a 401 and the client needs to handle sending authentication with wfs transact calls? Or are there some other recommended ways of achieving the scenario described in the first sentence, Many thanks for any advice : )
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
