Hi Jody,
thanks for answering. Do you know any other way to do what I'm needing?
Removing Web UI completely is not really convenient...
It's about not providing users access to download data as vectors. That
is required if GeoServer hosts unfree or even critical data.
I could allow WFS requests for ROLE_AUTHENTICATED only. I could even
deal with that in my client application (which is capable of
authenticating for WFS requests). But I actually do not want to add
security (authentication requirements) for WMS requests (getting just
dumb images is not a problem).
However, there's one exception: KML. Although it is a WMS format (and
so, it is not protected by any WFS service security rule), KML is
actually a vector format, as it contains real WGS84 coordinates (maybe
other WMS formats do as well). Even worse for critical data (thing of
line features describing North Stream pipelines blown up recently), KML
can easily be imported into and publicly published by Google Earth. Even
non-GIS related users can do this in minutes.
So, Layer Preview may be a "simple to exploit" security hole when
dealing with critical data. In order to prevent it, one has to secure
all data and/or all services. The latter is uncommon (or at least
uncomfortable) for WMS using raster formats like PNG or JPEG.
What about a new option to disable Layer Preview for anonymous access?
Or, as an alternative, a new boolean layer property (like "enabled" or
"advertised") named "show in preview" (defaulting to true)?
Carsten
Am 27.06.2023 um 13:53 schrieb Jody Garnett:
There is an option to turn the entire geoserver admin console off in
the documentation:
https://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interface
I am not sure if I have heard of an option to turn off just the layer
preview before.
--
Jody Garnett
On Jun 27, 2023 at 1:00:51 PM, Carsten Klein <[email protected]> wrote:
Hi there,
some years ago, I found a quite simple mechanism to remove the "Layer
Preview" link from GeoServer's start page, BEFORE being logged on.
Currently, I do not find this mechanism any more nor any documentation
about it.
Any suggestions brought by Google search just mention to remove read
access through Security settings (Layer Security or Service Security).
However, I just want to provide access to the Layer Preview for an
logged-on user. I don't want to add authentication requirements to
layers or services (if a users manages to assemble a WFS request
manually, he/she shall get that data... will never happen *lol*).
I believe there was a rather simple trick to let the Layer Preview menu
link not show up before a users has logged-in into the Web
administration interface. Is it still there in a recent version (e.g.
2.22.x) and how enable it?
Many thanks in advance,
Carsten
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting
to this list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
