Re: [Geoserver-devel] Use my database to allow access to geoserver
Hello Mauro thank you very much for your help, I managed to evolve a lot. It took me to answer because I was excited about the development I'm doing that is moving forward after you helped me. Now I have another question. I need to do the following operation: Every time I log in geoserver or use the GetCapabilities I need to do an audit. My initial idea was to do this in the doFilter method of GeoServerSecurityFilter subclass, but I dont know how to configure ServletResponse object, which comes as parameter in doFilter to continue or return an error. Any example of how to do this? 2015-01-28 9:47 GMT-02:00 Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it: Hi Romulo, I think I understood what you are asking for. To add a new authentication provider to GeoServer, you need to create and register several classes in the system, the most important one is the security provider. This class extends GeoServerSecurityProvider and is responsible to create other security classes on demand (for example the TesteAuthenticationProvider you developed). It's also responsible for enabling configuration serialization (using XStream) for the new provider. That said, creating a new security module and configuring it properly is not trivial. These are some of the actions that need to be done: - create a new GeoServerSecurityProvider implementation and register it as a bean in the Spring application context. - make the GeoServerSecurityProvider implementation return you authentication provider - create and use configuration objects for your new security provider - create a web wicket module to allow configuration from the GeoServer WEB Admin UI You can find some example of this in the gs-sec-jdbc and gs-sec-ldap modules (and the related gs-web-sec-jdbc and gs-web-sec-ldap web modules). Finally, if your only purpose is to make GeoServer work with an existing user database for authentication, it could be simpler to use JDBC usergroup service, that already allows you to do this, without writing code, but only preparing some xml files to extract data from your database. Regards, Mauro 2015-01-28 12:12 GMT+01:00 Romulo Vieira da Silva rmovie...@gmail.com: Hello Mauro, I tried this: 1- I created the TesteAuthenticationProvider class that is a copy of UsernamePasswordAuthenticationProvider. 2- In applicationSecurityContext.xml file added the following line bean id = testeAuthenticationProvider class = com.romulo.geoserver.TesteAuthenticationProvider / 3- I added testeAuthenticationProvider = Authentication Provider Test in GeoServerApplication.properties file In GeoServer web interface: 1- In Authentication Filters, added a new record with J2EE Role source J2EE default 2- to Filter Chain, I clicked on default 3 - In Chain Filter added Authentication Provider Test and removed basic and clicked close 4- I saved all I put a breakpoint in TesteAuthenticationProvider class but never reaches it. With this configuration, I realized that the breakpoint in class UsernamePasswordAuthenticationProvider not work anymore. Can you tell me what I did wrong? Thanks for your help. 2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it: Hi Romulo, as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.). The chain to use is the default one. Mauro 2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva rmovie...@gmail.com: Thanks for the reply. I'm from Brazil and I do not speak very well English language, I may not have expressed myself correctly. I'll try to explain better: I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password. To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ? 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it: Hi Romulo, the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database. You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service The module itself is supposed to work with its own database structure, but it's configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database). The only caveat is password storage: this is a bit difficult to configure if you don't use one of the Geoserver encodings for passwords. Let me know if you need further info on this subject. Mauro 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva rmovie...@gmail.com : Hello, I would like to take my User database to allow
Re: [Geoserver-devel] Use my database to allow access to geoserver
Hello Mauro, I tried this: 1- I created the TesteAuthenticationProvider class that is a copy of UsernamePasswordAuthenticationProvider. 2- In applicationSecurityContext.xml file added the following line bean id = testeAuthenticationProvider class = com.romulo.geoserver.TesteAuthenticationProvider / 3- I added testeAuthenticationProvider = Authentication Provider Test in GeoServerApplication.properties file In GeoServer web interface: 1- In Authentication Filters, added a new record with J2EE Role source J2EE default 2- to Filter Chain, I clicked on default 3 - In Chain Filter added Authentication Provider Test and removed basic and clicked close 4- I saved all I put a breakpoint in TesteAuthenticationProvider class but never reaches it. With this configuration, I realized that the breakpoint in class UsernamePasswordAuthenticationProvider not work anymore. Can you tell me what I did wrong? Thanks for your help. 2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it: Hi Romulo, as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.). The chain to use is the default one. Mauro 2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva rmovie...@gmail.com: Thanks for the reply. I'm from Brazil and I do not speak very well English language, I may not have expressed myself correctly. I'll try to explain better: I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password. To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ? 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it: Hi Romulo, the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database. You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service The module itself is supposed to work with its own database structure, but it's configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database). The only caveat is password storage: this is a bit difficult to configure if you don't use one of the Geoserver encodings for passwords. Let me know if you need further info on this subject. Mauro 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva rmovie...@gmail.com: Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called. I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed. Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this? Thank you all. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003
Re: [Geoserver-devel] Use my database to allow access to geoserver
I used a subclass of AbstractGeoserverPasswordEncoder to encode password provided by the user and validated if it is valid. I already can verify in my database if the user/password is valid. But only works when acessing by the geoserver web interface, i need that works with REST requisition too. 2015-01-27 15:57 GMT-02:00 Romulo Vieira da Silva rmovie...@gmail.com: Thanks for the reply. I'm from Brazil and I do not speak very well English language, I may not have expressed myself correctly. I'll try to explain better: I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password. To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ? 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it: Hi Romulo, the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database. You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service The module itself is supposed to work with its own database structure, but it's configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database). The only caveat is password storage: this is a bit difficult to configure if you don't use one of the Geoserver encodings for passwords. Let me know if you need further info on this subject. Mauro 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva rmovie...@gmail.com: Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called. I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed. Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this? Thank you all. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after
Re: [Geoserver-devel] Use my database to allow access to geoserver
Thanks for the reply. I'm from Brazil and I do not speak very well English language, I may not have expressed myself correctly. I'll try to explain better: I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password. To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ? 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli mauro.bartolome...@geo-solutions.it: Hi Romulo, the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database. You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service The module itself is supposed to work with its own database structure, but it's configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database). The only caveat is password storage: this is a bit difficult to configure if you don't use one of the Geoserver encodings for passwords. Let me know if you need further info on this subject. Mauro 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva rmovie...@gmail.com: Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called. I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed. Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this? Thank you all. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly
