Re: [Geoserver-devel] Use my database to allow access to geoserver
Hi Romulo, 2015-01-29 14:52 GMT+01:00 Romulo Vieira da Silva : > Hello Mauro > thank you very much for your help, I managed to evolve a lot. It took me to > answer because I was excited about the development I'm doing that is > moving forward after you helped me. > > Now I have another question. > I need to do the following operation: > Every time I log in geoserver or use the GetCapabilities I need to do an > audit. > My initial idea was to do this in the doFilter method of > GeoServerSecurityFilter subclass, but I dont know how to configure > ServletResponse object, which comes as parameter in doFilter to continue > or return an error. > You mean that your audit can be successful (and in this case you authorize the user) or failed (and in this case you want to return an error, such as 403). If this is the case you should: 1) set the Authentication object ONLY in case of success with something like: SecurityContextHolder.getContext().setAuthentication(); 2) set an Http403ForbiddenEntryPoint as your entry point in the doFilter method (in any case), with something like: request.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, new Http403ForbiddenEntryPoint()); You can find examples in other security filters. Mauro -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Use my database to allow access to geoserver
Hello Mauro thank you very much for your help, I managed to evolve a lot. It took me to answer because I was excited about the development I'm doing that is moving forward after you helped me. Now I have another question. I need to do the following operation: Every time I log in geoserver or use the GetCapabilities I need to do an audit. My initial idea was to do this in the doFilter method of GeoServerSecurityFilter subclass, but I dont know how to configure ServletResponse object, which comes as parameter in doFilter to continue or return an error. Any example of how to do this? 2015-01-28 9:47 GMT-02:00 Mauro Bartolomeoli < mauro.bartolome...@geo-solutions.it>: > Hi Romulo, > I think I understood what you are asking for. > > To add a new authentication provider to GeoServer, you need to create and > register several classes in the system, the most important one is the > security provider. This class extends GeoServerSecurityProvider and is > responsible to create other security classes on demand (for example the > TesteAuthenticationProvider > you developed). It's also responsible for enabling configuration > serialization (using XStream) for the new provider. > > That said, creating a new security module and configuring it properly is > not trivial. These are some of the actions that need to be done: > - create a new GeoServerSecurityProvider implementation and register it > as a bean in the Spring application context. > - make the GeoServerSecurityProvider implementation return you > authentication provider > - create and use configuration objects for your new security provider > - create a web wicket module to allow configuration from the GeoServer > WEB Admin UI > > You can find some example of this in the gs-sec-jdbc and gs-sec-ldap > modules (and the related gs-web-sec-jdbc and gs-web-sec-ldap web modules). > > Finally, if your only purpose is to make GeoServer work with an existing > user database for authentication, it could be simpler to use JDBC usergroup > service, that already allows you to do this, without writing code, but only > preparing some xml files to extract data from your database. > > Regards, > Mauro > > 2015-01-28 12:12 GMT+01:00 Romulo Vieira da Silva : > >> Hello Mauro, >> I tried this: >> 1- I created the TesteAuthenticationProvider class that is a copy of >> UsernamePasswordAuthenticationProvider. >> 2- In applicationSecurityContext.xml file added the following line > id = "testeAuthenticationProvider" class = >> "com.romulo.geoserver.TesteAuthenticationProvider" /> >> 3- I added testeAuthenticationProvider = Authentication Provider Test in >> GeoServerApplication.properties file >> >> In GeoServer web interface: >> 1- In "Authentication Filters", added a new record with J2EE Role source >> J2EE default >> 2- to "Filter Chain", I clicked on "default" >> 3 - In "Chain Filter" added "Authentication Provider Test" and removed >> "basic" and clicked close >> 4- I saved all >> >> >> I put a breakpoint in TesteAuthenticationProvider class but never reaches >> it. >> With this configuration, I realized that the breakpoint in class >> UsernamePasswordAuthenticationProvider not work anymore. >> >> Can you tell me what I did wrong? >> >> Thanks for your help. >> >> 2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli < >> mauro.bartolome...@geo-solutions.it>: >> >> Hi Romulo, >>> as for REST, you can use filter chains to enable authentication >>> providers on OGC service (WMS, WFS, etc.). >>> The chain to use is the default one. >>> >>> Mauro >>> >>> 2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva : >>> Thanks for the reply. I'm from Brazil and I do not speak very well English language, I may not have expressed myself correctly. I'll try to explain better: I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password. To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ? 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli < mauro.bartolome...@geo-solutions.it>: Hi Romulo, > the simplest thing you can do is to use the JDBC UserGroupService. > This can be used to take users and groups information from your custom > database. > > You can find some basic documentation here: > http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service > > The module itself is supposed to work with its own database structure, > but it's configurable through a couple of XML files (where you can specify > a set of SQL queries to read the data from your database). > > The only caveat is password storage: this is a bit difficult to > configure if you don't use one of the
Re: [Geoserver-devel] Use my database to allow access to geoserver
Hi Romulo, I think I understood what you are asking for. To add a new authentication provider to GeoServer, you need to create and register several classes in the system, the most important one is the security provider. This class extends GeoServerSecurityProvider and is responsible to create other security classes on demand (for example the TesteAuthenticationProvider you developed). It's also responsible for enabling configuration serialization (using XStream) for the new provider. That said, creating a new security module and configuring it properly is not trivial. These are some of the actions that need to be done: - create a new GeoServerSecurityProvider implementation and register it as a bean in the Spring application context. - make the GeoServerSecurityProvider implementation return you authentication provider - create and use configuration objects for your new security provider - create a web wicket module to allow configuration from the GeoServer WEB Admin UI You can find some example of this in the gs-sec-jdbc and gs-sec-ldap modules (and the related gs-web-sec-jdbc and gs-web-sec-ldap web modules). Finally, if your only purpose is to make GeoServer work with an existing user database for authentication, it could be simpler to use JDBC usergroup service, that already allows you to do this, without writing code, but only preparing some xml files to extract data from your database. Regards, Mauro 2015-01-28 12:12 GMT+01:00 Romulo Vieira da Silva : > Hello Mauro, > I tried this: > 1- I created the TesteAuthenticationProvider class that is a copy of > UsernamePasswordAuthenticationProvider. > 2- In applicationSecurityContext.xml file added the following line id = "testeAuthenticationProvider" class = > "com.romulo.geoserver.TesteAuthenticationProvider" /> > 3- I added testeAuthenticationProvider = Authentication Provider Test in > GeoServerApplication.properties file > > In GeoServer web interface: > 1- In "Authentication Filters", added a new record with J2EE Role source > J2EE default > 2- to "Filter Chain", I clicked on "default" > 3 - In "Chain Filter" added "Authentication Provider Test" and removed > "basic" and clicked close > 4- I saved all > > > I put a breakpoint in TesteAuthenticationProvider class but never reaches > it. > With this configuration, I realized that the breakpoint in class > UsernamePasswordAuthenticationProvider not work anymore. > > Can you tell me what I did wrong? > > Thanks for your help. > > 2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli < > mauro.bartolome...@geo-solutions.it>: > > Hi Romulo, >> as for REST, you can use filter chains to enable authentication providers >> on OGC service (WMS, WFS, etc.). >> The chain to use is the default one. >> >> Mauro >> >> 2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva : >> >>> Thanks for the reply. >>> I'm from Brazil and I do not speak very well English language, I may >>> not have expressed myself correctly. >>> I'll try to explain better: >>> I have a system that connects to geoserver, Using a password and username >>> to access the layers that he created and that only he can see. This same >>> user >>> need also use the QuantumGIS to access these same layers and should use the >>> same username and password. >>> >>> To be more specific: I need to check if the user can access the WMS or >>> WFS request. Using JDBC UserGroupService i can do this ? >>> >>> 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli < >>> mauro.bartolome...@geo-solutions.it>: >>> >>> Hi Romulo, the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database. You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service The module itself is supposed to work with its own database structure, but it's configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database). The only caveat is password storage: this is a bit difficult to configure if you don't use one of the Geoserver encodings for passwords. Let me know if you need further info on this subject. Mauro 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva : > Hello, I would like to take my User database to allow access to > geoserver, I tried to extend the GeoServerAuthenticationProvider class > but it did not work, (also tried to extend AbstractFilterProvider but > unsuccessfully) the class is never called. > I tried to follow the example of > GeoServerUserNamePasswordAuthenticationProvider class, but also > failed. > Does anyone have any more detailed material that the manual to make > GeoServer 2.6 to help me do this? > > > > Thank you all. > > > -
Re: [Geoserver-devel] Use my database to allow access to geoserver
Hello Mauro, I tried this: 1- I created the TesteAuthenticationProvider class that is a copy of UsernamePasswordAuthenticationProvider. 2- In applicationSecurityContext.xml file added the following line 3- I added testeAuthenticationProvider = Authentication Provider Test in GeoServerApplication.properties file In GeoServer web interface: 1- In "Authentication Filters", added a new record with J2EE Role source J2EE default 2- to "Filter Chain", I clicked on "default" 3 - In "Chain Filter" added "Authentication Provider Test" and removed "basic" and clicked close 4- I saved all I put a breakpoint in TesteAuthenticationProvider class but never reaches it. With this configuration, I realized that the breakpoint in class UsernamePasswordAuthenticationProvider not work anymore. Can you tell me what I did wrong? Thanks for your help. 2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli < mauro.bartolome...@geo-solutions.it>: > Hi Romulo, > as for REST, you can use filter chains to enable authentication providers > on OGC service (WMS, WFS, etc.). > The chain to use is the default one. > > Mauro > > 2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva : > >> Thanks for the reply. >> I'm from Brazil and I do not speak very well English language, I may not >> have expressed myself correctly. >> I'll try to explain better: >> I have a system that connects to geoserver, Using a password and username >> to access the layers that he created and that only he can see. This same user >> need also use the QuantumGIS to access these same layers and should use the >> same username and password. >> >> To be more specific: I need to check if the user can access the WMS or >> WFS request. Using JDBC UserGroupService i can do this ? >> >> 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli < >> mauro.bartolome...@geo-solutions.it>: >> >> Hi Romulo, >>> the simplest thing you can do is to use the JDBC UserGroupService. This >>> can be used to take users and groups information from your custom database. >>> >>> You can find some basic documentation here: >>> http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service >>> >>> The module itself is supposed to work with its own database structure, >>> but it's configurable through a couple of XML files (where you can specify >>> a set of SQL queries to read the data from your database). >>> >>> The only caveat is password storage: this is a bit difficult to >>> configure if you don't use one of the Geoserver encodings for passwords. >>> >>> Let me know if you need further info on this subject. >>> >>> Mauro >>> >>> 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva : >>> Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called. I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed. Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this? Thank you all. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >>> >>> -- >>> == >>> GeoServer Professional Services from the experts! Visit >>> http://goo.gl/NWWaa2 for more information. >>> == >>> >>> Dott. Mauro Bartolomeoli >>> @mauro_bart >>> Senior Software Engineer >>> >>> GeoSolutions S.A.S. >>> Via Poggio alle Viti 1187 >>> 55054 Massarosa (LU) >>> Italy >>> phone: +39 0584 962313 >>> fax: +39 0584 1660272 >>> >>> http://www.geo-solutions.it >>> http://twitter.com/geosolutions_it >>> >>> --- >>> >>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >>> >>> Le informazioni contenute in questo messaggio di posta elettronica e/o >>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >>> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >>> darcene notizia via e-mail e di procedere alla distruzione del messaggio >>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stess
Re: [Geoserver-devel] Use my database to allow access to geoserver
Hi Romulo, as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.). The chain to use is the default one. Mauro 2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva : > Thanks for the reply. > I'm from Brazil and I do not speak very well English language, I may not > have expressed myself correctly. > I'll try to explain better: > I have a system that connects to geoserver, Using a password and username to > access the layers that he created and that only he can see. This same user > need also use the QuantumGIS to access these same layers and should use the > same username and password. > > To be more specific: I need to check if the user can access the WMS or WFS > request. Using JDBC UserGroupService i can do this ? > > 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli < > mauro.bartolome...@geo-solutions.it>: > > Hi Romulo, >> the simplest thing you can do is to use the JDBC UserGroupService. This >> can be used to take users and groups information from your custom database. >> >> You can find some basic documentation here: >> http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service >> >> The module itself is supposed to work with its own database structure, >> but it's configurable through a couple of XML files (where you can specify >> a set of SQL queries to read the data from your database). >> >> The only caveat is password storage: this is a bit difficult to configure >> if you don't use one of the Geoserver encodings for passwords. >> >> Let me know if you need further info on this subject. >> >> Mauro >> >> 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva : >> >>> Hello, I would like to take my User database to allow access to >>> geoserver, I tried to extend the GeoServerAuthenticationProvider class >>> but it did not work, (also tried to extend AbstractFilterProvider but >>> unsuccessfully) the class is never called. >>> I tried to follow the example of >>> GeoServerUserNamePasswordAuthenticationProvider class, but also failed. >>> Does anyone have any more detailed material that the manual to make >>> GeoServer 2.6 to help me do this? >>> >>> >>> >>> Thank you all. >>> >>> >>> -- >>> Dive into the World of Parallel Programming. The Go Parallel Website, >>> sponsored by Intel and developed in partnership with Slashdot Media, is >>> your >>> hub for all things parallel software development, from weekly thought >>> leadership blogs to news, videos, case studies, tutorials and more. Take >>> a >>> look and join the conversation now. http://goparallel.sourceforge.net/ >>> ___ >>> Geoserver-devel mailing list >>> Geoserver-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >>> >> >> >> -- >> == >> GeoServer Professional Services from the experts! Visit >> http://goo.gl/NWWaa2 for more information. >> == >> >> Dott. Mauro Bartolomeoli >> @mauro_bart >> Senior Software Engineer >> >> GeoSolutions S.A.S. >> Via Poggio alle Viti 1187 >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> --- >> >> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >> >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >> darcene notizia via e-mail e di procedere alla distruzione del messaggio >> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >> principi dettati dal D.Lgs. 196/2003. >> >> >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be confidential >> or proprietary in nature or covered by the provisions of privacy act >> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >> Code).Any use not in accord with its purpose, any disclosure, reproduction, >> copying, distribution, or either dissemination, either whole or partial, is >> strictly forbidden except previous formal approval of the named >> addressee(s). If you are not the intended recipient, please contact >> immediately the sender by telephone, fax or e-mail and delete the >> information in this message that has been received in error. The sender >> does not give any warranty or accept liability as the content, accuracy or >> completeness of sen
Re: [Geoserver-devel] Use my database to allow access to geoserver
Hi Romulo, about REST, probably you need to configure your authentication provider in the REST filter chain. In the GeoServer Authentication admin page you have a section with filter chains. One is explicitly for REST. Choosing it, you can enable new authentication providers. Beware that you cannot authorize users to use REST only on specific layers. Mauro 2015-01-27 19:09 GMT+01:00 Romulo Vieira da Silva : > I used a subclass of AbstractGeoserverPasswordEncoder to encode password > provided by the user and validated if it is valid. I already can verify in > my database if the user/password is valid. But only works when acessing by > the geoserver web interface, i need that works with REST requisition too. > > 2015-01-27 15:57 GMT-02:00 Romulo Vieira da Silva : > > Thanks for the reply. >> I'm from Brazil and I do not speak very well English language, I may not >> have expressed myself correctly. >> I'll try to explain better: >> I have a system that connects to geoserver, Using a password and username >> to access the layers that he created and that only he can see. This same user >> need also use the QuantumGIS to access these same layers and should use the >> same username and password. >> >> To be more specific: I need to check if the user can access the WMS or >> WFS request. Using JDBC UserGroupService i can do this ? >> >> 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli < >> mauro.bartolome...@geo-solutions.it>: >> >> Hi Romulo, >>> the simplest thing you can do is to use the JDBC UserGroupService. This >>> can be used to take users and groups information from your custom database. >>> >>> You can find some basic documentation here: >>> http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service >>> >>> The module itself is supposed to work with its own database structure, >>> but it's configurable through a couple of XML files (where you can specify >>> a set of SQL queries to read the data from your database). >>> >>> The only caveat is password storage: this is a bit difficult to >>> configure if you don't use one of the Geoserver encodings for passwords. >>> >>> Let me know if you need further info on this subject. >>> >>> Mauro >>> >>> 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva : >>> Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called. I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed. Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this? Thank you all. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >>> >>> -- >>> == >>> GeoServer Professional Services from the experts! Visit >>> http://goo.gl/NWWaa2 for more information. >>> == >>> >>> Dott. Mauro Bartolomeoli >>> @mauro_bart >>> Senior Software Engineer >>> >>> GeoSolutions S.A.S. >>> Via Poggio alle Viti 1187 >>> 55054 Massarosa (LU) >>> Italy >>> phone: +39 0584 962313 >>> fax: +39 0584 1660272 >>> >>> http://www.geo-solutions.it >>> http://twitter.com/geosolutions_it >>> >>> --- >>> >>> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >>> >>> Le informazioni contenute in questo messaggio di posta elettronica e/o >>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >>> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >>> darcene notizia via e-mail e di procedere alla distruzione del messaggio >>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >>> principi dettati dal D.Lgs. 196/2003. >>> >>> >>> >>> The information in this message and/or attachments, is intended solely >>> for the attention and use of the named addressee(s) and may be confidential >>> or proprietary in
Re: [Geoserver-devel] Use my database to allow access to geoserver
I used a subclass of AbstractGeoserverPasswordEncoder to encode password provided by the user and validated if it is valid. I already can verify in my database if the user/password is valid. But only works when acessing by the geoserver web interface, i need that works with REST requisition too. 2015-01-27 15:57 GMT-02:00 Romulo Vieira da Silva : > Thanks for the reply. > I'm from Brazil and I do not speak very well English language, I may not > have expressed myself correctly. > I'll try to explain better: > I have a system that connects to geoserver, Using a password and username to > access the layers that he created and that only he can see. This same user > need also use the QuantumGIS to access these same layers and should use the > same username and password. > > To be more specific: I need to check if the user can access the WMS or WFS > request. Using JDBC UserGroupService i can do this ? > > 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli < > mauro.bartolome...@geo-solutions.it>: > > Hi Romulo, >> the simplest thing you can do is to use the JDBC UserGroupService. This >> can be used to take users and groups information from your custom database. >> >> You can find some basic documentation here: >> http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service >> >> The module itself is supposed to work with its own database structure, >> but it's configurable through a couple of XML files (where you can specify >> a set of SQL queries to read the data from your database). >> >> The only caveat is password storage: this is a bit difficult to configure >> if you don't use one of the Geoserver encodings for passwords. >> >> Let me know if you need further info on this subject. >> >> Mauro >> >> 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva : >> >>> Hello, I would like to take my User database to allow access to >>> geoserver, I tried to extend the GeoServerAuthenticationProvider class >>> but it did not work, (also tried to extend AbstractFilterProvider but >>> unsuccessfully) the class is never called. >>> I tried to follow the example of >>> GeoServerUserNamePasswordAuthenticationProvider class, but also failed. >>> Does anyone have any more detailed material that the manual to make >>> GeoServer 2.6 to help me do this? >>> >>> >>> >>> Thank you all. >>> >>> >>> -- >>> Dive into the World of Parallel Programming. The Go Parallel Website, >>> sponsored by Intel and developed in partnership with Slashdot Media, is >>> your >>> hub for all things parallel software development, from weekly thought >>> leadership blogs to news, videos, case studies, tutorials and more. Take >>> a >>> look and join the conversation now. http://goparallel.sourceforge.net/ >>> ___ >>> Geoserver-devel mailing list >>> Geoserver-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >>> >>> >> >> >> -- >> == >> GeoServer Professional Services from the experts! Visit >> http://goo.gl/NWWaa2 for more information. >> == >> >> Dott. Mauro Bartolomeoli >> @mauro_bart >> Senior Software Engineer >> >> GeoSolutions S.A.S. >> Via Poggio alle Viti 1187 >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> --- >> >> *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* >> >> Le informazioni contenute in questo messaggio di posta elettronica e/o >> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il >> loro utilizzo è consentito esclusivamente al destinatario del messaggio, >> per le finalità indicate nel messaggio stesso. Qualora riceviate questo >> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di >> darcene notizia via e-mail e di procedere alla distruzione del messaggio >> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, >> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od >> utilizzarlo per finalità diverse, costituisce comportamento contrario ai >> principi dettati dal D.Lgs. 196/2003. >> >> >> >> The information in this message and/or attachments, is intended solely >> for the attention and use of the named addressee(s) and may be confidential >> or proprietary in nature or covered by the provisions of privacy act >> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection >> Code).Any use not in accord with its purpose, any disclosure, reproduction, >> copying, distribution, or either dissemination, either whole or partial, is >> strictly forbidden except previous formal approval of the named >> addressee(s). If you are not the intended recipient, please contact >> immediately the sender by telephone, fax or e-mail and delete the >> information in this message that has
Re: [Geoserver-devel] Use my database to allow access to geoserver
Thanks for the reply. I'm from Brazil and I do not speak very well English language, I may not have expressed myself correctly. I'll try to explain better: I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password. To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ? 2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli < mauro.bartolome...@geo-solutions.it>: > Hi Romulo, > the simplest thing you can do is to use the JDBC UserGroupService. This > can be used to take users and groups information from your custom database. > > You can find some basic documentation here: > http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service > > The module itself is supposed to work with its own database structure, but > it's configurable through a couple of XML files (where you can specify a > set of SQL queries to read the data from your database). > > The only caveat is password storage: this is a bit difficult to configure > if you don't use one of the Geoserver encodings for passwords. > > Let me know if you need further info on this subject. > > Mauro > > 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva : > >> Hello, I would like to take my User database to allow access to geoserver, >> I tried to extend the GeoServerAuthenticationProvider class but it did >> not work, (also tried to extend AbstractFilterProvider but >> unsuccessfully) the class is never called. >> I tried to follow the example of >> GeoServerUserNamePasswordAuthenticationProvider class, but also failed. >> Does anyone have any more detailed material that the manual to make >> GeoServer 2.6 to help me do this? >> >> >> >> Thank you all. >> >> >> -- >> Dive into the World of Parallel Programming. The Go Parallel Website, >> sponsored by Intel and developed in partnership with Slashdot Media, is >> your >> hub for all things parallel software development, from weekly thought >> leadership blogs to news, videos, case studies, tutorials and more. Take a >> look and join the conversation now. http://goparallel.sourceforge.net/ >> ___ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> >> > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/NWWaa2 for more information. > == > > Dott. Mauro Bartolomeoli > @mauro_bart > Senior Software Engineer > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > --- > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al destinatario del messaggio, > per le finalità indicate nel messaggio stesso. Qualora riceviate questo > messaggio senza esserne il destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od > utilizzarlo per finalità diverse, costituisce comportamento contrario ai > principi dettati dal D.Lgs. 196/2003. > > > > The information in this message and/or attachments, is intended solely for > the attention and use of the named addressee(s) and may be confidential or > proprietary in nature or covered by the provisions of privacy act > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection > Code).Any use not in accord with its purpose, any disclosure, reproduction, > copying, distribution, or either dissemination, either whole or partial, is > strictly forbidden except previous formal approval of the named > addressee(s). If you are not the intended recipient, please contact > immediately the sender by telephone, fax or e-mail and delete the > information in this message that has been received in error. The sender > does not give any warranty or accept liability as the content, accuracy or > completeness of sent messages and accepts no responsibility for changes > made after they were sent or for other risks which arise as a result of > e-mail transmission, viruses, etc. > -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and devel
Re: [Geoserver-devel] Use my database to allow access to geoserver
Hi Romulo, the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database. You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service The module itself is supposed to work with its own database structure, but it's configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database). The only caveat is password storage: this is a bit difficult to configure if you don't use one of the Geoserver encodings for passwords. Let me know if you need further info on this subject. Mauro 2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva : > Hello, I would like to take my User database to allow access to geoserver, > I tried to extend the GeoServerAuthenticationProvider class but it did > not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the > class is never called. > I tried to follow the example of > GeoServerUserNamePasswordAuthenticationProvider class, but also failed. > Does anyone have any more detailed material that the manual to make > GeoServer 2.6 to help me do this? > > > > Thank you all. > > > -- > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is > your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- == GeoServer Professional Services from the experts! Visit http://goo.gl/NWWaa2 for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it --- *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Re: [Geoserver-devel] Use my database to allow access to geoserver
I think JDBC authentication is available already: http://docs.geoserver.org/latest/en/user/security/auth/providers.html#jdbc-authentication This is useful to configure against Oracle (when that database has already been set up with a single sign on solution). -- Jody Garnett On 27 January 2015 at 09:01, Romulo Vieira da Silva wrote: > Hello, I would like to take my User database to allow access to geoserver, > I tried to extend the GeoServerAuthenticationProvider class but it did > not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the > class is never called. > I tried to follow the example of > GeoServerUserNamePasswordAuthenticationProvider class, but also failed. > Does anyone have any more detailed material that the manual to make > GeoServer 2.6 to help me do this? > > > > Thank you all. > > > -- > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is > your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > ___ > Geoserver-devel mailing list > Geoserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
[Geoserver-devel] Use my database to allow access to geoserver
Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called. I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed. Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this? Thank you all. -- Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
