[Geoserver-users] PUT'ing styles or listing layers via REST as regular non-administrator role via http header filter

Fri, 07 Dec 2012 07:37:08 -0800 

Hi,

with geoserver 2.2.2, using http header auth filter and http basic auth 
filter (in that order) it seems i'm unable to PUT styles via REST API.
rest.properties is configured to allow ROLE_AUTHENTICATED to use 
PUT/POST/DELETE.

/**;GET=ROLE_ANONYMOUS,ROLE_AUTHENTICATED
/**;POST,DELETE,PUT=ROLE_AUTHENTICATED

I'm able to PUT styles if only if the user has ROLE_ADMINISTRATOR, but 
of course i cant grant administrator access to all my users.

curl -v -XPUT -H"sec-username:foo" -H "Content-type: 
application/vnd.ogc.sld+xml; charset=UTF-8" --data @/tmp/ZAC.sld 
http://localhost:8080/geoserver/rest/workspaces/public/styles/ZAC_style
-> 404
curl -v -XPUT -H"sec-username:foo" -H "sec-roles:ROLE_ADMINISTRATOR" -H 
"Content-type: application/vnd.ogc.sld+xml; charset=UTF-8" --data 
@/tmp/ZAC.sld 
http://localhost:8080/geoserver/rest/workspaces/public/styles/ZAC_style
-> 200

I've tried global and workspace-specific styles, no luck. Is there a way 
to configure geoserver that way ?

Another strange issue i've found : the REST api doesnt return the same 
info if the user has ROLE_ADMINISTRATOR or not, with the default data ACL :
layers.properties
*.*.r=*
*.*.w=*
mode=CHALLENGE

curl -v -H "sec-username:foo" -H "sec-roles:ROLE_FOO" 
http://localhost:8080/geoserver/rest/layers/

-> no layers

curl -v -H "sec-username:foo" -H "sec-roles:ROLE_ADMINISTRATOR" 
http://localhost:8080/geoserver/rest/layers/
-> list all layers

I see some layers as foo user if i add a data ACL like
topp.*.r=ROLE_ANONYMOUS

curl -v -H "sec-username:foo" -H "sec-roles:ROLE_FOO" 
http://localhost:8080/geoserver/rest/layers/
-> shows layers from topp workspace.

BUT if i set the ACL to
topp.*.r=ROLE_AUTHENTICATED
the same request still shows no layers.

Is it an expected behaviour ? is ROLE_AUTHENTICATED not set by the http 
header or http auth filter while it should ?

-- 
Landry Breuil


------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to