[Geoserver-devel] Authentication between Mapbuilder and Geoserver

Hi Geoserver people,

Firstly, we have just released Mapbuilder 1.0 rc1. Mapbuilder is the Web based WFS-T client which is currently shipped with Geoserver. Mapbuilder previously provided allowed you to add a feature. Now you can Query and select/Edit/Delete features as well. I'm hoping someone will be inspired to incorporate this version of Mapbuilder into Geoserver.

Next,
I want to incorporate user authentication into our Mapbuilder WFS-T client so we can ensure that only authenticated users enter features.
I'm not too familiar with authentication and would like advice on how I should do this.

Has anyone used user authentication with Geoserver before?

Hi Cameron,

Cameron Shorter wrote:

Hi Geoserver people,

Firstly, we have just released Mapbuilder 1.0 rc1. Mapbuilder is the Web based WFS-T client which is currently shipped with Geoserver. Mapbuilder previously provided allowed you to add a feature. Now you can Query and select/Edit/Delete features as well. I'm hoping someone will be inspired to incorporate this version of Mapbuilder into Geoserver.

Congrats on the new release. Brent has been doing the MapBuilder development for GeoServer so he can speak a bit more but we are absolutley interested as this is a bonus to both projects.

Next,
I want to incorporate user authentication into our Mapbuilder WFS-T client so we can ensure that only authenticated users enter features.
I'm not too familiar with authentication and would like advice on how I should do this.

Has anyone used user authentication with Geoserver before?

Authentication is a complex issue. I can be handled at multiple layers of the stack. At the application level setting up access control in your application server / servlet container, or at the data level setting permissions on your files, database, etc..

Currently geoserver does not do any sort of authentication Authentication is handled by the geotools DataStore architecture. And what is amounts to is supplying username/password to connect to a particular datastore.

That being said, it is defintley possible to acheive at the application level and is something that defintley needs to be there. The GeoServer camp has been talking about rearchitecting GeoServer into
"GeoServer Enterprise Edition". Indeed security and authentication would have to be core to be considered "enterprise".

Justin

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

--
Justin Deoliveira
The Open Planning Project
http://topp.openplans.org

Cameron Shorter wrote:

Hi Geoserver people,

Firstly, we have just released Mapbuilder 1.0 rc1. Mapbuilder is the Web based WFS-T client which is currently shipped with Geoserver. Mapbuilder previously provided allowed you to add a feature. Now you can Query and select/Edit/Delete features as well. I'm hoping someone will be inspired to incorporate this version of Mapbuilder into Geoserver.

Cool! Congrats on the release, we make use of the MapBuilder included w/ GeoServer as part of our udig walkthrough 2.

Next,
I want to incorporate user authentication into our Mapbuilder WFS-T client so we can ensure that only authenticated users enter features.
I'm not too familiar with authentication and would like advice on how I should do this.

You can have a look at a recent uDig based project that does authentication here:
-<uDig : Confluence;

uDig supports the usual http basic authorization, usually setup by the container.
As well as interacting with "DACS" (Distrubuted Access Control System I think).
The above project experimented with a couple techniques of revealing what layers
required authentication by way of either additional parameters in the request
and/or notes in the capabilities document.

I am afraid you may have to ask Richard Gould for the specific details, it would
be great if GeoServer was able to interact w/ a security module (custom or part of the
servlet container). Note we did need to break out the Apache commons HTTP code
for some of the detail due to limitations in the Java URL implementation.

A third approach was also demonstrated involving useing a applet to handle SOAP
based security, not applicable to this release of GeoServer.

Has anyone used user authentication with Geoserver before?

Yes, we have used geoserver w/ http basic auth and uDig. That is hiding the entire set of servlets
behind the containers security.

There have been requests in the past to break down the permission available via Transaction by user. Do you have
any knowledge of how to interact with the servlet containers concept of user? We do have
some user support in the web config ui, but are limitied to a single admin user....

Cheers,
Jody

Hi Cameron,

Congrats on the release. I will try to integrate the MapBuilder 1.0 version into GeoServer 1.3.0. We hope to have a really slick demo that Dave Blasby has been slaving away at that uses MapBuilder. Dave has some cool USGS data of: the world, city locations/populations, and countries. It should be a really neat demo, especially with the new MapBuilder (it looks awesome).

I will keep you posted on how it goes.

Brent Owens
TOPP

Cameron Shorter wrote:

Hi Geoserver people,

Firstly, we have just released Mapbuilder 1.0 rc1. Mapbuilder is the Web based WFS-T client which is currently shipped with Geoserver. Mapbuilder previously provided allowed you to add a feature. Now you can Query and select/Edit/Delete features as well. I'm hoping someone will be inspired to incorporate this version of Mapbuilder into Geoserver.

Next,
I want to incorporate user authentication into our Mapbuilder WFS-T client so we can ensure that only authenticated users enter features.
I'm not too familiar with authentication and would like advice on how I should do this.

Has anyone used user authentication with Geoserver before?

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel