Hi Jesse,
I’m honestly not sure to what extent 2.3.x would leak layers through gwc, since they’re now backed by the catalog which for GetMap requests would be a SecuredCatalog.
I would ask Kevin (cc’ed) to pair up with you if need be and you both can assess it and tackle this issue <http://jira.codehaus.org/browse/GEOS-4217>
Basically the level of integration with the geosever security subsystem, at least to the extent of my knowledge, has never been clearly defined let alone implemented, but I think the new way gwc integrates with geoserver should make it easier.
Cheers,
Gabriel.
P.S. Sorry I can’t be of more help atm, fully booked, but Kevin’s been doing great progress on gwc issues and is actually the primary gwc developer right now.
On Thu, Apr 4, 2013 at 8:25 AM, Jesse Eichar <jesse.eichar@anonymised.com> wrote:
Hi,
As far as I know, the integrated GeoWebCache does not respect the Geoserver security rules. IE suppose layer 1 is protected. If a user accesses the layer via GeoWebCache (and the user has access) the layer will get cached. Then others will be able to access that layer via GeoWebCache (at least the cached data).
Is that still the case in 2.3.x?
If my understanding is correct, I am considering adding a spring AuthenticationProvider that will read the geoserver security files and secure layers in GeoWebCache requests so that data will not leak via GeoWebCache.
A big problem I see with this solution is the case where a request contains multiple layers and one is secured. If the Geoserver security is set as HIDE then I would think the one layer should be hidden but the request should succeed.
Question: I would like to contribute the work back to Geoserver, how would you suggest I implement this functionality to maximize the chances of being able to contribute this back?
Jesse
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
Gabriel Roldan
OpenGeo - http://opengeo.org
Expert service straight from the developers.