So I wanted to Cascade WMTS in similar way so I can reuse tiles from the source Geoserver and then it wasn’t working wiht the same Authkey.
···
On Sun, Apr 15, 2018 at 4:51 PM, Andrea Aime <andrea.aime@anonymised.com> wrote:
Ah,
Ian, I think that WMS/WMTS/WFS cascading never supported anything besides basic and maybe digest authentication.
A mechanism such as “authkey” requires the server to add the key into the capablilities backlinks (geoserver authkey does
that, barring any bug), otherwise the client has to know about it, which defeats the purpose of the module.
And working off the links in GetCapabilities is the standard and “correct” behavior.
If you’re talking with a server that does not add back the key into the caps document, then you’ll need to add your own
auth support in the client.
Again, in the HTTP client would be best, the generic WMS/WMTS should stay auth unaware, there
are just too many possible auth mechanism, best to centralize them in the http clients or a wrapper of them.
Cheers
Andrea
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Geoserver-devel mailing list
Geoserver-devel@anonymised.com.366…sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
Kind regards,
Steve Omondi
On Sun, Apr 15, 2018 at 2:27 PM, Ian Turton <ijturton@anonymised.com> wrote:
I think that code only handles the “basic” authentication whereas this bug is related to authkey - so at some point someone writes authkey=xxxxx into the URL, I just can’t work out where.
Ian
–
Regards,
Andrea Aime
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
On 15 April 2018 at 10:31, Andrea Aime <andrea.aime@anonymised.com> wrote:
Hi Ian,
I’m not too familiar with the code bases, but think that the authentication does not happen in the WMS/WMTS code, but
in the HTTP client instead, e.g.:
https://github.com/geotools/geotools/blob/master/modules/library/main/src/main/java/org/geotools/data/ows/SimpleHttpClient.java#L138
https://github.com/geotools/geotools/blob/master/modules/extension/wms/src/main/java/org/geotools/data/ows/MultithreadedHttpClient.java#L144
Hope this helps
Cheers
Andrea
–
Ian Turton
On Fri, Apr 13, 2018 at 1:25 PM, Ian Turton <ijturton@anonymised.com> wrote:
I’ve been looking at GEOS-8671 thinking it was a simple find and replace issue in the WMTS code but it looks like all the WMTS code does is take the URL from the getCapabilities response (or the server URL if that fails) and makes a request to that. So I now suspect that at some point the security code is adding the authentication code to the URL - I guessed that SecuredWMTSLayer might be the place to look, but that seems to nothing to the URL, tracking back I came to SecuredWMTSStoreInfo which looks possible as it calls SecuredObjects.secure(wms, policy) - but I can’t for the life of me work out what is going on in there.
The worrying thing is that all that SecuredWMTS* code is a straight copy and paste from SecuredWMS* so if this fails for WMTS I suspect it will fail for WMS.
Can any one point me to the code that actually rewrites the URL to insert the authenicationkey?
cheers
Ian
–
Ian Turton
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Geoserver-devel mailing list
Geoserver-devel@anonymised.comrge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
Regards,
Andrea Aime
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
