[Geoserver-devel] [jira] (GEOS-5216) Allow per-workspace service security rule

Landry Breuil created ImprovementGEOS-5216
Allow per-workspace service security rule

Issue Type:

ImprovementImprovement

Affects Versions:

2.1.3

Assignee:

Andrea Aime

Components:

Security

Created:

06/Jul/12 12:10 PM

Description:

I know it’s stated on http://docs.geoserver.org/stable/en/user/security/layer.html that layer security and service security, but i was wondering if it’d be possible to have per-workspace (not even per-layer) service ACL.

My usecase is simple : i want two workspaces for two different targets :

  • one public workspace where the published data is available freely to anyone via WMS/WFS/WCS
  • one ‘private’ workspace where the user need to login (http auth) to access WMS/WFS/WCS

As it is now, i didnt find a way to implement that in GeoServer itself. You either allow full access to a service on all workspaces, or restrict services on all workspaces to a role via http auth.

I can still put the http auth on my frontend reverse proxy (my users are in a LDAP), but it’d be nice to have that directly integrated in GeoServer.

How hard would it be to implement that ? After all it’s “just” adding a workspace key to service acls (or a service key to data acls…) in the UI and in the access backend. Would it be a wanted feature, or against GeoServer’s design ?

Sorry if this bug report is a duplicate, didnt find a similar subject in the open issues.

Environment:

Linux Debian Squeeze

Project:

GeoServer

Priority:

MajorMajor

Reporter:

Landry Breuil

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your [JIRA administrators](https://jira.codehaus.org/secure/ContactAdministrators!default.jspa). For more information on JIRA, see: [http://www.atlassian.com/software/jira](http://www.atlassian.com/software/jira)