[Geoserver-devel] [JIRA] (GEOS-7059) Filter chain with "Basic" authentication not taking effect when also have "CAS" filter chain

_Failed_to_Retrieve · June 4, 2015, 3:36pm

Stephen Brooke created an issue

Filter chain with “Basic” authentication not taking effect when also have “CAS” filter chain

Issue Type:	Bug
Affects Versions:	2.6.1
Assignee:	Unassigned
Components:	Security
Created:	04/Jun/15 5:35 PM
Environment:	Linux Suse 11 SP3 64-bit Windows 7 Enterprise 64-bit
Priority:	High
Reporter:	Stephen Brooke

I have two additional security Filter chains than what comes by default with GeoServer:

“Service Chain” called OGC which uses a “CAS” Authentication Filter that filters on the Ant pattern: /gwc***,/gwc/,/wfs,/wfs/,/wms,/wms/*,/MyWorkspace/
“Service Chain” called KML which uses the out-of-box “Basic” Authentication Filter placed above (infront of) the OGC filter that filters on the Ant pattern: /MyWorkspace/wmsformat=application/vnd.google-earth.kml

I want to be able to authenticate URLs matching the pattern in #1 with CAS and #2 with “Basic” authentication.

This works as far as GeoServer “Filter Chain Tester” is concerned however, when you are not authenticated already and you try it from Google Earth it doesn’t work, and sure enough when you do an HTTP GET on the URL from the KML file you get redirected to CAS login page.
Why is the GeoServer Authentication Chain mechanism choosing CAS authentication even though the “Filter Chain Tester” tells us that the URL matches a different service chain?

Add Comment

This message was sent by Atlassian JIRA (v6.5-OD-05-041#65001-sha1:e07c9f6)