-
Enable hide or challenge catalog mode
-
Create workspaces ‘au’ and ‘am’
-
Create 1 layer in workspace ‘au’ (with name ‘a’) and 1 layer in workspace ‘am’ (with name ‘b’) from shapefiles
-
Add a role “Reader”
-
Add a user “Reader” and make him a member of the role “Reader”
-
Add a security rule for ‘au.a’ and only allow the “Reader” role to read
-
Add a security rule for ‘am.b’ and only allow the “ADMIN” role to read
-
Perform a POST request to ‘/wfs?REQUEST=GetFeature&VERSION=1.1.0&SERVICE=WFS’ with basic authentication using the “Reader” user and an OGC filter in the POST data. For example:
<?xml version="1.0" encoding="UTF-8"?><wfs:GetFeature xmlns:au="http://localhost:8085/au" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wfs="http://www.opengis.net/wfs" xmlns:gml="http://www.opengis.net/gml" xmlns:ogc="http://www.opengis.net/ogc" xmlns:ows="http://www.opengis.net/ows" xmlns:xlink="http://www.w3.org/1999/xlink" outputFormat="text/xml; subtype=gml/3.1.1" resultType="results" service="WFS" version="1.1.0">
<wfs:Query srsName="urn:x-ogc:def:crs:EPSG:31370" typeName="au:CNTR_RG_01M_2016_4326">
<ogc:Filter>
<ogc:PropertyIsEqualTo>
<ogc:PropertyName>CNTR_ID</ogc:PropertyName>
<ogc:Literal>BE</ogc:Literal>
</ogc:PropertyIsEqualTo>
</ogc:Filter>
</wfs:Query>
</wfs:GetFeature>
-
See that the request succeeds and returns results (if the OGC filter matches features)
-
Change the catalog mode to mixed
-
Try the request again
-
See that the request fails with a 403 forbidden HTTP code
Since the OGC filter used for the getFeature request limits our search to a specific layer, the request should succeed in mixed catalog mode, just as it does in challenge or hide mode.