Now I have another question.
I need to do the following operation:
Every time I log in geoserver or use the GetCapabilities I need to do an audit.
My initial idea was to do this in the doFilter method of GeoServerSecurityFilter subclass, but I dont know how to configure ServletResponse object, which comes as parameter in doFilter to continue or return an error.
···
2015-01-28 9:47 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:
Hi Romulo,
I think I understood what you are asking for.
To add a new authentication provider to GeoServer, you need to create and register several classes in the system, the most important one is the security provider. This class extends GeoServerSecurityProvider and is responsible to create other security classes on demand (for example the TesteAuthenticationProvider you developed). It’s also responsible for enabling configuration serialization (using XStream) for the new provider.
That said, creating a new security module and configuring it properly is not trivial. These are some of the actions that need to be done:
- create a new GeoServerSecurityProvider implementation and register it as a bean in the Spring application context.
- make the GeoServerSecurityProvider implementation return you authentication provider
- create and use configuration objects for your new security provider
- create a web wicket module to allow configuration from the GeoServer WEB Admin UI
You can find some example of this in the gs-sec-jdbc and gs-sec-ldap modules (and the related gs-web-sec-jdbc and gs-web-sec-ldap web modules).
Finally, if your only purpose is to make GeoServer work with an existing user database for authentication, it could be simpler to use JDBC usergroup service, that already allows you to do this, without writing code, but only preparing some xml files to extract data from your database.
Regards,
Mauro
2015-01-28 12:12 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:
Hello Mauro,
I tried this:
1- I created the TesteAuthenticationProvider class that is a copy of UsernamePasswordAuthenticationProvider.
2- In applicationSecurityContext.xml file added the following line
3- I added testeAuthenticationProvider = Authentication Provider Test in GeoServerApplication.properties file
In GeoServer web interface:
1- In “Authentication Filters”, added a new record with J2EE Role source J2EE default
2- to “Filter Chain”, I clicked on “default”
3 - In “Chain Filter” added “Authentication Provider Test” and removed “basic” and clicked close
4- I saved all
I put a breakpoint in TesteAuthenticationProvider class but never reaches it.
With this configuration, I realized that the breakpoint in class UsernamePasswordAuthenticationProvider not work anymore.
Can you tell me what I did wrong?
Thanks for your help.
–
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:
Hi Romulo,
as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.).
The chain to use is the default one.
Mauro
2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:
Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.
To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?
–
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:
Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.
You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service
The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).
The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.
Let me know if you need further info on this subject.
Mauro
–
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:
Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?
Thank you all.
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel