[Geoserver-devel] Use my database to allow access to geoserver

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.

I think JDBC authentication is available already: http://docs.geoserver.org/latest/en/user/security/auth/providers.html#jdbc-authentication

This is useful to configure against Oracle (when that database has already been set up with a single sign on solution).

···

On 27 January 2015 at 09:01, Romulo Vieira da Silva <rmovieira@anonymised.com> wrote:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


Jody Garnett

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

···

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.

To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?

···

2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

I used a subclass of AbstractGeoserverPasswordEncoder to encode password provided by the user and validated if it is valid. I already can verify in my database if the user/password is valid. But only works when acessing by the geoserver web interface, i need that works with REST requisition too.

···

2015-01-27 15:57 GMT-02:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.

To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?

2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Hi Romulo,
about REST, probably you need to configure your authentication provider in the REST filter chain.
In the GeoServer Authentication admin page you have a section with filter chains. One is explicitly for REST. Choosing it, you can enable new authentication providers.

Beware that you cannot authorize users to use REST only on specific layers.

Mauro

···

2015-01-27 19:09 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

I used a subclass of AbstractGeoserverPasswordEncoder to encode password provided by the user and validated if it is valid. I already can verify in my database if the user/password is valid. But only works when acessing by the geoserver web interface, i need that works with REST requisition too.

2015-01-27 15:57 GMT-02:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.

To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?

2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

Hi Romulo,
as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.).
The chain to use is the default one.

Mauro

···

2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.

To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?

2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

Hello Mauro,
I tried this:
1- I created the TesteAuthenticationProvider class that is a copy of UsernamePasswordAuthenticationProvider.
2- In applicationSecurityContext.xml file added the following line
3- I added testeAuthenticationProvider = Authentication Provider Test in GeoServerApplication.properties file

In GeoServer web interface:
1- In “Authentication Filters”, added a new record with J2EE Role source J2EE default
2- to “Filter Chain”, I clicked on “default”
3 - In “Chain Filter” added “Authentication Provider Test” and removed “basic” and clicked close
4- I saved all

I put a breakpoint in TesteAuthenticationProvider class but never reaches it.
With this configuration, I realized that the breakpoint in class UsernamePasswordAuthenticationProvider not work anymore.

Can you tell me what I did wrong?

Thanks for your help.

···

2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.).
The chain to use is the default one.

Mauro

2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.

To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Hi Romulo,
I think I understood what you are asking for.

To add a new authentication provider to GeoServer, you need to create and register several classes in the system, the most important one is the security provider. This class extends GeoServerSecurityProvider and is responsible to create other security classes on demand (for example the TesteAuthenticationProvider you developed). It’s also responsible for enabling configuration serialization (using XStream) for the new provider.

That said, creating a new security module and configuring it properly is not trivial. These are some of the actions that need to be done:

  • create a new GeoServerSecurityProvider implementation and register it as a bean in the Spring application context.
  • make the GeoServerSecurityProvider implementation return you authentication provider
  • create and use configuration objects for your new security provider
  • create a web wicket module to allow configuration from the GeoServer WEB Admin UI

You can find some example of this in the gs-sec-jdbc and gs-sec-ldap modules (and the related gs-web-sec-jdbc and gs-web-sec-ldap web modules).

Finally, if your only purpose is to make GeoServer work with an existing user database for authentication, it could be simpler to use JDBC usergroup service, that already allows you to do this, without writing code, but only preparing some xml files to extract data from your database.

Regards,
Mauro

···

2015-01-28 12:12 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello Mauro,
I tried this:
1- I created the TesteAuthenticationProvider class that is a copy of UsernamePasswordAuthenticationProvider.
2- In applicationSecurityContext.xml file added the following line
3- I added testeAuthenticationProvider = Authentication Provider Test in GeoServerApplication.properties file

In GeoServer web interface:
1- In “Authentication Filters”, added a new record with J2EE Role source J2EE default
2- to “Filter Chain”, I clicked on “default”
3 - In “Chain Filter” added “Authentication Provider Test” and removed “basic” and clicked close
4- I saved all

I put a breakpoint in TesteAuthenticationProvider class but never reaches it.
With this configuration, I realized that the breakpoint in class UsernamePasswordAuthenticationProvider not work anymore.

Can you tell me what I did wrong?

Thanks for your help.

2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.).
The chain to use is the default one.

Mauro

2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.

To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

Hello Mauro
thank you very much for your help, I managed to evolve a lot. It took me to answer because I was excited about the development I’m doing that is moving forward after you helped me.

Now I have another question.
I need to do the following operation:
Every time I log in geoserver or use the GetCapabilities I need to do an audit.
My initial idea was to do this in the doFilter method of GeoServerSecurityFilter subclass, but I dont know how to configure ServletResponse object, which comes as parameter in doFilter to continue or return an error.

Any example of how to do this?

···

2015-01-28 9:47 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
I think I understood what you are asking for.

To add a new authentication provider to GeoServer, you need to create and register several classes in the system, the most important one is the security provider. This class extends GeoServerSecurityProvider and is responsible to create other security classes on demand (for example the TesteAuthenticationProvider you developed). It’s also responsible for enabling configuration serialization (using XStream) for the new provider.

That said, creating a new security module and configuring it properly is not trivial. These are some of the actions that need to be done:

  • create a new GeoServerSecurityProvider implementation and register it as a bean in the Spring application context.
  • make the GeoServerSecurityProvider implementation return you authentication provider
  • create and use configuration objects for your new security provider
  • create a web wicket module to allow configuration from the GeoServer WEB Admin UI

You can find some example of this in the gs-sec-jdbc and gs-sec-ldap modules (and the related gs-web-sec-jdbc and gs-web-sec-ldap web modules).

Finally, if your only purpose is to make GeoServer work with an existing user database for authentication, it could be simpler to use JDBC usergroup service, that already allows you to do this, without writing code, but only preparing some xml files to extract data from your database.

Regards,
Mauro

2015-01-28 12:12 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello Mauro,
I tried this:
1- I created the TesteAuthenticationProvider class that is a copy of UsernamePasswordAuthenticationProvider.
2- In applicationSecurityContext.xml file added the following line
3- I added testeAuthenticationProvider = Authentication Provider Test in GeoServerApplication.properties file

In GeoServer web interface:
1- In “Authentication Filters”, added a new record with J2EE Role source J2EE default
2- to “Filter Chain”, I clicked on “default”
3 - In “Chain Filter” added “Authentication Provider Test” and removed “basic” and clicked close
4- I saved all

I put a breakpoint in TesteAuthenticationProvider class but never reaches it.
With this configuration, I realized that the breakpoint in class UsernamePasswordAuthenticationProvider not work anymore.

Can you tell me what I did wrong?

Thanks for your help.

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-28 6:51 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
as for REST, you can use filter chains to enable authentication providers on OGC service (WMS, WFS, etc.).
The chain to use is the default one.

Mauro

2015-01-27 18:57 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Thanks for the reply.
I’m from Brazil and I do not speak very well English language, I may not have expressed myself correctly.
I’ll try to explain better:
I have a system that connects to geoserver, Using a password and username to access the layers that he created and that only he can see. This same user need also use the QuantumGIS to access these same layers and should use the same username and password.

To be more specific: I need to check if the user can access the WMS or WFS request. Using JDBC UserGroupService i can do this ?

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 15:37 GMT-02:00 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>:

Hi Romulo,
the simplest thing you can do is to use the JDBC UserGroupService. This can be used to take users and groups information from your custom database.

You can find some basic documentation here: http://docs.geoserver.org/stable/en/user/security/usergrouprole/usergroupservices.html#jdbc-user-group-service

The module itself is supposed to work with its own database structure, but it’s configurable through a couple of XML files (where you can specify a set of SQL queries to read the data from your database).

The only caveat is password storage: this is a bit difficult to configure if you don’t use one of the Geoserver encodings for passwords.

Let me know if you need further info on this subject.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

2015-01-27 18:01 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com>:

Hello, I would like to take my User database to allow access to geoserver, I tried to extend the GeoServerAuthenticationProvider class but it did not work, (also tried to extend AbstractFilterProvider but unsuccessfully) the class is never called.
I tried to follow the example of GeoServerUserNamePasswordAuthenticationProvider class, but also failed.
Does anyone have any more detailed material that the manual to make GeoServer 2.6 to help me do this?

Thank you all.


Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/


Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Hi Romulo,

···

2015-01-29 14:52 GMT+01:00 Romulo Vieira da Silva <rmovieira@anonymised.com…403…>:

Hello Mauro
thank you very much for your help, I managed to evolve a lot. It took me to answer because I was excited about the development I’m doing that is moving forward after you helped me.

Now I have another question.
I need to do the following operation:
Every time I log in geoserver or use the GetCapabilities I need to do an audit.
My initial idea was to do this in the doFilter method of GeoServerSecurityFilter subclass, but I dont know how to configure ServletResponse object, which comes as parameter in doFilter to continue or return an error.

You mean that your audit can be successful (and in this case you authorize the user) or failed (and in this case you want to return an error, such as 403). If this is the case you should:

  1. set the Authentication object ONLY in case of success with something like:

SecurityContextHolder.getContext().setAuthentication();

  1. set an Http403ForbiddenEntryPoint as your entry point in the doFilter method (in any case), with something like:

request.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, new Http403ForbiddenEntryPoint());

You can find examples in other security filters.

Mauro

==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.