Hi,
As far as I know, with current geoserver version, it is possible to preview a layer without logging-in, but by directly entering a URL (with service, layer and co-ordinates information) in the browser.
I am wondering if it is possible to create a web-app wrapper around geoserver, which would allow user to request to view a layer by specifying complete URL (as described above)? I am only trying to introduce this web interface between geoserver and user, so that I can introduce my own choice of authentication to restrict even read requests (layer preview) for authenticated users, while making minimum possible changes in geoserver.
Please let me know if you have any suggestions/information about the possible steps. Your help is highly appreciated.
Thanks
Sachin
Hi Sachin,
Maybe I’m not understanding your requirements correctly, but GeoServer’s Layer Preview just uses WMS and WFS requests. You can easily duplicate it yourself using OpenLayers - http://openlayers.org/dev/examples/.
Restricting user’s access can be done by the web-app but logically should be done within GeoServer itself (otherwise someone knowing what they’re doing could simply make the request directly to GeoServer, going around your “wrapper”).
Jonathan
On 25 April 2013 06:36, Sachin Hirve <shirve.csu@anonymised.com> wrote:
Hi,
As far as I know, with current geoserver version, it is possible to preview a layer without logging-in, but by directly entering a URL (with service, layer and co-ordinates information) in the browser.
I am wondering if it is possible to create a web-app wrapper around geoserver, which would allow user to request to view a layer by specifying complete URL (as described above)? I am only trying to introduce this web interface between geoserver and user, so that I can introduce my own choice of authentication to restrict even read requests (layer preview) for authenticated users, while making minimum possible changes in geoserver.
Please let me know if you have any suggestions/information about the possible steps. Your help is highly appreciated.
Thanks
Sachin
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
@Jonathan and Stefano, Thank you for your replies.
I understand that a user may go around my wrapper to request the URL from geoserver, but my next step was to restrict this situation. I am also looking for mechanisms where geoserver may be tied to a particular port/secure channel (may be certificates), in that case possible “go around” can be blocked.
Let me know if you have suggestions.
Thanks
Sachin
PS: I was earlier trying to modify the authentication mechanism of geoserver to suit my requirements (CAS), but it seemed to be too involving process.
···
On Thu, Apr 25, 2013 at 4:59 AM, Jonathan Moules <jonathanmoules@anonymised.com> wrote:
Hi Sachin,
Maybe I’m not understanding your requirements correctly, but GeoServer’s Layer Preview just uses WMS and WFS requests. You can easily duplicate it yourself using OpenLayers - http://openlayers.org/dev/examples/.
Restricting user’s access can be done by the web-app but logically should be done within GeoServer itself (otherwise someone knowing what they’re doing could simply make the request directly to GeoServer, going around your “wrapper”).
Jonathan
On 25 April 2013 06:36, Sachin Hirve <shirve.csu@anonymised.com> wrote:
Hi,
As far as I know, with current geoserver version, it is possible to preview a layer without logging-in, but by directly entering a URL (with service, layer and co-ordinates information) in the browser.
I am wondering if it is possible to create a web-app wrapper around geoserver, which would allow user to request to view a layer by specifying complete URL (as described above)? I am only trying to introduce this web interface between geoserver and user, so that I can introduce my own choice of authentication to restrict even read requests (layer preview) for authenticated users, while making minimum possible changes in geoserver.
Please let me know if you have any suggestions/information about the possible steps. Your help is highly appreciated.
Thanks
Sachin
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@anonymised.comorge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
At that point I’d expect your restrictions should be within the webserver. Jetty/Tomcat (whichever you’re using) are where you specify what port it listens on and security certificates etc.
Jonathan
···
On Thu, Apr 25, 2013 at 4:59 AM, Jonathan Moules <jonathanmoules@anonymised.com> wrote:
Hi Sachin,
Maybe I’m not understanding your requirements correctly, but GeoServer’s Layer Preview just uses WMS and WFS requests. You can easily duplicate it yourself using OpenLayers - http://openlayers.org/dev/examples/.
Restricting user’s access can be done by the web-app but logically should be done within GeoServer itself (otherwise someone knowing what they’re doing could simply make the request directly to GeoServer, going around your “wrapper”).
Jonathan
On 25 April 2013 06:36, Sachin Hirve <shirve.csu@anonymised.com> wrote:
Hi,
As far as I know, with current geoserver version, it is possible to preview a layer without logging-in, but by directly entering a URL (with service, layer and co-ordinates information) in the browser.
I am wondering if it is possible to create a web-app wrapper around geoserver, which would allow user to request to view a layer by specifying complete URL (as described above)? I am only trying to introduce this web interface between geoserver and user, so that I can introduce my own choice of authentication to restrict even read requests (layer preview) for authenticated users, while making minimum possible changes in geoserver.
Please let me know if you have any suggestions/information about the possible steps. Your help is highly appreciated.
Thanks
Sachin
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@anonymised.comorge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
Hi Sachin
Since 2.3.x there is a CAS extensions which should meet your requirements. Did you test it ?.
Cheers
Christian
···
2013/4/25 Jonathan Moules <jonathanmoules@anonymised.com>
At that point I’d expect your restrictions should be within the webserver. Jetty/Tomcat (whichever you’re using) are where you specify what port it listens on and security certificates etc.
Jonathan
On 25 April 2013 15:14, Sachin Hirve <shirve.csu@anonymised.com> wrote:
@Jonathan and Stefano, Thank you for your replies.
I understand that a user may go around my wrapper to request the URL from geoserver, but my next step was to restrict this situation. I am also looking for mechanisms where geoserver may be tied to a particular port/secure channel (may be certificates), in that case possible “go around” can be blocked.
Let me know if you have suggestions.
Thanks
Sachin
PS: I was earlier trying to modify the authentication mechanism of geoserver to suit my requirements (CAS), but it seemed to be too involving process.
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Thu, Apr 25, 2013 at 4:59 AM, Jonathan Moules <jonathanmoules@anonymised.com> wrote:
Hi Sachin,
Maybe I’m not understanding your requirements correctly, but GeoServer’s Layer Preview just uses WMS and WFS requests. You can easily duplicate it yourself using OpenLayers - http://openlayers.org/dev/examples/.
Restricting user’s access can be done by the web-app but logically should be done within GeoServer itself (otherwise someone knowing what they’re doing could simply make the request directly to GeoServer, going around your “wrapper”).
Jonathan
On 25 April 2013 06:36, Sachin Hirve <shirve.csu@anonymised.com> wrote:
Hi,
As far as I know, with current geoserver version, it is possible to preview a layer without logging-in, but by directly entering a URL (with service, layer and co-ordinates information) in the browser.
I am wondering if it is possible to create a web-app wrapper around geoserver, which would allow user to request to view a layer by specifying complete URL (as described above)? I am only trying to introduce this web interface between geoserver and user, so that I can introduce my own choice of authentication to restrict even read requests (layer preview) for authenticated users, while making minimum possible changes in geoserver.
Please let me know if you have any suggestions/information about the possible steps. Your help is highly appreciated.
Thanks
Sachin
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@anonymised.comorge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
Hi Christian,
I am working on a geoserver branch which is 2.2.x and used by some other group which implemented Web-3D service to view Geo-spatial data in 3D form. Therefore I think it would take substantial efforts to bring-in CAS extension from 2.3.x to my geoserver version. But I will anyways test CAS extension of 2.3.x.
Thanks
Sachin
···
On Thu, Apr 25, 2013 at 11:48 AM, Christian Mueller <christian.mueller@anonymised.com> wrote:
Hi Sachin
Since 2.3.x there is a CAS extensions which should meet your requirements. Did you test it ?.
Cheers
Christian
2013/4/25 Jonathan Moules <jonathanmoules@anonymised.com>
At that point I’d expect your restrictions should be within the webserver. Jetty/Tomcat (whichever you’re using) are where you specify what port it listens on and security certificates etc.
Jonathan
On 25 April 2013 15:14, Sachin Hirve <shirve.csu@anonymised.com> wrote:
@Jonathan and Stefano, Thank you for your replies.
I understand that a user may go around my wrapper to request the URL from geoserver, but my next step was to restrict this situation. I am also looking for mechanisms where geoserver may be tied to a particular port/secure channel (may be certificates), in that case possible “go around” can be blocked.
Let me know if you have suggestions.
Thanks
Sachin
PS: I was earlier trying to modify the authentication mechanism of geoserver to suit my requirements (CAS), but it seemed to be too involving process.
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
On Thu, Apr 25, 2013 at 4:59 AM, Jonathan Moules <jonathanmoules@anonymised.com> wrote:
Hi Sachin,
Maybe I’m not understanding your requirements correctly, but GeoServer’s Layer Preview just uses WMS and WFS requests. You can easily duplicate it yourself using OpenLayers - http://openlayers.org/dev/examples/.
Restricting user’s access can be done by the web-app but logically should be done within GeoServer itself (otherwise someone knowing what they’re doing could simply make the request directly to GeoServer, going around your “wrapper”).
Jonathan
On 25 April 2013 06:36, Sachin Hirve <shirve.csu@anonymised.com> wrote:
Hi,
As far as I know, with current geoserver version, it is possible to preview a layer without logging-in, but by directly entering a URL (with service, layer and co-ordinates information) in the browser.
I am wondering if it is possible to create a web-app wrapper around geoserver, which would allow user to request to view a layer by specifying complete URL (as described above)? I am only trying to introduce this web interface between geoserver and user, so that I can introduce my own choice of authentication to restrict even read requests (layer preview) for authenticated users, while making minimum possible changes in geoserver.
Please let me know if you have any suggestions/information about the possible steps. Your help is highly appreciated.
Thanks
Sachin
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@anonymised.comorge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
This transmission is intended for the named addressee(s) only and may contain sensitive or protectively marked material up to RESTRICTED and should be handled accordingly. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. All email traffic sent to or from us, including without limitation all GCSX traffic, may be subject to recording and/or monitoring in accordance with relevant legislation.