Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Hi Chris,
GeoServer has a rich security module. Briefly, users can be authenticated and authorized to have access to specific workspaces and data layers with varied read/write/admin options. Additionally, a user can be configured to administer GeoServer. With those options, you can restrict what users would see in the web UI.
http://docs.geoserver.org/latest/en/user/security/index.html
As a note, if you’ve got all your configuration set and don’t require the admin UI, you can disable it via these options: http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interface. I think this leaves the REST API available, so it doesn’t remove the need for proper security configuration.
Cheers,
Jim
On 07/11/2016 09:00 AM, Chris Buckmaster wrote:
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. [http://sdm.link/attshape](http://sdm.link/attshape)_______________________________________________ Geoserver-users mailing list [Geoserver-users@lists.sourceforge.net](mailto:Geoserver-users@lists.sourceforge.net) [https://lists.sourceforge.net/lists/listinfo/geoserver-users](https://lists.sourceforge.net/lists/listinfo/geoserver-users)
Hi Chris,
Have you tried the two options at the bottom of this page:
http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interface
They will allow you to disable the web admin interface entirely I believe.
Cheers,
Jonathan
---- On Mon, 11 Jul 2016 14:00:29 +0100 Chris Buckmaster<chris.buckmaster@anonymised.com.> wrote ----
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Geoserver-users mailing list
Geoserver-users@anonymised.comrceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Hi Jonathan
Yes I did notice that but do need access to it within my internal network so I can carry out admin work, I also thought about adding authentication in Windows IIS but probably wouldn’t be a good approach as it might affect access to the data layers themselves.
Will have a look at the information provided by Jim in the previous post.
Chris
From: Jonathan Moules [mailto:jonathan-lists@…7221…]
Sent: 11 July 2016 14:20
To: Chris Buckmaster
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Disable / alter Geoserver web admin interface for external users
Hi Chris,
Have you tried the two options at the bottom of this page:
http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interface
They will allow you to disable the web admin interface entirely I believe.
Cheers,
Jonathan
---- On Mon, 11 Jul 2016 14:00:29 +0100 Chris Buckmaster<chris.buckmaster@…7473…> wrote ----
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Hi Chris,
Ah! If you need separate access for an ip block, you might want to explore GeoFence: https://github.com/geoserver/geofence/wiki/Main-concepts.
Not all the features are available in the module version, so you may need to install a stand-alone GeoFence.
Cheers,
Jim
On 07/11/2016 09:22 AM, Chris Buckmaster wrote:
Hi Jonathan
Yes I did notice that but do need access to it within my internal network so I can carry out admin work, I also thought about adding authentication in Windows IIS but probably wouldn’t be a good approach as it might affect access to the data layers themselves.
Will have a look at the information provided by Jim in the previous post.
Chris
From: Jonathan Moules [mailto:jonathan-lists@anonymised.com]
Sent: 11 July 2016 14:20
To: Chris Buckmaster
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Disable / alter Geoserver web admin interface for external usersHi Chris,
Have you tried the two options at the bottom of this page:
http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interfaceThey will allow you to disable the web admin interface entirely I believe.
Cheers,
Jonathan---- On Mon, 11 Jul 2016 14:00:29 +0100 Chris Buckmaster<chris.buckmaster@anonymised.com> wrote ----
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. [http://sdm.link/attshape](http://sdm.link/attshape)_______________________________________________ Geoserver-users mailing list [Geoserver-users@lists.sourceforge.net](mailto:Geoserver-users@lists.sourceforge.net) [https://lists.sourceforge.net/lists/listinfo/geoserver-users](https://lists.sourceforge.net/lists/listinfo/geoserver-users)
I’ll take a look at that as well thanks Jim.
From: Jim Hughes [mailto:jnh5y@anonymised.com]
Sent: 11 July 2016 14:29
To: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Disable / alter Geoserver web admin interface for external users
Hi Chris,
Ah! If you need separate access for an ip block, you might want to explore GeoFence: https://github.com/geoserver/geofence/wiki/Main-concepts.
Not all the features are available in the module version, so you may need to install a stand-alone GeoFence.
Cheers,
Jim
On 07/11/2016 09:22 AM, Chris Buckmaster wrote:
Hi Jonathan
Yes I did notice that but do need access to it within my internal network so I can carry out admin work, I also thought about adding authentication in Windows IIS but probably wouldn’t be a good approach as it might affect access to the data layers themselves.
Will have a look at the information provided by Jim in the previous post.
Chris
From: Jonathan Moules [mailto:jonathan-lists@anonymised.com]
Sent: 11 July 2016 14:20
To: Chris Buckmaster
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Disable / alter Geoserver web admin interface for external usersHi Chris,
Have you tried the two options at the bottom of this page:
http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interfaceThey will allow you to disable the web admin interface entirely I believe.
Cheers,
Jonathan---- On Mon, 11 Jul 2016 14:00:29 +0100 Chris Buckmaster<chris.buckmaster@anonymised.com> wrote ----
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users------------------------------------------------------------------------------Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in SanFrancisco, CA to explore cutting-edge tech and listen to tech luminariespresent their vision of the future. This family event has something foreveryone, including kids. Get more information and register today.[http://sdm.link/attshape](http://sdm.link/attshape)_______________________________________________Geoserver-users mailing list[Geoserver-users@lists.sourceforge.net](mailto:Geoserver-users@lists.sourceforge.net)[https://lists.sourceforge.net/lists/listinfo/geoserver-users](https://lists.sourceforge.net/lists/listinfo/geoserver-users)
Hi Chris,
In that scenario my first thought would be of having multiple instances of GeoServer - a development one (which has the web interface and you can administer), and then a production one which has the web-interface disabled. This removes the risk of mistakes in administering affecting production users.
Alternately, you could also indeed do IIS authentication - just be sure to only require authentication for requests to the /web/ path. This won’t impact any access to your data as they come through other paths.
If you do want (some) other people to be able to administer the system, but only specific layers, then Jim’s solution would be the best. If you want to have everything (for you and other admins) or nothing (for everyone else), then the IIS option will probably be simplest.
Cheers,
Jonathan
---- On Mon, 11 Jul 2016 14:22:36 +0100 Chris Buckmasterchris.buckmaster@anonymised.com wrote ----
Hi Jonathan
Yes I did notice that but do need access to it within my internal network so I can carry out admin work, I also thought about adding authentication in Windows IIS but probably wouldn’t be a good approach as it might affect access to the data layers themselves.
Will have a look at the information provided by Jim in the previous post.
Chris
From: Jonathan Moules [mailto:jonathan-lists@anonymised.com]
Sent: 11 July 2016 14:20
To: Chris Buckmaster
Cc: geoserver-users@anonymised.coms.sourceforge.net
Subject: Re: [Geoserver-users] Disable / alter Geoserver web admin interface for external usersHi Chris,
Have you tried the two options at the bottom of this page:
http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interfaceThey will allow you to disable the web admin interface entirely I believe.
Cheers,
Jonathan---- On Mon, 11 Jul 2016 14:00:29 +0100 Chris Buckmaster<chris.buckmaster@anonymised.com> wrote ----
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Thanks for the advice Jonathan!
From: Jonathan Moules [mailto:jonathan-lists@…7221…]
Sent: 11 July 2016 14:52
To: Chris Buckmaster
Cc: geoserver-users@lists.sourceforge.net
Subject: RE: [Geoserver-users] Disable / alter Geoserver web admin interface for external users
Hi Chris,
In that scenario my first thought would be of having multiple instances of GeoServer - a development one (which has the web interface and you can administer), and then a production one which has the web-interface disabled. This removes the risk of mistakes in administering affecting production users.
Alternately, you could also indeed do IIS authentication - just be sure to only require authentication for requests to the /web/ path. This won’t impact any access to your data as they come through other paths.
If you do want (some) other people to be able to administer the system, but only specific layers, then Jim’s solution would be the best. If you want to have everything (for you and other admins) or nothing (for everyone else), then the IIS option will probably be simplest.
Cheers,
Jonathan
---- On Mon, 11 Jul 2016 14:22:36 +0100 Chris Buckmaster<chris.buckmaster@…7473…> wrote ----
Hi Jonathan
Yes I did notice that but do need access to it within my internal network so I can carry out admin work, I also thought about adding authentication in Windows IIS but probably wouldn’t be a good approach as it might affect access to the data layers themselves.
Will have a look at the information provided by Jim in the previous post.
Chris
From: Jonathan Moules [mailto:jonathan-lists@…7221…]
Sent: 11 July 2016 14:20
To: Chris Buckmaster
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Disable / alter Geoserver web admin interface for external usersHi Chris,
Have you tried the two options at the bottom of this page:
http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interfaceThey will allow you to disable the web admin interface entirely I believe.
Cheers,
Jonathan---- On Mon, 11 Jul 2016 14:00:29 +0100 Chris Buckmaster<chris.buckmaster@…7473…> wrote ----
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
If the instances are different maybe you can just remove the WEB module JARs from the production one.
On Mon, Jul 11, 2016 at 3:53 PM, Chris Buckmaster <chris.buckmaster@anonymised.com> wrote:
Thanks for the advice Jonathan!
From: Jonathan Moules [mailto:jonathan-lists@anonymised.com]
Sent: 11 July 2016 14:52
To: Chris Buckmaster
Cc: geoserver-users@lists.sourceforge.net
Subject: RE: [Geoserver-users] Disable / alter Geoserver web admin interface for external usersHi Chris,
In that scenario my first thought would be of having multiple instances of GeoServer - a development one (which has the web interface and you can administer), and then a production one which has the web-interface disabled. This removes the risk of mistakes in administering affecting production users.
Alternately, you could also indeed do IIS authentication - just be sure to only require authentication for requests to the /web/ path. This won’t impact any access to your data as they come through other paths.
If you do want (some) other people to be able to administer the system, but only specific layers, then Jim’s solution would be the best. If you want to have everything (for you and other admins) or nothing (for everyone else), then the IIS option will probably be simplest.Cheers,
Jonathan---- On Mon, 11 Jul 2016 14:22:36 +0100 Chris Buckmaster<chris.buckmaster@anonymised.com73…> wrote ----
Hi Jonathan
Yes I did notice that but do need access to it within my internal network so I can carry out admin work, I also thought about adding authentication in Windows IIS but probably wouldn’t be a good approach as it might affect access to the data layers themselves.
Will have a look at the information provided by Jim in the previous post.
Chris
From: Jonathan Moules [mailto:jonathan-lists@anonymised.com]
Sent: 11 July 2016 14:20
To: Chris Buckmaster
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Disable / alter Geoserver web admin interface for external usersHi Chris,
Have you tried the two options at the bottom of this page:
http://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interfaceThey will allow you to disable the web admin interface entirely I believe.
Cheers,
Jonathan---- On Mon, 11 Jul 2016 14:00:29 +0100 Chris Buckmaster<chris.buckmaster@anonymised.com73…> wrote ----
Hi
I am wondering if there is a way to either disable or limit the amount of information displayed when external users are accessing my Geoserver web interface?
They currently are able to view my layers and other settings; I noticed that on some other public geoserver web areas the options on the left hand side have been removed, how am I able to do this?
Thanks
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Best Regards,
Alessio Fabiani.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.