Andrea,
Thank you for the info. Will try to look in.
Pagarbiai,
Paulius Litvinas
GIS konsultantas
From: andrea.aime@anonymised.com [mailto:andrea.aime@anonymised.com4…] On Behalf Of Andrea Aime
Sent: Thursday, February 25, 2016 11:20 AM
To: Paulius Litvinas | InfoEra <paulius@anonymised.com4…>
Cc: GeoServer Mailing List List geoserver-users@anonymised.coms.sourceforge.net
Subject: Re: [Geoserver-users] geoserver + geofence and WMSGetFeatureInfo
On Thu, Feb 25, 2016 at 9:47 AM, Paulius Litvinas | InfoEra <paulius@anonymised.com> wrote:
Using 2 users in geofence: admin and user. admin has all rights and can access everything. user can access one layer with readonly all attributes and some layer attributes are denied (NONE).
Faced a strange behavior as WMSGetFeatureInfo request changes the attribute order in response for user. For admin it lists and works ok.
Also tried with user1, who has access right for one layer and all attributes are readonly. Attribute order in response also is changed.
May anyone knows if this is normal behavior, bug or additional configuration is needed?
Maybe anyone knows how it works and who is responsible for the sort order?
The code restricting the attributes is here:
https://github.com/geoserver/geoserver/blob/master/src/main/src/main/java/org/geoserver/security/decorators/SecuredFeatureSource.java#L142
My guess is that the security properties coming from GeoFence are out of order compared to
the native layer ones. It should not be a hard fix to make, is it something you want to try to fix directly?
Contribution guide is here:
https://github.com/geoserver/geoserver/blob/master/CONTRIBUTING.md
Cheers
Andrea
–
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
