I’m developing a web app, using geoserver + openlayers + postgre/postgis…
This app will be restricted only to some users, because of its contents, for
example, the FeatureTypes…
But, by default… when we create a new FeatureType, it’s listed on Preview.do
and this session of geoserver doesn’t need authentification to be seen… so,
anyonde can see my featuretypes there… is there a way to avoid it???
Another question: I’m using Tomcat working together Apache Server (with mod_jk)…
I tried to create some restrictions in http.conf as I do with others apache’s dirs and pages,
but I got no sucess… Then, I tried a VirtualHost with a Proxy but I could only “deny from all”
or “allow from 127.0.0.1” and it keeps accessing geoserver main page and sub ones…
Resuming… Is there a way to make sure that only my app is allowed to access my featureTypes
via WMS/WFS/WCS ???
I'm developing a web app, using geoserver + openlayers + postgre/postgis...
This app will be restricted only to some users, because of its contents, for
example, the FeatureTypes...
But, by default.. when we create a new FeatureType, it's listed on Preview.do
and this session of geoserver doesn't need authentification to be seen... so,
anyonde can see my featuretypes there.. is there a way to avoid it???
It's still a bit green, but should fit your needs.
Another question: I'm using Tomcat working together Apache Server (with mod_jk)...
I tried to create some restrictions in http.conf as I do with others apache's dirs and pages,
but I got no sucess.. Then, I tried a VirtualHost with a Proxy but I could only "deny from all"
or "allow from 127.0.0.1" and it keeps accessing geoserver main page and sub ones..
Resuming... Is there a way to make sure that only my app is allowed to access my featureTypes
via WMS/WFS/WCS ???
It depends on where you app runs. If it's a server side one, just
avoid putting the 8080 port as available on the internet.
If your app is remote (as javascript one running in a browser) then
there is no way to just recognize the app, you have to make the
user of it login, see again the geoserver security subsystem docs.
Cheers
Andrea
--
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.
I’m developing a web app, using geoserver + openlayers + postgre/postgis…
This app will be restricted only to some users, because of its contents, for
example, the FeatureTypes…
But, by default… when we create a new FeatureType, it’s listed on Preview.do
and this session of geoserver doesn’t need authentification to be seen… so,
anyonde can see my featuretypes there… is there a way to avoid it???
It’s still a bit green, but should fit your needs.
Another question: I’m using Tomcat working together Apache Server (with mod_jk)…
I tried to create some restrictions in http.conf as I do with others apache’s dirs and pages,
but I got no sucess… Then, I tried a VirtualHost with a Proxy but I could only “deny from all”
or “allow from 127.0.0.1” and it keeps accessing geoserver main page and sub ones…
Resuming… Is there a way to make sure that only my app is allowed to access my featureTypes
via WMS/WFS/WCS ???
It depends on where you app runs. If it’s a server side one, just
avoid putting the 8080 port as available on the internet.
If your app is remote (as javascript one running in a browser) then
there is no way to just recognize the app, you have to make the
user of it login, see again the geoserver security subsystem docs.
Cheers
Andrea
–
Andrea Aime
OpenGeo - http://opengeo.org
Expert service straight from the developers.