Thank you Andrea! I misled myself with some old docs.
Its straight forward:
def http = new HTTPBuilder("http://127.0.0.1:8080")
//providing authentication if neccessary
http.auth.basic 'admin','geoserver'
//building and sending the WFS-Request
http.headers.'Content-Type'="application/xml; charset=UTF-8"
http.headers.'Accept-Encoding'= 'gzip,deflate'
String xmlString = new StreamingMarkupBuilder().bind(){mkp.yield
request.XML}
def wfsResponse = http.post(path:'/geoserver/wfs',body:xmlString)
//dealing with response
def featureCollection = new StreamingMarkupBuilder().bind(){mkp.yield
wfsResponse}
render featureCollection.toString()
Regards
Sven
I think I have a legitimate reason to ask the same question so hopefully
there is an easy way to do this.
I'm writing a .NET application that uses GeoServer and relies on Windows
Authentication. I need to use GeoServer's role-based security but I can't
ask the user to login using a GeoServer account after they've just logged in
with a Windows account.
My planned approach:
- Use IIS reverse proxy URL rewrites so that
http://dot.net.application/geoserver routes me through to Tomcat, removing
any cross-domain issues (because now my .NET application and GeoServer
appear on the same domain)
- .NET landing page uses Windows Authentication to verify identify
- .NET requests a new session from GeoServer (this is the bit I'm currently
interested in)
- Based on the Windows user's group .NET logs in to GeoServer with a known
username / password combination with appropriate permissions for that
Windows User Group (by posting to j_spring_security_check)
- Once logged-in .NET passes the GeoServer JSESSIONID cookie back to the
browser, so that the browser can hit http://…/geoserver as an
authenticated GeoServer user (due to the proxy approach this is not a
third-party cookie)
Providing authentication details in each request to GeoServer in an auth
header isn't an option because I don't want to send the encoded user / pass
combination out to the browser
If this sounds overly complex and there is a better approach I'd love to
hear about it. If not then currently I have to request
http://…/geoserver/web before GeoServer provides a new JSESSIONID. I'd
like an easier way of getting it if possible
--
View this message in context: http://osgeo-org.1560.n6.nabble.com/Getting-JSESSIONID-whithout-authentication-tp3795976p4983783.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
On Tue, Jun 26, 2012 at 2:51 AM, cheesybiscuits <thomaschristian@anonymised.com> wrote:
I think I have a legitimate reason to ask the same question so hopefully
there is an easy way to do this.
I’m writing a .NET application that uses GeoServer and relies on Windows
Authentication. I need to use GeoServer’s role-based security but I can’t
ask the user to login using a GeoServer account after they’ve just logged in
with a Windows account.
On trunk we have the new pluggable authentication subsystem that allows
for different forms of authentication.
I don’t think Spring Securty has built-int support for Windows authentication
but this project seems to provide the missing pieces:
http://dblock.github.com/waffle/
With the above it seems it would be possible to make GeoServer just use
the windows authentication directly
Cheers
Andrea
–
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
Hi
The GeoServer 2.2.x security subsystem allows proxy authentication. Is it possible for you to add a http header attribute with the user name (password is NOT required)
Christian
Zitat von cheesybiscuits <thomaschristian@anonymised.com>:
I think I have a legitimate reason to ask the same question so hopefully
there is an easy way to do this.
I'm writing a .NET application that uses GeoServer and relies on Windows
Authentication. I need to use GeoServer's role-based security but I can't
ask the user to login using a GeoServer account after they've just logged in
with a Windows account.
My planned approach:
- Use IIS reverse proxy URL rewrites so that
http://dot.net.application/geoserver routes me through to Tomcat, removing
any cross-domain issues (because now my .NET application and GeoServer
appear on the same domain)
- .NET landing page uses Windows Authentication to verify identify
- .NET requests a new session from GeoServer (this is the bit I'm currently
interested in)
- Based on the Windows user's group .NET logs in to GeoServer with a known
username / password combination with appropriate permissions for that
Windows User Group (by posting to j_spring_security_check)
- Once logged-in .NET passes the GeoServer JSESSIONID cookie back to the
browser, so that the browser can hit http://…/geoserver as an
authenticated GeoServer user (due to the proxy approach this is not a
third-party cookie)
Providing authentication details in each request to GeoServer in an auth
header isn't an option because I don't want to send the encoded user / pass
combination out to the browser
If this sounds overly complex and there is a better approach I'd love to
hear about it. If not then currently I have to request
http://…/geoserver/web before GeoServer provides a new JSESSIONID. I'd
like an easier way of getting it if possible
--
View this message in context: http://osgeo-org.1560.n6.nabble.com/Getting-JSESSIONID-whithout-authentication-tp3795976p4983783.html
Sent from the GeoServer - User mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
On Tue, Jun 26, 2012 at 12:16 PM, <christian.mueller@anonymised.com> wrote:
Hi
The GeoServer 2.2.x security subsystem allows proxy authentication. Is
it possible for you to add a http header attribute with the user name
(password is NOT required)
Ah, interesting. Is this documented? Don’t see it here:
http://docs.geoserver.org/latest/en/user/security/auth/providers.html
Cheers
Andrea
–
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
No, it is not documented at the moment. I am working on it. There are a lot of security features not documented at the moment. (And a lot of core code with missing configuration panels on the GUI).
I am unsure about the 2.2.0 RC1 and where to commit my documentation changes. Is trunk ok ?. Or should I wait for RC1 and commit on the "new" trunk and on the 2.2.x branch ?.
Christian
Zitat von Andrea Aime <andrea.aime@anonymised.com>:
On Tue, Jun 26, 2012 at 12:16 PM, <christian.mueller@anonymised.com> wrote:
Hi
The GeoServer 2.2.x security subsystem allows proxy authentication. Is
it possible for you to add a http header attribute with the user name
(password is NOT required)
Ah, interesting. Is this documented? Don't see it here:
http://docs.geoserver.org/latest/en/user/security/auth/providers.html
Cheers
Andrea
--
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
On Tue, Jun 26, 2012 at 1:03 PM, <christian.mueller@anonymised.com> wrote:
No, it is not documented at the moment. I am working on it. There are a lot of security features not documented at the moment. (And a lot of core code with missing configuration panels on the GUI).
I am unsure about the 2.2.0 RC1 and where to commit my documentation changes. Is trunk ok ?. Or should I wait for RC1 and commit on the “new” trunk and on the 2.2.x branch ?.
See the proposal for time boxed releases, documentation changes are always welcomed (provided they are correct of course)
Cheers
Andrea
–
Ing. Andrea Aime
GeoSolutions S.A.S.
Tech lead
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 962313
mob: +39 339 8844549
http://www.geo-solutions.it
http://geo-solutions.blogspot.com/
http://www.youtube.com/user/GeoSolutionsIT
http://www.linkedin.com/in/andreaaime
http://twitter.com/geowolf