Hi,
What methods can be applied to isolate the geoserver usage to only a
set of allowed clients or client contexts? Serving WMS publicly is a
requirement, otherwise the viewer can't access it.
Within HTTP this problem has been "fixed" by implementing referal
checks. Can anything similar be done within Geoserver/wms, or is a
manual lockdown (xml firewall) needed?
Kind regards,
Pieter
Pieter Jansen ha scritto:
Hi,
What methods can be applied to isolate the geoserver usage to only a
set of allowed clients or client contexts? Serving WMS publicly is a
requirement, otherwise the viewer can't access it.Within HTTP this problem has been "fixed" by implementing referal
checks. Can anything similar be done within Geoserver/wms, or is a
manual lockdown (xml firewall) needed?
In GeoServer 1.6.x we have a prototype of role based access control
that can be used to limit access to clients, and it's using http
basic authentication as the means to check the user identity.
Yet, as you say, some clients aren't able to use it.
I don't know what referral checks are thought... did a search on
Google, found nothing. Care to elaborate? 
Cheers
Andrea