Hi All
I need to be able to only allow certain users access to specific layers in
my Mapfish application. I've configured layer level security - and this
works perfectly in the Geoserver admin interface etc. To authenticate the
user in Mapfish for each layer, I used the mode=MIXED directive in
layer.properties. IE works fine - it opens a prompt for username and
password etc. Fierefox (v3.011), however pops up hundreds of these prompts
(supposedly as each AJAX request for a tile reaches the server). So I
thought about approaching it a different way - providing a login box for the
user that would then authenticate against geoserver setting the URL in the
Ext XHR to '/geoserver/j_acegi_security_check'. This seems to work i.t.o.
authenticating the user - in firebug, the server returns
'/geoserver/admin/login.do?login_error=1' with and incorrect username and
password and '/geoserver' with a correct combination. However, I am (either
way) unable to trap the 200 OK response (i.e. success:true) from the server.
After this long story, I have some questions:
1. could you create a REST service that handles the authentication and sends
the success:true response?
2. if this is possible - how would you do it?
3. I've read a bit about acegi and LDAP - has anybody come right with using
this in combo with Geoserver?
4. In front of my Mapfish application I have a Wordpress site - could I use
Wordpress's php/mysql authentication and apply it to Geoserver i.t.o. layer
level authentication?
Any help would be greatly appreciated - I'm kinda a newbie to authentication
mechanisms - maybe someone can point me in the right direction i.t.o.
understanding how this stuff works?
Thanks
Regards
Glenn
--
View this message in context: http://www.nabble.com/Layer-Level-security-in-Mapfish-application-tp24411948p24411948.html
Sent from the GeoServer - User mailing list archive at Nabble.com.