[Geoserver-users] MapFish printing component and GeoServer secured layers

Hi list

I am trying to figure out why the MapFish printing GeoServer plugin is
not working for secured layers, while it is working perfectly for
public ones.
Not sure if this should be better asked in the MapFish list, if so
please bear with my request

This is the request I am doing:

$ curl --data @spec.json http://localhost:8080/geoserver/pdf/create.json

spec.json file:

{
    "comment": "a test map",
    "dpi": 75,
    "layers": [
        {
            "baseURL": "http://otile1.mqcdn.com/tiles/1.0.0/osm/",
            "extension": "png",
            "maxExtent": [
                -20037508.3392,
                -20037508.3392,
                20037508.3392,
                20037508.3392
            ],
            "opacity": 1,
            "resolutions": [
                156543.03390625,
                78271.516953125,
                ...
            ],
            "tileSize": [
                256,
                256
            ],
            "type": "OSM"
        },
        {
            "baseURL": "http://localhost:8080/geoserver/wms",
            "customParams": {
                "TILED": true,
                "TRANSPARENT": true
            },
            "format": "image/png",
            "layers": [
                "test:countries"
            ],
            "opacity": 1,
            "singleTile": false,
            "styles": [
                ""
            ],
            "type": "WMS"
        }
    ],
    "layout": "A4 portrait",
    "mapTitle": "My map",
    "outputFilename": "mytest",
    "outputFormat": "png",
    "pages": [
        {
            "center": [
                -8277212.9169935,
                293518.18777423
            ],
            "rotation": 0,
            "scale": 4000000
        }
    ],
    "srs": "EPSG:900913",
    "units": "m"
}

The request is working perfectly if the test:countries layer is public.

When the same layer is private, I cannot find a way for MapFish to
access it, and the layer is not displayed in the output.

Passing the basic auth credentials in header it is not working:

$ curl -H "Content-Type: application/json" --data @spec.json --header
"Authorization: Basic YWRtaW46Z2Vvc2VydmVy"
http://localhost:8080/geoserver/pdf/create.json

Same results passing the credentials in wms url:

spec.json file:
...
{
"baseURL": "http://admin:geoserver@anonymised.com:8080/geoserver/wms",
"customParams": {
"TILED": true,
...

any hint would be very appreciated

thanks in advance

p

--
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti

The MapFish printing extension is a very simple one - it does not have any special GeoServer integration. In fact it makes HTTP requests to GeoServer the same as it would if you were running the MapFish print servlet separately.

This means that accessing secured layers is a weak point. I’m not sure but it might be possible to configure the print servlet with a user name and password for GeoServer requests, but it would probably be difficult to have it propagate credentials from the user who actually requests the printing. It would probably be interesting to look into ways to have the embedded Mapfish access the GeoServer catalog directly instead of making map requests via HTTP. Because the catalog enforces security restrictions, this should bring security integration along with it “for free.”