Best ask on the user list, the security system has been changed for GeoServer 2.2 and we are all learning how to make use of it.
If you would like direct email support, the website has a number of server providers (such as my employer) - perhaps there is an organisation in your area?
ā
Jody Garnett
On Wednesday, 12 December 2012 at 8:27 AM, manas kar wrote:
Hi Jody,
I am very new to java programming and more so in spring security so my question might be lame.
I was wondering if I could get some help or guidance regarding how to use authkey with geoserver.
I have a geoserver installation that works fine with authkey if I choose anonymous authentication in the filter chain.
As soon as I turn on basic authentication, the browser asks for credentials before the authkey module is even hit.
My requirement is to make OGC calls to go via authkey and then basic authentication.
Is there a out of the box way to do it or I shall have to write a custom AuthenticationFilter and put it before basic in the filter chain?
Not sure if I can solve your problem, but some facts you should know.
The authkey module is not tested/integrated into the new sucurity subsystem and a chance to do this is on GeoServer 2.3 series (for my part, if I can find some time or a sponsor).
I assume you removed the anonymous filter from the filter chain and you have a basic auth filter on these chains. The last authentication filter on a chain determines how to challenge for credentials. Assuming this configuration, GeoServer sends back a basic auth challenge to the browser. After entering username/credentials, the browser should send the http auth header for each request. The behaviour you described is correct.
the first paragraph states that there is no basic auth support.
I assume, authkey works only with an anonymous filter and an authkey URL parameter passed in the first request, but I am not sure here.
Hope that helps
Zitat von Jody Garnett <jody.garnett@anonymised.com>:
Best ask on the user list, the security system has been changed for GeoServer 2.2 and we are all learning how to make use of it.
If you would like direct email support, the website has a number of server providers (such as my employer) - perhaps there is an organisation in your area?
--
Jody Garnett
On Wednesday, 12 December 2012 at 8:27 AM, manas kar wrote:
Hi Jody,
I am very new to java programming and more so in spring security so my question might be lame.
I was wondering if I could get some help or guidance regarding how to use authkey with geoserver.
I have a geoserver installation that works fine with authkey if I choose anonymous authentication in the filter chain.
As soon as I turn on basic authentication, the browser asks for credentials before the authkey module is even hit.
My requirement is to make OGC calls to go via authkey and then basic authentication.
Is there a out of the box way to do it or I shall have to write a custom AuthenticationFilter and put it before basic in the filter chain?
Thanks in advance.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
This is the right way to go. Your filter should look for the "authKey" parameter and if present, authenticate the user. Then pass the http request to the next filter.
You can add this functionally in
src/community/authkey/
New filter classes are injected using Spring. Unfortunately, until now, there is no description how to add new authentication filters in the developer guide, you have to do some investigations.
If you like I can assist / review your code.
Thanks Christian.
Am I right in thinking , I should be able to create a filter (a custom one
that does exactly what authkey module does and upon authentication modifies
the request header) and fit it in filter chain before basic filter.
Do you think it might work for my requirement till Geoserver 2.3 comes out?
Once again I really appreciate your help on this.
..Manas
On Wed, Dec 12, 2012 at 9:00 AM, <christian.mueller@anonymised.com> wrote:
Hi Manas
Not sure if I can solve your problem, but some facts you should know.
The authkey module is not tested/integrated into the new sucurity
subsystem and a chance to do this is on GeoServer 2.3 series (for my part,
if I can find some time or a sponsor).
I assume you removed the anonymous filter from the filter chain and you
have a basic auth filter on these chains. The last authentication filter
on a chain determines how to challenge for credentials. Assuming this
configuration, GeoServer sends back a basic auth challenge to the browser.
After entering username/credentials, the browser should send the http auth
header for each request. The behaviour you described is correct.
the first paragraph states that there is no basic auth support.
I assume, authkey works only with an anonymous filter and an authkey URL
parameter passed in the first request, but I am not sure here.
Hope that helps
Zitat von Jody Garnett <jody.garnett@anonymised.com>:
Best ask on the user list, the security system has been changed for
GeoServer 2.2 and we are all learning how to make use of it.
If you would like direct email support, the website has a number of
server providers (such as my employer) - perhaps there is an
organisation in your area?
--
Jody Garnett
On Wednesday, 12 December 2012 at 8:27 AM, manas kar wrote:
Hi Jody,
I am very new to java programming and more so in spring security so my
question might be lame.
I was wondering if I could get some help or guidance regarding how to
use authkey with geoserver.
I have a geoserver installation that works fine with authkey if I
choose anonymous authentication in the filter chain.
As soon as I turn on basic authentication, the browser asks for
credentials before the authkey module is even hit.
My requirement is to make OGC calls to go via authkey and then basic
authentication.
Is there a out of the box way to do it or I shall have to write a
custom AuthenticationFilter and put it before basic in the filter chain?
Thanks in advance.
------------------------------**------------------------------**----
This message was sent using IMP, the Internet Messaging Program.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.