[Geoserver-users] Problem with secure layers and with different roles

GeoServer GeoServer User
1

Hello

I have tried to install both GeoServer 2.7.0 and 2.6.3 on Windows and have get the same problem in both cases.

I have two different workspaces and two different users that should have access to one of the workspaces each.

UserA should only see WorkspaceA and UserB should only see WorkspaceB!

I configure as good as I could, looking at those tutorial I have found, but when I look at the result from the client side (ArcView and QGIS) it doesn’t look as expected.

It seem as one of the users/workspaces take over from the other. It works with one login, but as soon as I add the next one the problem arise.

Do anyone know if there is a problem with GeoServer security with the configuration I use?

Best Regards

Johan

image002.png

···


Johan Hallgren
+46 (0)70 200 41 01



johan.hallgren@anonymised.com

GISZEAL AB



www.giszeal.se

logo-red
2

On Mon, Apr 27, 2015 at 12:54 PM, Johan Hallgren <johan.hallgren@anonymised.com>
wrote:

Hello

I have tried to install both GeoServer 2.7.0 and 2.6.3 on Windows and have
get the same problem in both cases.

I have two different workspaces and two different users that should have
access to one of the workspaces each.

UserA should only see WorkspaceA and UserB should only see WorkspaceB!

I configure as good as I could, looking at those tutorial I have found,
but when I look at the result from the client side (ArcView and QGIS) it
doesn’t look as expected.

It seem as one of the users/workspaces take over from the other. It works
with one login, but as soon as I add the next one the problem arise.

What do you mean by "take over"?
Are you sure the extra layers you're seeing are not global layer groups?

If that's not the case, can you provide step by step instructions on how
to reproduce using the GeoServer
standard install, it already comes with a few workspaces you can use.

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

3

Ohh, differens problems.

I reinstalled 2.6.3. I get the feeling that it worked better there.

Now it seems to work better when I use QGIS.

I also want it to work with ArcGIS (10.2.2).

The data-security looks like:

In ArcGIS GetLayers (GetCapabilities) doesn’t show any layers. Even if I give the right password. It only shows public layers.

I also tried to change the catalog mode to MIXED or CHALLENGE but with CHALLENGE mode I get the massage Failed to connect to the server.

Do you know if there is some special settings in GeoServer for ArcGIS clients?

/Johan

image004.png

image002.png

···


Johan Hallgren
+46 (0)70 200 41 01



johan.hallgren@…7037…

GISZEAL AB



www.giszeal.se

logo-red

From: andrea.aime@…84… [mailto:andrea.aime@…84…] On Behalf Of Andrea Aime
Sent: den 27 april 2015 13:59
To: Johan Hallgren
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Problem with secure layers and with different roles

On Mon, Apr 27, 2015 at 12:54 PM, Johan Hallgren <johan.hallgren@…7037…> wrote:

Hello

I have tried to install both GeoServer 2.7.0 and 2.6.3 on Windows and have get the same problem in both cases.

I have two different workspaces and two different users that should have access to one of the workspaces each.

UserA should only see WorkspaceA and UserB should only see WorkspaceB!

I configure as good as I could, looking at those tutorial I have found, but when I look at the result from the client side (ArcView and QGIS) it doesn’t look as expected.

It seem as one of the users/workspaces take over from the other. It works with one login, but as soon as I add the next one the problem arise.

What do you mean by “take over”?

Are you sure the extra layers you’re seeing are not global layer groups?

If that’s not the case, can you provide step by step instructions on how to reproduce using the GeoServer

standard install, it already comes with a few workspaces you can use.

Cheers

Andrea

==

GeoServer Professional Services from the experts! Visit

http://goo.gl/NWWaa2 for more information.

==

Ing. Andrea Aime

@geowolf

Technical Lead

GeoSolutions S.A.S.

Via Poggio alle Viti 1187

55054 Massarosa (LU)

Italy

phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

http://www.geo-solutions.it

http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

4

On Tue, Apr 28, 2015 at 9:35 AM, Johan Hallgren <johan.hallgren@anonymised.com>
wrote:

I also tried to change the catalog mode to MIXED or CHALLENGE but with
CHALLENGE mode I get the massage *Failed to connect to the server*.

Do you know if there is some special settings in GeoServer for ArcGIS
clients?

Personally I don't, no ESRI software here, but as a reference, for software
that have problems using
http basic authentication we have the authkey module as an alternative:
http://docs.geoserver.org/2.6.x/en/user/community/authkey/index.html

But probably other people on this mailing list have experience with ArcGIS

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

5

Hello again

I couldn’t find the “authentication filter named authkey”.

This is what I have:

/johan

image001.png

image002.png

···


Johan Hallgren
+46 (0)70 200 41 01



johan.hallgren@…7037…

GISZEAL AB



www.giszeal.se

logo-red

From: andrea.aime@…84… [mailto:andrea.aime@…84…] On Behalf Of Andrea Aime
Sent: den 28 april 2015 09:47
To: Johan Hallgren
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Problem with secure layers and with different roles

On Tue, Apr 28, 2015 at 9:35 AM, Johan Hallgren <johan.hallgren@…7037…> wrote:

I also tried to change the catalog mode to MIXED or CHALLENGE but with CHALLENGE mode I get the massage Failed to connect to the server.

Do you know if there is some special settings in GeoServer for ArcGIS clients?

Personally I don’t, no ESRI software here, but as a reference, for software that have problems using

http basic authentication we have the authkey module as an alternative:

http://docs.geoserver.org/2.6.x/en/user/community/authkey/index.html

But probably other people on this mailing list have experience with ArcGIS

Cheers

Andrea

==

GeoServer Professional Services from the experts! Visit

http://goo.gl/NWWaa2 for more information.

==

Ing. Andrea Aime

@geowolf

Technical Lead

GeoSolutions S.A.S.

Via Poggio alle Viti 1187

55054 Massarosa (LU)

Italy

phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

http://www.geo-solutions.it

http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

6

On Tue, Apr 28, 2015 at 11:16 AM, Johan Hallgren <johan.hallgren@anonymised.com>
wrote:

Hello again

I couldn’t find the “authentication filter named authkey”.

Did you install the authkey community module first? :slight_smile:

Being a community module, you can only find it among the nightly builds:
http://ares.boundlessgeo.com/geoserver/2.6.x/community-latest/geoserver-2.6-SNAPSHOT-authkey-plugin.zip

I still hope others will chime in regarding ArcGis behavior, the authkey
module is unfortunately unsupported (as all community modules).

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

7

Sorry, didn’t understand and couldn’t find the informationL

Thanks!

/Johan

image001.png

···


Johan Hallgren
+46 (0)70 200 41 01



johan.hallgren@…7037…

GISZEAL AB



www.giszeal.se

logo-red

From: andrea.aime@…84… [mailto:andrea.aime@…84…] On Behalf Of Andrea Aime
Sent: den 28 april 2015 11:22
To: Johan Hallgren
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Problem with secure layers and with different roles

On Tue, Apr 28, 2015 at 11:16 AM, Johan Hallgren <johan.hallgren@…7037…> wrote:

Hello again

I couldn’t find the “authentication filter named authkey”.

Did you install the authkey community module first? :slight_smile:

Being a community module, you can only find it among the nightly builds:

http://ares.boundlessgeo.com/geoserver/2.6.x/community-latest/geoserver-2.6-SNAPSHOT-authkey-plugin.zip

I still hope others will chime in regarding ArcGis behavior, the authkey module is unfortunately unsupported (as all community modules).

Cheers

Andrea

==

GeoServer Professional Services from the experts! Visit

http://goo.gl/NWWaa2 for more information.

==

Ing. Andrea Aime

@geowolf

Technical Lead

GeoSolutions S.A.S.

Via Poggio alle Viti 1187

55054 Massarosa (LU)

Italy

phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

http://www.geo-solutions.it

http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.