Hi,
with geoserver 2.2.2, using http header auth filter and http basic auth filter (in that order) it seems i'm unable to PUT styles via REST API.
rest.properties is configured to allow ROLE_AUTHENTICATED to use PUT/POST/DELETE.
/**;GET=ROLE_ANONYMOUS,ROLE_AUTHENTICATED
/**;POST,DELETE,PUT=ROLE_AUTHENTICATED
I'm able to PUT styles if only if the user has ROLE_ADMINISTRATOR, but of course i cant grant administrator access to all my users.
curl -v -XPUT -H"sec-username:foo" -H "Content-type: application/vnd.ogc.sld+xml; charset=UTF-8" --data @/tmp/ZAC.sld http://localhost:8080/geoserver/rest/workspaces/public/styles/ZAC_style
-> 404
curl -v -XPUT -H"sec-username:foo" -H "sec-roles:ROLE_ADMINISTRATOR" -H "Content-type: application/vnd.ogc.sld+xml; charset=UTF-8" --data @/tmp/ZAC.sld http://localhost:8080/geoserver/rest/workspaces/public/styles/ZAC_style
-> 200
I've tried global and workspace-specific styles, no luck. Is there a way to configure geoserver that way ?
Another strange issue i've found : the REST api doesnt return the same info if the user has ROLE_ADMINISTRATOR or not, with the default data ACL :
layers.properties
*.*.r=*
*.*.w=*
mode=CHALLENGE
curl -v -H "sec-username:foo" -H "sec-roles:ROLE_FOO" http://localhost:8080/geoserver/rest/layers/
-> no layers
curl -v -H "sec-username:foo" -H "sec-roles:ROLE_ADMINISTRATOR" http://localhost:8080/geoserver/rest/layers/
-> list all layers
I see some layers as foo user if i add a data ACL like
topp.*.r=ROLE_ANONYMOUS
curl -v -H "sec-username:foo" -H "sec-roles:ROLE_FOO" http://localhost:8080/geoserver/rest/layers/
-> shows layers from topp workspace.
BUT if i set the ACL to
topp.*.r=ROLE_AUTHENTICATED
the same request still shows no layers.
Is it an expected behaviour ? is ROLE_AUTHENTICATED not set by the http header or http auth filter while it should ?
--
Landry Breuil