Hi everyone!

I have a question about REST configuration.

Is it possible to allow a GET request to a featureType description from anonymous access, without give ADMIN permission to the workspace?

This is the scenario:

I have a workspace (“proj_base”) which is public. Actually, I have no rules defined for this workspace in layers.properties. So anyone can see the layers in GetCapabilities and request a GetMap to WMS. But only admin user can edit featuretypes.

What I want now is to perform a rest request to get a featuretype description of these layers, to show users (or anyone who access my application) some metadata, like title, abstract, srs, bounding box…

My current rest.properties file have these rules:

/;GET=ROLE_AUTHENTICATED
/;POST,DELETE,PUT=ADMINISTRADOR

The only way I was able to give access to the featuretype description via REST was defining an ADMIN permission to the workspace…

But I don’t want to let anyone modify the public layers (the allowed users can modify the featuretypes via geoserver interface… although I’m looking for restrict access to this interface, I’d like to prevent editing by rules).

Is there a way to achieve this?

Thanks in advance,

Rodrigo C. Antonialli

Rio Claro - SP - Brasil
LinkedIn: http://www.linkedin.com/in/rcantonialli
Contato: (19) 98136-2347
rcantonialli@anonymised.com
Skype: rc_antonialli

On Wed, Feb 5, 2014 at 12:42 PM, Rodrigo Antonialli
<rcantonialli@anonymised.com>wrote:

Hi everyone!

I have a question about REST configuration.

Is it possible to allow a GET request to a featureType description from
anonymous access, without give ADMIN permission to the workspace?

No. I believe that when the "admin per workspace" work was carried out all
ability to give access to REST to non admin users
was lost (
http://geoserver.org/display/GEOS/GSIP+74+-+Finer+Grained+Admin+Security),
I've discovered that later when upgrading
our GeoServer training material. Not sure if the change was intended or was
a side effect, the GSIP does not say it explicitly.

Cheers
Andrea

--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

Hi Andrea,

Thanks for that info!

So, to make this, I’m trying to implement a WPS that receives the layer name, the output format and the username that is requesting the featuretype description.

The process is checking permissions accessing user info at database (configured as JDBC at Geoserver) and layers.properties file. It looks like this will solve this situation.

(Actually, we are using WPS for many other things than geometric/geographic processes)

Regards,

On Thu, Feb 6, 2014 at 5:29 PM, Rodrigo Antonialli
<rcantonialli@anonymised.com>wrote:

Hi Andrea,

Thanks for that info!

So, to make this, I'm trying to implement a WPS that receives the layer
name, the output format and the username that is requesting the featuretype
description.

The process is checking permissions accessing user info at database
(configured as JDBC at Geoserver) and layers.properties file. It looks like
this will solve this situation.

(Actually, we are using WPS for many other things than
geometric/geographic processes)

Wondering, what is missing from a WFS DescribeFeatureType and/or a WCS
DescribeCoverage?

Cheers
Andrea

--
== Our support, Your Success! Visit http://opensdi.geo-solutions.it for
more information ==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------