Hi,
i read a lot of documentation about securing GeoServer, roles and users, but i’m still confused.
This is what i have and want to have. I have Geoserver with 3 Vector-Layers served to an openlayers client. Both on the same machine, ead only. But i want to achieve that only the “openlayers client” can read the layers and nobody else, like for example somebody copies the wfs url into its gis and exports the layers to his harddisk.
I’m sure, somebody before had faced this problem and maybe wrote an tutorial or can give me hints/links which steps i have to perform.
Thanks and greetz
Christian
Hi Christian
Before writing a long essay please answer the following question:
Do you want to authenticate your open layers app or each user individually.
Authenticating the app means that everybody who can use the app is authenticated.
Cheers Christian
···
2013/4/29 <cromail@anonymised.com>
Hi,
i read a lot of documentation about securing GeoServer, roles and users, but i’m still confused.
This is what i have and want to have. I have Geoserver with 3 Vector-Layers served to an openlayers client. Both on the same machine, ead only. But i want to achieve that only the “openlayers client” can read the layers and nobody else, like for example somebody copies the wfs url into its gis and exports the layers to his harddisk.
I’m sure, somebody before had faced this problem and maybe wrote an tutorial or can give me hints/links which steps i have to perform.
Thanks and greetz
Christian
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi,
yes, the idea was to authenticate only the openlayers app. There are too many users and uregistered users should see the layers served by GeoServer too. But for example, they should not be able to download the whole dataset while acces the WFS via QGIS, etc.
I thougt, there might be something like authorize openlayers to geoserver with user/pw and hide the pw that i can not be seen by users sniffing in the code ?
···
2013/4/29 cromail@anonymised.com
Hi,
i read a lot of documentation about securing GeoServer, roles and users, but i’m still confused.
This is what i have and want to have. I have Geoserver with 3 Vector-Layers served to an openlayers client. Both on the same machine, ead only. But i want to achieve that only the “openlayers client” can read the layers and nobody else, like for example somebody copies the wfs url into its gis and exports the layers to his harddisk.
I’m sure, somebody before had faced this problem and maybe wrote an tutorial or can give me hints/links which steps i have to perform.
Thanks and greetz
Christian
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
Hi Christian
This is a chicken & egg problem. If your open layers app wants to authenticate, you need a shared secret known only by your app and GeoServer. The problem is that you have to store this secret within your open layers app. Since the code is visible to anybody, you cannot protect this secret.
What you can do is allow access to WMS to public and restrict access to WFS. If your open layers app does not use WFS, this is the simplest way to go.
Cheers
Christian
···
2013/4/30 <cromail@anonymised.com>
Hi,
yes, the idea was to authenticate only the openlayers app. There are too many users and uregistered users should see the layers served by GeoServer too. But for example, they should not be able to download the whole dataset while acces the WFS via QGIS, etc.
I thougt, there might be something like authorize openlayers to geoserver with user/pw and hide the pw that i can not be seen by users sniffing in the code ?
Gesendet: Dienstag, 30. April 2013 um 09:42 Uhr
Von: “Christian Mueller” <christian.mueller@anonymised.com>
An: cromail@anonymised.com
Cc: “geoserver-users@lists.sourceforge.net” <geoserver-users@lists.sourceforge.net>
Betreff: Re: [Geoserver-users] restricted acces to layers
Hi Christian
Before writing a long essay please answer the following question:
Do you want to authenticate your open layers app or each user individually.
Authenticating the app means that everybody who can use the app is authenticated.
Cheers Christian
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
Geoserver-users mailing list
Geoserver-users@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
2013/4/29 <cromail@anonymised.com>
Hi,
i read a lot of documentation about securing GeoServer, roles and users, but i’m still confused.
This is what i have and want to have. I have Geoserver with 3 Vector-Layers served to an openlayers client. Both on the same machine, ead only. But i want to achieve that only the “openlayers client” can read the layers and nobody else, like for example somebody copies the wfs url into its gis and exports the layers to his harddisk.
I’m sure, somebody before had faced this problem and maybe wrote an tutorial or can give me hints/links which steps i have to perform.
Thanks and greetz
Christian
Try New Relic Now & We’ll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH