Hello list,
I've got a handle on how to secure workspaces, layers, and services using the Geoserver UI and even by editing the .properties file.
But, is there a way to secure resources in the /www folder of geoserver?
I'd like to add security to a page that gets served out of the geoserver/www folder. Is there an easy way to make this happen?
I've reviewed lots of documentation on security in Geoserver, Jetty, ACEGI, and I'm simply overwhelmed!
It would be great if I could use the existing .properties 'model' and add a document like " pages.properties " and assign permissions to specific pages to specific Roles in that document. I've seen some on how to set this up in Jetty, but I'm not sure how to do it without interfering with the existing Geoserver security setup.
Thanks,
Ryan
Please keep threads on the users list. Google doesn't index my inbox just yet 
As for your question, this is my mistake. The rest security restrictions are only applied to urls under the /rest/ and /gwc/rest/ subsections of GeoServer. Adding basic auth to the www/ directory is something we could easily add, however. I'll raise an issue with the developers about this:
http://jira.codehaus.org/browse/GEOS-3951
As for the second half of your question, no, GeoServer doesn't have a GUI for this setting yet. You will have to create the rest.properties file by hand if you want to use it.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 03:04 PM, Ryan Williams wrote:
Thanks for the link,
I checked it out have more questions now.
The documentation says that the "REST security is available in versions greater than 2.0.1" is that correct? it looks like the latest version IS 2.0.1.
I installed 2.0.1 and the rest config extension to test it out and I don't see anything changes in the security setup.
Do I need to manually create the rest.properties file?
Should there be something in the Geoserver UI?
I'm assuming the rest security settings only apply to resources requested through rest, is this correct?
Thanks again,
Ryan
On 5/7/2010 11:28 AM, David Winslow wrote:
The REST security settings allow you to filter based on URL path; this should be perfect for static resources in the www/ directory.
http://docs.geoserver.org/stable/en/user/security/sec_rest.html
Hope this helps.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 12:25 PM, Ryan Williams wrote:
Hello list,
I've got a handle on how to secure workspaces, layers, and services
using the Geoserver UI and even by editing the .properties file.
But, is there a way to secure resources in the /www folder of geoserver?
I'd like to add security to a page that gets served out of the
geoserver/www folder. Is there an easy way to make this happen?
I've reviewed lots of documentation on security in Geoserver, Jetty,
ACEGI, and I'm simply overwhelmed!
It would be great if I could use the existing .properties 'model' and
add a document like " pages.properties " and assign permissions to
specific pages to specific Roles in that document. I've seen some on how
to set this up in Jetty, but I'm not sure how to do it without
interfering with the existing Geoserver security setup.
Thanks,
Ryan
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Thanks David,
I always forget to hit the 'reply all' instead of just 'reply'. Thanks for the reminder.
So, with regard to adding the /www/ to the security restrictions; looking at the patch file you attached to the issue report, is that something that any user can edit in an XML file, or is that something set inside a jar file or somewhere deeper?
Thanks again,
Ryan
On 5/7/2010 2:49 PM, David Winslow wrote:
Please keep threads on the users list. Google doesn't index my inbox just yet
As for your question, this is my mistake. The rest security restrictions are only applied to urls under the /rest/ and /gwc/rest/ subsections of GeoServer. Adding basic auth to the www/ directory is something we could easily add, however. I'll raise an issue with the developers about this:
http://jira.codehaus.org/browse/GEOS-3951
As for the second half of your question, no, GeoServer doesn't have a GUI for this setting yet. You will have to create the rest.properties file by hand if you want to use it.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 03:04 PM, Ryan Williams wrote:
Thanks for the link,
I checked it out have more questions now.
The documentation says that the "REST security is available in versions greater than 2.0.1" is that correct? it looks like the latest version IS 2.0.1.
I installed 2.0.1 and the rest config extension to test it out and I don't see anything changes in the security setup.
Do I need to manually create the rest.properties file?
Should there be something in the Geoserver UI?
I'm assuming the rest security settings only apply to resources requested through rest, is this correct?
Thanks again,
Ryan
On 5/7/2010 11:28 AM, David Winslow wrote:
The REST security settings allow you to filter based on URL path; this should be perfect for static resources in the www/ directory.
http://docs.geoserver.org/stable/en/user/security/sec_rest.html
Hope this helps.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 12:25 PM, Ryan Williams wrote:
Hello list,
I've got a handle on how to secure workspaces, layers, and services
using the Geoserver UI and even by editing the .properties file.
But, is there a way to secure resources in the /www folder of geoserver?
I'd like to add security to a page that gets served out of the
geoserver/www folder. Is there an easy way to make this happen?
I've reviewed lots of documentation on security in Geoserver, Jetty,
ACEGI, and I'm simply overwhelmed!
It would be great if I could use the existing .properties 'model' and
add a document like " pages.properties " and assign permissions to
specific pages to specific Roles in that document. I've seen some on how
to set this up in Jetty, but I'm not sure how to do it without
interfering with the existing Geoserver security setup.
Thanks,
Ryan
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
Ryan Williams, GISP
GIS Analyst / Programmer
PAQ Interactive Inc.
107 S State St., Suite 300
Monticello, IL 61856-1968
Office: (217) 762-7955
Mobile: (217) 722-2794
rwilliams@anonymised.com
That XML file is inside the main.jar that is included in the GeoServer .war.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 05:22 PM, Ryan Williams wrote:
Thanks David,
I always forget to hit the 'reply all' instead of just 'reply'. Thanks
for the reminder.
So, with regard to adding the /www/ to the security restrictions;
looking at the patch file you attached to the issue report, is that
something that any user can edit in an XML file, or is that something
set inside a jar file or somewhere deeper?
Thanks again,
Ryan
On 5/7/2010 2:49 PM, David Winslow wrote:
Please keep threads on the users list. Google doesn't index my inbox
just yet
As for your question, this is my mistake. The rest security
restrictions are only applied to urls under the /rest/ and /gwc/rest/
subsections of GeoServer. Adding basic auth to the www/ directory is
something we could easily add, however. I'll raise an issue with the
developers about this:
http://jira.codehaus.org/browse/GEOS-3951
As for the second half of your question, no, GeoServer doesn't have a
GUI for this setting yet. You will have to create the rest.properties
file by hand if you want to use it.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 03:04 PM, Ryan Williams wrote:
Thanks for the link,
I checked it out have more questions now.
The documentation says that the "REST security is available in
versions greater than 2.0.1" is that correct? it looks like the
latest version IS 2.0.1.
I installed 2.0.1 and the rest config extension to test it out and I
don't see anything changes in the security setup.
Do I need to manually create the rest.properties file?
Should there be something in the Geoserver UI?
I'm assuming the rest security settings only apply to resources
requested through rest, is this correct?
Thanks again,
Ryan
On 5/7/2010 11:28 AM, David Winslow wrote:
The REST security settings allow you to filter based on URL path;
this should be perfect for static resources in the www/ directory.
http://docs.geoserver.org/stable/en/user/security/sec_rest.html
Hope this helps.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 12:25 PM, Ryan Williams wrote:
Hello list,
I've got a handle on how to secure workspaces, layers, and services
using the Geoserver UI and even by editing the .properties file.
But, is there a way to secure resources in the /www folder of
geoserver?
I'd like to add security to a page that gets served out of the
geoserver/www folder. Is there an easy way to make this happen?
I've reviewed lots of documentation on security in Geoserver, Jetty,
ACEGI, and I'm simply overwhelmed!
It would be great if I could use the existing .properties 'model' and
add a document like " pages.properties " and assign permissions to
specific pages to specific Roles in that document. I've seen some
on how
to set this up in Jetty, but I'm not sure how to do it without
interfering with the existing Geoserver security setup.
Thanks,
Ryan
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
On 10-05-07 1:49 PM, David Winslow wrote:
Please keep threads on the users list. Google doesn't index my inbox
just yet
As for your question, this is my mistake. The rest security
restrictions are only applied to urls under the /rest/ and /gwc/rest/
subsections of GeoServer. Adding basic auth to the www/ directory is
something we could easily add, however. I'll raise an issue with the
developers about this:
http://jira.codehaus.org/browse/GEOS-3951
I thought as I implemented it any url mapped to the rest dispatcher should be securable... such as /api/*.. maybe I am wrong.
As for the second half of your question, no, GeoServer doesn't have a
GUI for this setting yet. You will have to create the rest.properties
file by hand if you want to use it.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 03:04 PM, Ryan Williams wrote:
Thanks for the link,
I checked it out have more questions now.
The documentation says that the "REST security is available in
versions greater than 2.0.1" is that correct? it looks like the latest
version IS 2.0.1.
I installed 2.0.1 and the rest config extension to test it out and I
don't see anything changes in the security setup.
Do I need to manually create the rest.properties file?
Should there be something in the Geoserver UI?
I'm assuming the rest security settings only apply to resources
requested through rest, is this correct?
Thanks again,
Ryan
On 5/7/2010 11:28 AM, David Winslow wrote:
The REST security settings allow you to filter based on URL path;
this should be perfect for static resources in the www/ directory.
http://docs.geoserver.org/stable/en/user/security/sec_rest.html
Hope this helps.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 12:25 PM, Ryan Williams wrote:
Hello list,
I've got a handle on how to secure workspaces, layers, and services
using the Geoserver UI and even by editing the .properties file.
But, is there a way to secure resources in the /www folder of
geoserver?
I'd like to add security to a page that gets served out of the
geoserver/www folder. Is there an easy way to make this happen?
I've reviewed lots of documentation on security in Geoserver, Jetty,
ACEGI, and I'm simply overwhelmed!
It would be great if I could use the existing .properties 'model' and
add a document like " pages.properties " and assign permissions to
specific pages to specific Roles in that document. I've seen some on
how
to set this up in Jetty, but I'm not sure how to do it without
interfering with the existing Geoserver security setup.
Thanks,
Ryan
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
I didn't try it out, but I see the restFilterInvocationInterceptor associated with /rest/** and /gwc/rest/** explicitly. It doesn't appear to be used in the /** catch-all filter chain, but maybe there is some magic involved?
if so, sorry for the noise. I'll actually try it out later today and get back to you.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/11/2010 10:44 AM, Justin Deoliveira wrote:
On 10-05-07 1:49 PM, David Winslow wrote:
Please keep threads on the users list. Google doesn't index my inbox
just yet
As for your question, this is my mistake. The rest security
restrictions are only applied to urls under the /rest/ and /gwc/rest/
subsections of GeoServer. Adding basic auth to the www/ directory is
something we could easily add, however. I'll raise an issue with the
developers about this:
http://jira.codehaus.org/browse/GEOS-3951
I thought as I implemented it any url mapped to the rest dispatcher
should be securable... such as /api/*.. maybe I am wrong.
As for the second half of your question, no, GeoServer doesn't have a
GUI for this setting yet. You will have to create the rest.properties
file by hand if you want to use it.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 03:04 PM, Ryan Williams wrote:
Thanks for the link,
I checked it out have more questions now.
The documentation says that the "REST security is available in
versions greater than 2.0.1" is that correct? it looks like the latest
version IS 2.0.1.
I installed 2.0.1 and the rest config extension to test it out and I
don't see anything changes in the security setup.
Do I need to manually create the rest.properties file?
Should there be something in the Geoserver UI?
I'm assuming the rest security settings only apply to resources
requested through rest, is this correct?
Thanks again,
Ryan
On 5/7/2010 11:28 AM, David Winslow wrote:
The REST security settings allow you to filter based on URL path;
this should be perfect for static resources in the www/ directory.
http://docs.geoserver.org/stable/en/user/security/sec_rest.html
Hope this helps.
--
David Winslow
OpenGeo - http://opengeo.org/
On 05/07/2010 12:25 PM, Ryan Williams wrote:
Hello list,
I've got a handle on how to secure workspaces, layers, and services
using the Geoserver UI and even by editing the .properties file.
But, is there a way to secure resources in the /www folder of
geoserver?
I'd like to add security to a page that gets served out of the
geoserver/www folder. Is there an easy way to make this happen?
I've reviewed lots of documentation on security in Geoserver, Jetty,
ACEGI, and I'm simply overwhelmed!
It would be great if I could use the existing .properties 'model' and
add a document like " pages.properties " and assign permissions to
specific pages to specific Roles in that document. I've seen some on
how
to set this up in Jetty, but I'm not sure how to do it without
interfering with the existing Geoserver security setup.
Thanks,
Ryan
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users