[Geoserver-users] Setting up layer-level security

Mark_Lidstone · September 9, 2008, 8:17am

Hi all,

I'm having trouble setting up layer level security in Geoserver 1.6.4.
Specifically, I can get to everything, no matter what I setup in the
properties files. The contents of my users.properties file is:

admin_user=admin_password,ROLE_ADMINISTRATOR
user=user_password,ROLE_USER

And layers.properties contains:

  *.*.r=ROLE_ADMINISTRATOR
  *.*.w=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_a.r=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_a.w=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_b.r=ROLE_USER
  namespace_prefix.feature_type_b.w=ROLE_ADMINISTRATOR
  mode=HIDE

The problem is that unauthenticated users and the "user" user can see
and query both namespace_prefix:feature_type_a and
namespace_prefix:feature_type_b. Am I missing something?

Many thanks,

Mark Lidstone
Tel: +44 (0)23 80232222; Fax: +44 (0)23 80232891

BMT Cordah Ltd
Grove House
7 Ocean Way
Ocean Village
Southampton
SO14 3TJ

BMT Cordah Ltd.
A member of the BMT group of companies
Registered Office: Investment House, 6 Union Row, Aberdeen AB10 1DQ
Registered in Scotland No. 163413
http://www.bmtcordah.com/
http://www.bmt.org/

The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT Cordah Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments, which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT Cordah Limited.

Andrea_Aime3 · September 9, 2008, 1:04pm

Mark Lidstone ha scritto:

Hi all,

I'm having trouble setting up layer level security in Geoserver 1.6.4.
Specifically, I can get to everything, no matter what I setup in the
properties files. The contents of my users.properties file is:

  admin_user=admin_password,ROLE_ADMINISTRATOR
  user=user_password,ROLE_USER

And layers.properties contains:

  *.*.r=ROLE_ADMINISTRATOR
  *.*.w=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_a.r=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_a.w=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_b.r=ROLE_USER
  namespace_prefix.feature_type_b.w=ROLE_ADMINISTRATOR
  mode=HIDE

The problem is that unauthenticated users and the "user" user can see
and query both namespace_prefix:feature_type_a and
namespace_prefix:feature_type_b. Am I missing something?

Just a detail: layer level security is supported only from 1.7.x series
onwards, it's not part of 1.6.x as far as I remember.

I would add mention of it to the wiki pages but at the moment I'm not
able to login (the wiki does not recognize my pwd, trying to reset it
I get no mail back with the newly generated pwd... Arne, any idea?).

Cheers
Andrea

Mark_Lidstone · September 11, 2008, 8:32am

That would kind of stop it working....

Many thanks for the reply,

Mark Lidstone
Tel: +44 (0)23 80232222; Fax: +44 (0)23 80232891

BMT Cordah Ltd
Grove House
7 Ocean Way
Ocean Village
Southampton
SO14 3TJ

-----Original Message-----
From: Andrea Aime [mailto:aaime@anonymised.com]
Sent: 09 September 2008 14:04
To: Mark Lidstone
Cc: geoserver-users@lists.sourceforge.net; Arne Kepp
Subject: Re: [Geoserver-users] Setting up layer-level security

Mark Lidstone ha scritto:

Hi all,

I'm having trouble setting up layer level security in Geoserver 1.6.4.
Specifically, I can get to everything, no matter what I setup in the
properties files. The contents of my users.properties file is:

  admin_user=admin_password,ROLE_ADMINISTRATOR
  user=user_password,ROLE_USER

And layers.properties contains:

  *.*.r=ROLE_ADMINISTRATOR
  *.*.w=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_a.r=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_a.w=ROLE_ADMINISTRATOR
  namespace_prefix.feature_type_b.r=ROLE_USER
  namespace_prefix.feature_type_b.w=ROLE_ADMINISTRATOR
  mode=HIDE

The problem is that unauthenticated users and the "user" user can see
and query both namespace_prefix:feature_type_a and
namespace_prefix:feature_type_b. Am I missing something?

Just a detail: layer level security is supported only from 1.7.x series
onwards, it's not part of 1.6.x as far as I remember.

I would add mention of it to the wiki pages but at the moment I'm not
able to login (the wiki does not recognize my pwd, trying to reset it I
get no mail back with the newly generated pwd... Arne, any idea?).

Cheers
Andrea

BMT Cordah Ltd.
A member of the BMT group of companies
Registered Office: Investment House, 6 Union Row, Aberdeen AB10 1DQ
Registered in Scotland No. 163413
http://www.bmtcordah.com/
http://www.bmt.org/

The contents of this e-mail and any attachments are intended only for the use of the e-mail addressee(s) shown. If you are not that person, or one of those persons, you are not allowed to take any action based upon it or to copy it, forward, distribute or disclose the contents of it and you should please delete it from your system. BMT Cordah Limited does not accept liability for any errors or omissions in the context of this e-mail or its attachments, which arise as a result of Internet transmission, nor accept liability for statements which are those of the author and not clearly made on behalf of BMT Cordah Limited.