Hi,
As far as I know, the integrated GeoWebCache does not respect the Geoserver
security rules. IE suppose layer 1 is protected. If a user accesses the
layer via GeoWebCache (and the user has access) the layer will get cached.
Then others will be able to access that layer via GeoWebCache (at least
the cached data).
Is that still the case in 2.3.x?
If my understanding is correct, I am considering adding a spring
AuthenticationProvider that will read the geoserver security files and
secure layers in GeoWebCache requests so that data will not leak via
GeoWebCache.
A big problem I see with this solution is the case where a request contains
multiple layers and one is secured. If the Geoserver security is set as
HIDE then I would think the one layer should be hidden but the request
should succeed.
__Question:__ I would like to contribute the work back to Geoserver, how
would you suggest I implement this functionality to maximize the chances of
being able to contribute this back?
Jesse
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
