Hi Jesse,
I'm honestly not sure to what extent 2.3.x would leak layers through gwc,
since they're now backed by the catalog which for GetMap requests would be
a SecuredCatalog.
I would ask Kevin (cc'ed) to pair up with you if need be and you both can
assess it and tackle this issue <http://jira.codehaus.org/browse/GEOS-4217>
Basically the level of integration with the geosever security subsystem, at
least to the extent of my knowledge, has never been clearly defined let
alone implemented, but I think the new way gwc integrates with geoserver
should make it easier.
Cheers,
Gabriel.
P.S. Sorry I can't be of more help atm, fully booked, but Kevin's been
doing great progress on gwc issues and is actually the primary gwc
developer right now.
On Thu, Apr 4, 2013 at 8:25 AM, Jesse Eichar <[email protected]>wrote:
> Hi,
>
> As far as I know, the integrated GeoWebCache does not respect the
> Geoserver security rules. IE suppose layer 1 is protected. If a user
> accesses the layer via GeoWebCache (and the user has access) the layer will
> get cached. Then others will be able to access that layer via GeoWebCache
> (at least the cached data).
>
> Is that still the case in 2.3.x?
>
>
> If my understanding is correct, I am considering adding a spring
> AuthenticationProvider that will read the geoserver security files and
> secure layers in GeoWebCache requests so that data will not leak via
> GeoWebCache.
>
> A big problem I see with this solution is the case where a request
> contains multiple layers and one is secured. If the Geoserver security is
> set as HIDE then I would think the one layer should be hidden but the
> request should succeed.
>
> __Question:__ I would like to contribute the work back to Geoserver, how
> would you suggest I implement this functionality to maximize the chances of
> being able to contribute this back?
>
> Jesse
>
>
> ------------------------------------------------------------------------------
> Minimize network downtime and maximize team effectiveness.
> Reduce network management and security costs.Learn how to hire
> the most talented Cisco Certified professionals. Visit the
> Employer Resources Portal
> http://www.cisco.com/web/learning/employer_resources/index.html
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
--
Gabriel Roldan
OpenGeo - http://opengeo.org
Expert service straight from the developers.
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
