[Geoserver-devel] [JIRA] (GEOS-7338) Bugs in Layer security with catalog mode HIDE denying access

[JIRA]

Title: Message Title

Dominik Gärner created an issue   GeoServer / GEOS-7338 Bugs in Layer security with catalog mode HIDE denying access Issue Type: Bug Affects Versions: 2.7.3 Assignee: Unassigned Created: 07/Dec/15 9:53 AM Environment: Clean Geoserver Install on Win 7 64bit Priority: Medium Reporter: Dominik Gärner Hi, I found some inconsistencies when setting up a security for single layers. What I want is, for a specific role and workspace, to set up something like: “Hide/restrict access to all layers except of…” With a simple set up for the “topp" workspace it would look like this: ..r=* ..w=* topp.*.r=ADMIN,GROUP_ADMIN topp.states.r=TEST mode=HIDE A GetCapabilities request (and also the layer preview in the browser) for a TEST-user looks like what I’d expect: he sees only the topp.states layer from the topp workspace. But the access to it is still restricted, giving me a 404:resource not available. Now, setting the mode=CHALLENGE, I can access topp.states. But this workaround isn’t what I want because it exposes all the layers to a getCapabilities request. This looks like a wrong behaviour of Geoserver. My tested Geoserver versions are 2.7.3 and an earlier version (2.6.1 I think) Here are the requests and results I tried so far: From the layer preview dialog (resource based URL): [1] WMS getMap (1.1.1)  error 404 [2] WFS getFeature (1.0.0)  error 404 Other requests (with URL …/wfs... ) [3] WFS describeFeatureType (1.1.0)  response: <ows:ExceptionText>Could not find type: {http://www.opengeospatial.net/cite} states</ows:ExceptionText> [4] WFS getFeature (1.1.0)  response: <ows:ExceptionText>Unknown namespace [topp]</ows:ExceptionText> And to make it interesting, I found something that works in one way (with URL …/wms) and doesn’t in another (with URL …/topp/wms) [5] WMS getMap (1.3.0)  works! [6] WMS getMap (1.3.0)  error 404 Just to make it clear: the results listed above are with the TEST user & mode=HIDE. All requests do work with an admin user or with TEST user & mode=CHALLENGE. Best Regards Dominik [1] http://localhost:8090/geoserver/topp/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&FORMAT=image%2Fpng&TRANSPARENT=true&LAYERS=topp%3Astates&STYLES&SRS=EPSG%3A4326&WIDTH=768&HEIGHT=330&BBOX=-129.814453125%2C23.115234375%2C-62.314453125%2C52.119140625 [2] http://localhost:8090/geoserver/topp/ows?service=WFS&version=1.0.0&request=GetFeature&typeName=topp:states&maxFeatures=50&outputFormat=application%2Fgml%2Bxml%3B+version%3D3.2 [3] http://localhost:8090/geoserver/wfs?service=WFS&version=1.1.0&request=DescribeFeatureType&typename=topp:states [4] http://localhost:8090/geoserver/wfs?service=WFS&version=1.1.0&request=GetFeature&maxfeatures=3&srsname=EPSG:3857&typename=topp:states [5] http://localhost:8090/geoserver/wms?version=1.3.0&request=GetMap&CRS=CRS:84&WIDTH=768&HEIGHT=330&LAYERS=topp:states&STYLES=&TRANSPARENT=TRUE&FORMAT=image/png&BBOX=-129.814453125%2C23.115234375%2C-62.314453125%2C52.119140625 [6] http://localhost:8090/geoserver/topp/wms?version=1.3.0&request=GetMap&CRS=CRS:84&WIDTH=768&HEIGHT=330&LAYERS=topp:states&STYLES=&TRANSPARENT=TRUE&FORMAT=image/png&BBOX=-129.814453125%2C23.115234375%2C-62.314453125%2C52.119140625 Add Comment   This message was sent by Atlassian JIRA (v7.1.0-OD-02-030#71001-sha1:2ba8c0f)

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel