Maybe something like this, though then I wouldn't need spring security at all anymore.. http://wiki.deegree.org/deegreeWiki/iGeoSecurity
Maybe I could grab the proxy part out of that package.. I wouldn't want to build all from the scratch again. - mika - On Fri, 02 Dec 2011 06:04:48 +0100, [email protected] wrote: > Zitat von Mika Lehtonen <[email protected]>: > >> Hi, >> in that case, Geoserver services made public, anyone could delete my >> database table rows through wfs-t? > > Not if you can protect wfs-t using url patterns as described by the > J2EE specification. But I am not sure that this works. > >> >> One solution could be isolating geoserver and allowing client to use >> it >> only through proxy service in my app, that would be controlled by >> the >> spring security framework, right? > > Yep, this will work. First disable geoserver security completely as > described here > http://docs.geoserver.org/latest/en/user/security/sec_disable.html > > Second isolate geoserver from public access. If your webapp is taking > the role of a security proxy, you can do anything you need. Good idea > !!! > > Hope this helps > Christian > > >> >> - mika - >> >> P.S. Passing the question into geoserver users list.. >> >> >> 1.12.2011 17:39, [email protected] kirjoitti: >>> Hi Mika,you should stay on the geoserver users list. You are >>> missing the chance that another developer had the same problems and >>> found a solution. >>> >>> Anyways, the situation is not easy. If I got you right, your web >>> app uses spring security. Normally, web applications have different >>> class loaders isolating classes loaded by one app from the others. >>> This makes sense since you may need another version of spring >>> security than geoserver. >>> >>> A clean solution may be to NOT use spring security in your web app >>> and have all geoserver services public. (This is out of the box). >>> Instead use the tomcat user/role service. You can protect a web app >>> based on URL patterns. If you find a possibility to use the tomcat >>> security module you will have no problems updating geoserver in the >>> future. >>> >>> Look here for a starting point >>> http://www.oxxus.net/tutorials/tomcat/security-realms >>> >>> Christian >>> >>> Zitat von [email protected]: >>> >>>> >>>> >>>> >>>> On Thu, 01 Dec 2011 15:11:32 +0100, [email protected] >>>> wrote: >>>>> Zitat von [email protected]: >>>>> >>>>>> >>>>>> Hi Christian, >>>>>> I once contacted you and asked advice on the issue mentioned on >>>>>> the >>>>>> topic. I never replied to you, I am sorry. >>>>>> Things come and go, but now I am facing the same challenge. >>>>>> >>>>>> I wrote an application which utilizes Geoserver services. The >>>>>> app is >>>>>> mainly written in javascript but uses jsp-pages. I implemented >>>>>> Spring >>>>>> Security 3 framework in order to create services, which are only >>>>>> available for the authenticated users. For example only >>>>>> authenticated >>>>>> users should be able to use WFS-T service. How that could be >>>>>> done? I >>>>>> don't want to open WFS-T for everyone. So can I somehow forward >>>>>> my >>>>>> authentication/authorization rights to Geoserver which will be >>>>>> running >>>>>> under the same Tomcat? Users database should be same for both. >>>>> >>>>> First, Justin an me are working on a new security architecture >>>>> which >>>>> we hope to get in for 2.2.x, but there is no planned date. This >>>>> new >>>>> architecture will make things easier, but there is a big chance >>>>> that >>>>> all the "dirty" tricks we try will not work for 2.2.x versions. >>>> >>>> Sounds interesting. >>>> >>>>> >>>>> What do you mean with running under the same tomcat. I need some >>>>> info >>>>> before I can give some advice. Please answer the next questions >>>>> >>>>> Are there 2 java virtual machines running, one for your >>>>> application >>>>> and one for tomcat. ? >>>> >>>> As far as I understand, no. >>>> >>>>> >>>>> Or is there only one VM running and you deployed two web >>>>> applications, geoserver and your application ? >>>> >>>> Yep, that sounds right. >>>> >>>>> >>>>> Or is there only one VM and one web application and your jsp >>>>> pages >>>>> run within the geoserver web application. >>>> >>>> Nope. >>>> >>>>> >>>>> How do you communicate with geoserver. For java script, I assume >>>>> you >>>>> use urls, how do you communicate within your jsp pages. (URL or >>>>> direct java calls) >>>> >>>> With URLs, I don't even know how to do that with direct calls >>>> (don't >>>> know nothing about Geoserver (under hood)) >>>> >>>> >>>> thanks, >>>> - mika - >>>> >>>>> >>>>> Waiting for your answers :-) >>>>> Christian >> > > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
