I have a page in an existing Spring-based Java application that uses GeoServer (2.2) via WMS & WFS, with requests originating from the client. Users have to authenticate with the Java application but currently GeoServer OWS services are accessed anonymously.
This is changing, and now OWS services need to be secured. Reading through the security / authentication documentation I don't see any option to delegate authentication to another application. The closest I get is using a J2EE filter so that Tomcat provides authentication using its users.xml file. Is there any way I can take the existing JSESSIONID cookie to verify that the GeoServer request comes from a user that is logged into my Java application? I don't want users to have to authenticate twice. It seems like all the authentication options are based on setting up users & passwords somewhere, in a database, xml file, or tomcat config file. Any thoughts much appreciated. -- View this message in context: http://osgeo-org.1560.n6.nabble.com/Delegate-authentication-to-separate-application-tp5009685.html Sent from the GeoServer - User mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
