[Geoserver 2.2.2, Tomcat 7.0.22, Win Srvr 2008 R2]
I'm successfully loading files via cURL & REST services but I'm unsure
about REST security, particularly with providing access to one workspace
only.
The documentation explains how to secure the entire site or a specific
resource. The default rest.properties is to lock down every rest call
unless the user has the role ADMIN. This was confirmed - a curl request
with no user details [curl -v -XGET
http://host/geoserver/rest/workspaces/testWksp/] is not granted access,
a curl request with ADMIN role [curl -v -u admin:geoserver -XGET
http://host/geoserver/rest/workspaces/testWksp/] is granted access.
If I comment out all the lines in the user.properties I get the same
results. Note I reload the geoserver deployment in Tomcat after changing
the user.properties file.
This suggests that the REST service is secured completely by default and
access is granted to users with administrative rights regardless of the
lines in the user.properties file.
Ticket GEOS-5139 mentions a patch that was to be applied to 2.2-RC1. I'm
not sure where this version sits compared to 2.2.2 which I have
installed, IE, maybe the patch has been applied to the version I'm using
but I'm unsure. But this ticket still suggests you need to include the
default 'all request lock' [/**;GET,POST,PUT,DELETE=ROLE_ADMINISTRATOR]
which by my account, isn't required.
So, is the default 'all request lock' line in user.properties required
still? Does this provide any additional security to the REST services?
Thanks in advance for the clarification.
Abe.
[http://docs.geoserver.org/stable/en/user/security/rest.html]
[https://jira.codehaus.org/browse/GEOS-5139]
Richard "Abe" Coughlin
SPATIAL DATA & APPLICATIONS SPECIALIST
*Pacific Islands Ocean Observing System*
*University of Hawaii 1-808-956-0822 *
www.pacioos.org <http://www.pacioos.org>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
