This might be related to an issue I just posted about elsewhere - accessing
protected GeoServer layers via WFS from desktop GIS software (QGIS,
MapInfo).
I found the online help description of Catalog Mode helpful for
understanding this situation, but maybe it would be good to also mention
there or elsewhere that desktop clients need to and can be forced to use
authentication?
Anyway, I hope this helps....
-----
I've been working on accessing protected layers in GeoServer via WFS from
QGIS. I ran into some problems, similar to those described by someone on
the mailing list a couple of years ago (here:
http://lists.osgeo.org/pipermail/qgis-user/2011-March/011580.html), except
I'm using WFS rather than WMS. I've found a workaround that is enough for
my current needs.
First off, as far as I can tell, entering WFS basic auth credentials when
creating the layer does not help in any way. Auth won't be done unless the
server demands it, and then it will always ask the user for them again
anyway (I'm using QGIS from master, at commit d68524). There is an open bug
related to this:
http://hub.qgis.org/issues/6609
As for accessing protected layers, I found that the problem was that QGIS
first tries to do the GetCapabilities without credentials, and only prompts
the user for them if the anonymous request was denied by the server.
Usually an anonymous request will succeed, showing all the public layers,
and the user won't have a chance to get at the protected layers. The same
thing is done by MapInfo, by the way.
My workaround for this was to have the Apache running in front of GeoServer
force authentication in certain cases.
Instead of using a WFS url like:
http://myserver.com/geoserver/wfs
I enter it as:
http://myserver.com/geoserver/wfs?forcebasicauth=true
Then I have apache intercept requests with that special query string as
follows:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^$
RewriteCond %{QUERY_STRING} forcebasicauth=true
RewriteRule .* /var/www/forcebasicauth.php [L]
So that if the request has no auth details, it will be passed to a small
PHP handler that will request them:
<?php header('WWW-Authenticate: Basic realm="main"', true, 401); ?>
All requests with auth details will get passed through to GeoServer as
usual, as wil anything without the forcebasicauth key.
I tried to do this without PHP but couldn't get both the 401 http code and
the header to be returned conditionally in pure Apache config (the code is
enough for MapInfo, QGIS needs the correct header too).
Cheers,
Chris
On Fri, May 17, 2013 at 8:56 PM, Rahkonen Jukka
<[email protected]>wrote:
> Hi,
>
> Once you have solved the problem with saving you will see that your data
> is perhaps not where you believe. WFS 1.1.0 is using lat-lon coordinate
> axis order and coordinates like 49.011303,8.380108 are in Karlsruhe.
> 8.380108,49.011303 seems to be in Eastern Somalia.
>
> I am not sure if multicurves are supported. Have a try by using
> multilinestring and hope that it helps.
>
>
> -Jukka Rahkonen-
>
>
> Satyam Saxena wrote:
>
> > Lennart Jütte <lists <at> rtjuette.de> writes:
> >
> > >
> > > I forgot to mention that the WFS service level is set to "full" (my
> german
> > geoserver shows
> > > "völlständig"). Setting it to "transactional" doesn't help.
> > > Often this problem come when you don't have primary key in your
> > table(bb_karlsruhe_wfst), create one and expose primary key in
> geo-server.
> >
> > > Am 27.05.2010 um 16:22 schrieb Lennart Jütte:
> > >
> > > > I'm trying to execute a wfs transaction, but i always get an
> exception:
> > > >
> > > > <?xml version="1.0" encoding="UTF-8"?>
> > > > <ows:ExceptionReport version="1.0.0"
> > xsi:schemaLocation="http://www.opengis.net/ows
> > > http://wka-wn-
> > flogx:8080/geoserver/schemas/ows/1.0.0/owsExceptionReport.xsd"
> > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> > xmlns:ows="http://www.opengis.net/ows";>
> > > > <ows:Exception exceptionCode="NoApplicableCode">
> > > > <ows:ExceptionText>{http://rtjuette.de}bb_karlsruhe_wfst is read-
> > only</ows:ExceptionText>
> > > > </ows:Exception>
> > > > </ows:ExceptionReport>
> > > >
> > > >
> > > > Here's the transaction:
> > > >
> > > > <wfs:transaction xmlns:wfs="http://www.opengis.net/wfs";
> > service="WFS"
> > version="1.1.0"
> > > xsi:schemaLocation="http://www.opengis.net/wfs
> > > http://schemas.opengis.net/wfs/1.1.0/wfs.xsd";
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> > > > <wfs:insert>
> > > > <feature:bb_karlsruhe_wfst xmlns:feature="http://rtjuette.de";>
> > > > <feature:way>
> > > > <gml:multicurve xmlns:gml="http://www.opengis.net/gml";
> > srsName="EPSG:4326">
> > > > <gml:curvemember>
> > > > <gml:linestring>
> > > > <gml:poslist>8.3866882324218 49.011753124757
> > 8.3908081054687 49.0315656227 8.4251403808594
> > > 49.020759783397 8.4175872802735 49.009951597471 8.4011077880859
> > 49.018508271515
> > > 8.3976745605469 49.001393452634 8.3612823486328 49.008150004997
> > 8.3592224121093
> > > 49.037417805904 8.407974243164 49.046419820376 8.4203338623047
> > 49.042369115505</gml:poslist>
> > > > </gml:linestring>
> > > > </gml:curvemember>
> > > > </gml:multicurve>
> > > > </feature:way>
> > > > </feature:bb_karlsruhe_wfst>
> > > > </wfs:insert>
> > > > </wfs:transaction>
> > > >
> > > > I can't find any setting that enables write protection for this
> layer.
> > The user who is defined in the
> > > store's settings has r/w access to the table. The table is empty at the
> > moment, but i was able to read and
> > > display elements that were stored there before. I used the GS webui to
> > define a "Data security" rule that
> > > reads "*.*.w" for role "*" (in addition to "*.*.r" "*").
> > > >
> > > > I'm running Geoserver 2.0.2 on Debian lenny x86 with Java 1.6.20. The
> > Datastore is a PostGIS 1.5 DB.
> > > > I can remember working with WFS-T before, but i don't know if i used
> > PostGIS back then. Am i missing anything?
> > > >
> > > > Regards,
> > > > Lennart
> > > >
> ------------------------------------------------------------------------
> > ------
> > > >
> > > > _______________________________________________
> > > > Geoserver-users mailing list
> > > > Geoserver-users <at> lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/geoserver-users
> > >
> > >
> --------------------------------------------------------------------------
> > ----
> > >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > AlienVault Unified Security Management (USM) platform delivers complete
> > security visibility with the essential security capabilities. Easily and
> > efficiently configure, manage, and operate all of your security controls
> > from a single console and one unified framework. Download a free trial.
> > http://p.sf.net/sfu/alienvault_d2d
> > _______________________________________________
> > Geoserver-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
