Hi all, the only way I see that works is to unsecure the whole workspace and secure every layer instead:
#hasici.*.r=ROLE_HASICI #hasici.*.w=ROLE_HASICI hasici.*.a=ROLE_HASICI hasici.pest.r=ROLE_HASICI, ROLE_PEST hasici.pest.w=ROLE_HASICI hasici.chemicals.r=ROLE_HASICI hasici.chemicals.w=ROLE_HASICI ... This way I can secure all the layers of the workspace and meanwhile give the access rights to one layer to more people. I don't like it very much though, as it adds a lot of config lines and also, if accidentally one layer of the workspace is forgotten, it is left unsecured. Is this the only solution that should work? If I uncomment the first two lines and secure the workspace, then a user with the ROLE_PEST and without the ROLE_HASICI gets 404 when requesting the layer... Using GeoServer 2.3.2. Kind regards, Michal Dne 04.07.2013 10:03, [email protected] napsal: > Hi Michele, > > thank you for your answer. No, I am not using service security at > all. > Of course I do ask for the layer through OWS (and that is what I want > to > do in the map application as well), but I don't use the service > security > to configure it. The file service.properties is present, but contains > comments only. > > The think is, when I try to restrict the access to one particular > layer > more, (only to people who have the access to the whole ws and have > some > additional rights) it works, but when I try to give the access to one > particular layer to more people, who don't have rights to the whole > ws, > it fails. The layer is shown in the available preview list, but 404 > is > returned. > > Kind regards, > > Michal > > > Dne 04.07.2013 09:12, Michele Beneventi napsal: >> Hi Michal, >> I'm not really involved in the geoserver security module, but I >> think >> the problem could be in some conflict between "layer security" and >> "service security": if I'm not wrong "layer preview" use WMS >> service. >> >> http://docs.geoserver.org/2.3.2/user/security/layer.html [3] >> >> ciao >> Michele >> >> On Wed, Jul 3, 2013 at 7:03 PM, <[email protected]> wrote: >> >>> Hi all, >>> >>> I have a workspace with restricted access: >>> >>> hasici.*.r=ROLE_HASICI >>> hasici.*.w=ROLE_HASICI >>> hasici.*.a=ROLE_HASICI >>> >>> And I have one layer in the workspace, that should be accessible to >>> more people then the others: >>> >>> hasici.pest.r=ROLE_HASICI,ROLE_PEST >>> >>> Then I have a user, who does have ROLE_PEST assigned, and does not >>> have the ROLE_HASICI assigned. I assume he should be able to see >>> the >>> layer pest. He logs into geoserver web, and he can see the layer >>> 'hasici:pest' in the 'Layer Preview' list as expected. But when he >>> clicks the 'OpenLayers' link, 404 is shown. The layer can be seen >>> by >>> the users who have the ROLE_HASICI assigned. >>> >>> Am I missing something? How this should be configured? >>> >>> Thank you very much for your advice, >>> >>> Michal >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Windows: >>> >>> Build for Windows Store. >>> >>> http://p.sf.net/sfu/windows-dev2dev [1] >>> _______________________________________________ >>> Geoserver-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/geoserver-users [2] >> >> >> >> Links: >> ------ >> [1] http://p.sf.net/sfu/windows-dev2dev >> [2] https://lists.sourceforge.net/lists/listinfo/geoserver-users >> [3] http://docs.geoserver.org/2.3.2/user/security/layer.html > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Geoserver-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
