Hi Jody,
Thank for your reply. Comments inline:
On 20 March 2014 08:49, Jody Garnett <[email protected]> wrote:
> I have never set them up to overlap before :) In general more specific
> settings override general settings, so "/wfs/** and GET,POST,PUT,DELETE
> would be more specific then wfs.*. In your second example version=2.0.0
> would be more specific etc...
>
>
OK, I think I understand. Is that because of the REST security filters are
checked first?
> But I think you may be missing the point rest.properties should be used to
> lock down REST access?
>
I didn't see anything in the documentation that would prevent me from
securing OWS services with the REST security mechanism. I understand that
the OWS security mechanism should be used for OWS services - therefore, I
wanted to clarify that if it would be possible to use just a single
mechanism (e.g. OWS) and make sure that the other one is turned off
completely (e.g. REST one). Could you comment on this please?
Thank you in advance for your reply.
Kind regards,
Maciej
>
>
>
> Jody Garnett
>
>
> On Wed, Mar 19, 2014 at 3:08 AM, Maciej Machulak <
> [email protected]> wrote:
>
>> Hi all,
>>
>> I have been reviewing the security model for the GeoServer and I wanted
>> to confirm that OWS and REST security mechanisms are overlapping - i.e. the
>> following two rules are equivalent:
>>
>> (1) wfs.*=ROLE_WFS (specified in security.properties file)
>> (2) /wfs/**;GET,POST,PUT,DELETE=ROLE_WFS (specified in rest.properties
>> file)
>>
>> Is that correct?
>>
>> Similarly, are the below two rules equivalent?
>> (2) wfs.GetFeature=ROLE_WFS (specified in security.properties file)
>> (3)
>> /wfs?service=wfs&version=2.0.0&request=GetFeature;GET,POST,PUT,DELETE=ROLE_WFS
>> (specified in rest.properties file)
>>
>> If rule 1=2 and rule 3=4, which security mechanism takes precedence? The
>> OWS or the REST one? Also, would it then be possible to use just a single
>> mechanism (e.g. REST) and make sure that the other one is turned off
>> completely (e.g. OWS one).
>>
>> Also, as I understand, only the OWS security is exposed through the Web
>> interface of the GeoServer, while the REST security has to be defined
>> directly within a file. Is that correct?
>>
>> Thank you in advance for clarification.
>>
>> Kind regards,
>> Maciej
>>
>> --
>> Maciej Machulak
>> email:
>> [email protected]<https://mail.google.com/mail/?view=cm&fs=1&tf=1&[email protected]>
>> mobile: +44 7999 606 767 (UK)
>> mobile: +48 602 45 31 66 (PL)
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> Geoserver-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>>
>
--
Maciej Machulak
email: [email protected]
mobile: +44 7999 606 767 (UK)
mobile: +48 602 45 31 66 (PL)
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
