I think this is a bug in Geoserver, because the resource should have in this
constellation dedicated READ (topp.states.) access. Even if that's not the case
and access is permitted - maybe because the other rule (topp.*.r) is
overruling? - than getCapabilities shouldn't show the resource in HIDE mode.
Can anyone confirm this as a bug?
Regards
Dominik
Von: Dominik Gärner
Gesendet: Freitag, 20. November 2015 10:20
An: '[email protected]'
Betreff: unexpected behaviour in layer wise security restrictions
Hi, I found some inconsistencies when setting up a security for single layers.
What I want is, for a specific role and workspace, to set up something like:
"Hide/restrict access to all layers except of..."
With a simple set up for the "topp" workspace it would look like this:
*.*.r=*
*.*.w=*
topp.*.r=ADMIN,GROUP_ADMIN
topp.states.r=TEST
mode=HIDE
A GetCapabilities request (and also the layer preview in the browser) for a
TEST-user looks like what I'd expect: he sees only the topp.states layer from
the topp workspace. But the access to it is still restricted, giving me a
404:resource not available.
Now, setting the mode=CHALLENGE, I can access topp.states. But this workaround
isn't what I want because it exposes all the layers to a getCapabilities
request.
Do I misunderstood the security concept or is this a wrong behaviour of
Geoserver?
Best Regards
Dominik
--
Dominik Gärner
GRINTEC GmbH
Anzengrubergasse 6, 8010 Graz, Austria
Tel: +43(316)383706-0
mailto:[email protected]
http://www.grintec.com
FN 47845k Handelsgericht Graz
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
