Actually I think I see how calls to ResourceAccessManager.getAccessLimits()
from inside my service code can accomplish my purposes. Thanks for the help.
Regards, Walter
From: Walter Stovall
Sent: Thursday, March 31, 2016 12:00 PM
To: 'Andrea Aime'
Cc: [email protected]
Subject: RE: [Geoserver-users] Why does geofence not block access when my rule
says to DENY the method?
Thanks. That works for most things. But in my case I have a custom service
that creates new workspaces and layers. I only want authorized users to
execute this service method.
As I see it, if the rule specifies the Service and Request but not the
workspace or layer, the method should be blocked since it doesn’t allow access
to anything.
Would this be a reasonable enhancement for me to contribute to geofence?
Perhaps with a change to GeofenceAccessManager?
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Andrea Aime
Sent: Thursday, March 31, 2016 11:39 AM
To: Walter Stovall
Cc:
[email protected]<mailto:[email protected]>
Subject: Re: [Geoserver-users] Why does geofence not block access when my rule
says to DENY the method?
Hi Walter,
I'd say the expectation is wrong, GeoFence works at the data access level and
allows you to put
requests as a context or that check (can I access layer X within the context of
request Y?).
So with that rule, and assuming you're not running it as an administrator, I'd
expect to
get a capabilities document, but with no coverages inside of it
Cheers
Andrea
On Thu, Mar 31, 2016 at 5:03 PM, Walter Stovall
<[email protected]<mailto:[email protected]>> wrote:
I’m using the latest geoserver trunk code and the internal geofence-server. I
built from source using the geofence-server profile. As a test case I created
a simple rule that denies access to the WCS GetCoverage method. My rule sets
only the Service and Request fields with Access=DENY.
[cid:[email protected]]
I’ve selected the geofence Authenticator and moved it to the top of the chain
(above default).
When I go to the Demo page and execute the WCS_GetCapabilities demo, I get a
capabilities document back when I would expect an error return saying I’m not
authorized to execute that method.
Where am I going wrong?
Thanks for any comments!
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Geoserver-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo
è consentito esclusivamente al destinatario del messaggio, per le finalità
indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne
il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di
procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro
sistema. Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse,
costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the
attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act (Legislative
Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in
accord with its purpose, any disclosure, reproduction, copying, distribution,
or either dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the intended
recipient, please contact immediately the sender by telephone, fax or e-mail
and delete the information in this message that has been received in error. The
sender does not give any warranty or accept liability as the content, accuracy
or completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
-------------------------------------------------------
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
