Could create a really simple servlet filter that inspects the GetMap or
GetFeatureInfo requests and modifies the cql_filter parameter based on the
user's login. Custom code, but straightforward deployment. Insures nobody
can spoof the partner id.
Jason Newmoyer
Newmoyer Geospatial Solutions
843.606.0424
[email protected]
On Fri, May 27, 2016 at 12:22 PM, Stefano Costa <
[email protected]> wrote:
> Hi Robin,
> did you have a look at the GeoFence project?
> https://github.com/geoserver/geofence/wiki/Main-concepts
>
> With GeoFence, you could setup one access rule for each partner with a CQL
> filter like "partner_id = 100" and apply it to any restricted layer you
> have (supposing they all have a "partner_id" column).
>
> Hope this helps.
>
>
> On Wed, May 18, 2016 at 3:25 PM, Robin Kossi <[email protected]>
> wrote:
>
>> Hello,
>>
>> We're using GeoServer for a GIS project where a lot of different partners
>> input data in our system though a web client.
>>
>> We have public layers available with limited data, but partners should be
>> able to get 'private' layers which contain all of their data.
>> Partners should not be able to view the private data of other partners
>> under any circumstance.
>> Every partner will have an account on GeoServer.
>>
>> The 'private' layer for a partner would be an sql view containing
>> information of every partner with a filter on partner id.
>>
>> We could create a private layer for every partner containing only the
>> information they have access to, but because we're working with over 200
>> partners this could be quite cumbersome because we'd have to create over
>> 200 separate layers and link each layer to the correct single account.
>> The only difference between these layers would be the partner id.
>>
>> It's possible in GeoServer to add CQL filters to a layer, but as far as
>> we could see it's only possible to append the actual filter id to the
>> request URL which would enable partners to change the filter id to get data
>> from other partners.
>>
>> We noticed it's possible to add properties to a user account. Is it
>> possible to create a CQL filter which reads a property from the current
>> user account?
>> This would enable us to create one 'private layer' and allow for each
>> account to use the same layer but only see the information associated with
>> their account without being able to alter the filter.
>>
>> If that's not possible, what would be the recommended way to implement
>> this use case?
>>
>> Thanks in advance,
>> Robin K.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Mobile security can be enabling, not merely restricting. Employees who
>> bring their own devices (BYOD) to work are irked by the imposition of MDM
>> restrictions. Mobile Device Manager Plus allows you to control only the
>> apps on BYO-devices by containerizing them, leaving personal data
>> untouched!
>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
>> _______________________________________________
>> Geoserver-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>>
>
>
> --
>
> Best regards,
> Stefano Costa
>
> ==
> GeoServer Professional Services from the experts! Visithttp://goo.gl/it488V
> for more information.
> ==
> Dott. Stefano Costa
> Senior Software Engineer
>
> GeoSolutions S.A.S.Via di Montramito 3/A
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> http://www.geo-solutions.ithttp://twitter.com/geosolutions_it
>
> -------------------------------------------------------
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate.
> Il loro utilizzo è consentito esclusivamente al destinatario del
> messaggio, per le finalità indicate nel messaggio stesso. Qualora
> riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
> cortesemente di darcene notizia via e-mail e di procedere alla
> distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
> Conservare il messaggio stesso, divulgarlo anche in parte,
> distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
> diverse, costituisce comportamento contrario ai principi dettati dal
> D.Lgs. 196/2003.
>
> The information in this message and/or attachments, is intended solely
> for the attention and use of the named addressee(s) and may be
> confidential or proprietary in nature or covered by the provisions of
> privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New
> Data Protection Code).Any use not in accord with its purpose, any
> disclosure, reproduction, copying, distribution, or either
> dissemination, either whole or partial, is strictly forbidden except
> previous formal approval of the named addressee(s). If you are not the
> intended recipient, please contact immediately the sender by
> telephone, fax or e-mail and delete the information in this message
> that has been received in error. The sender does not give any warranty
> or accept liability as the content, accuracy or completeness of sent
> messages and accepts no responsibility for changes made after they
> were sent or for other risks which arise as a result of e-mail
> transmission, viruses, etc.
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
