Thank you Andrea, I will investigate this. From: andrea.a...@gmail.com [mailto:andrea.a...@gmail.com] On Behalf Of Andrea Aime Sent: 29 July 2016 16:38 To: Chris Buckmaster Cc: geoserver-users@lists.sourceforge.net Subject: Re: [Geoserver-users] Geosever security - WFS / WMS services and Openlayers
Hi Chris, openlayers and the desktop clients are making pretty much the same OGC requests, so I don't believe you can tell them apart using the built-in authorization mechanism. But the mechanism is pluggable, so you could write your own that checks the incoming requests for hints... hard to find a solid solution, but some ideas off the top of my head (warning, only thought about it a split minute): * Desktop clients _may_ setup the "user agent" HTTP header in a way that can be recognized, or you could just whitelist the user agents of most browsers (mind, you might end up blocking uncommon browsers in the process, and possibly the ones in incognito mode too) * If the openlayers based client is written by you, you could add an extra vendor parameter to the GetMap requests, it's normally hard/impossible to make common desktop clients to do the same. Both approaches are weak against someone resourceful writing his own client and spoofing the right params/user agent values by examining your web client of course. Cheers Andrea On Fri, Jul 29, 2016 at 5:06 PM, Chris Buckmaster <chris.buckmas...@runnymede.gov.uk<mailto:chris.buckmas...@runnymede.gov.uk>> wrote: Hi I am running Geoserver version 2.5 and have an Openlayers 3 web map application which accesses some WMS and WFS services from the Geoserver instance. At the moment I haven’t configured any authentication so it is running the default settings. What I would like is to allow this to continue so my Openlayers application has full access to all of the layers on Geoserver, but for anyone accessing my WMS / WFS (i.e through QGIS), I would like to include a username / password or restrict the layers visible through these services. I have had a quick look the manual trying to understand how this works but cannot seem to grasp it – I know there are authentication settings within the web interface, but would these not be for the whole of Geoserver? How am I able to allow access to my Openlayers application, but also restrict access to the WFS / WMS services for desktop users wanting to view my services? Thanks, Chris ------------------------------------------------------------------------------ _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/geoserver-users -- == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. -------------------------------------------------------
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
