Ah,

I see; you meant you wanted to apply the GeoServer rules directly to the 
incoming requests but on standalone. I was thinking about the requests from GWC 
to GeoServer.

Paul

From: Steve Omondi [mailto:steve.omo...@ramani.co.ke]
Sent: 07 November 2017 12:33
To: Paul Wittle <p.wit...@dorsetcc.gov.uk>
Cc: geoserver-users@lists.sourceforge.net; andrea.a...@geo-solutions.it
Subject: Re: [Geoserver-users] Standalone Geowebcache and Geoserver

Hi Paul, my case is not really what is in the discussion.

I have un-controlled number of users sending request for different layers (over 
1000 layers and growing). Each user has an AuthKey (Based on the AuthKey 
Module). The Authkey is queried from the Database per user and added to the WMS 
request URL for Authorization. ALl this is dynamic and I don't have the luxary 
of setting the authkey property in the geowebcache.xml.

In fact for my case I can't even set the layers one by one in the 
geowebcache.xml, I have used WMS getCapabilities in the 
Geowebcache-core-context.xml to load all the WMS layers at once.

My desired solution would be how to parse the Authkey to the final request URL 
sent to geoserver by the GWc request to check data security and restrict access 
to layers and the already seeded tiles.

For quick turnaround for my application I'm now doing an Authentication + 
Authorization Service in front of GWC and I'm also removing all the Data 
Security Rules in the Geoservers. This way the Authorization will now be 
checked even before the request hits GWC without depending on Geoserver 
Subsecurity System.

Of course I'm interested to know of other approaches to achieve this without 
writing other software. Or, any one offer me advice on tuning Embedded GWC on 
multiple Geoservers to perform as efficient and fast as Standalone GWC.

Kind regards,
Steve Omondi

On Tue, Nov 7, 2017 at 3:00 PM, Paul Wittle 
<p.wit...@dorsetcc.gov.uk<mailto:p.wit...@dorsetcc.gov.uk>> wrote:
Hi,

Is the option referenced in this message thread not related to passing 
credentials with the requests?

http://osgeo-org.1560.x6.nabble.com/How-can-I-configure-user-name-password-in-geowebcache-xml-for-wmslayers-td5023835.html

I was trying to use the same settings unsuccessfully but I don’t know why I 
thought something had moved on; perhaps not.

Cheers,
Paul
"This e-mail is intended for the named addressee(s) only and may contain 
information about individuals or other sensitive information and should be 
handled accordingly. Unless you are the named addressee (or authorised to 
receive it for the addressee) you may not copy or use it, or disclose it to 
anyone else. If you have received this email in error, kindly disregard the 
content of the message and notify the sender immediately. Please be aware that 
all email may be subject to recording and/or monitoring in accordance with 
relevant legislation."

"This e-mail is intended for the named addressee(s) only and may contain 
information about individuals or other sensitive information and should be 
handled accordingly. Unless you are the named addressee (or authorised to 
receive it for the addressee) you may not copy or use it, or disclose it to 
anyone else. If you have received this email in error, kindly disregard the 
content of the message and notify the sender immediately. Please be aware that 
all email may be subject to recording and/or monitoring in accordance with 
relevant legislation."
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to