Ah,
I see; you meant you wanted to apply the GeoServer rules directly to the
incoming requests but on standalone. I was thinking about the requests from GWC
to GeoServer.
Paul
From: Steve Omondi [mailto:steve.omo...@ramani.co.ke]
Sent: 07 November 2017 12:33
To: Paul Wittle <p.wit...@dorsetcc.gov.uk>
Cc: geoserver-users@lists.sourceforge.net; andrea.a...@geo-solutions.it
Subject: Re: [Geoserver-users] Standalone Geowebcache and Geoserver
Hi Paul, my case is not really what is in the discussion.
I have un-controlled number of users sending request for different layers (over
1000 layers and growing). Each user has an AuthKey (Based on the AuthKey
Module). The Authkey is queried from the Database per user and added to the WMS
request URL for Authorization. ALl this is dynamic and I don't have the luxary
of setting the authkey property in the geowebcache.xml.
In fact for my case I can't even set the layers one by one in the
geowebcache.xml, I have used WMS getCapabilities in the
Geowebcache-core-context.xml to load all the WMS layers at once.
My desired solution would be how to parse the Authkey to the final request URL
sent to geoserver by the GWc request to check data security and restrict access
to layers and the already seeded tiles.
For quick turnaround for my application I'm now doing an Authentication +
Authorization Service in front of GWC and I'm also removing all the Data
Security Rules in the Geoservers. This way the Authorization will now be
checked even before the request hits GWC without depending on Geoserver
Subsecurity System.
Of course I'm interested to know of other approaches to achieve this without
writing other software. Or, any one offer me advice on tuning Embedded GWC on
multiple Geoservers to perform as efficient and fast as Standalone GWC.
Kind regards,
Steve Omondi
On Tue, Nov 7, 2017 at 3:00 PM, Paul Wittle
<p.wit...@dorsetcc.gov.uk<mailto:p.wit...@dorsetcc.gov.uk>> wrote:
Hi,
Is the option referenced in this message thread not related to passing
credentials with the requests?
http://osgeo-org.1560.x6.nabble.com/How-can-I-configure-user-name-password-in-geowebcache-xml-for-wmslayers-td5023835.html
I was trying to use the same settings unsuccessfully but I don’t know why I
thought something had moved on; perhaps not.
Cheers,
Paul
"This e-mail is intended for the named addressee(s) only and may contain
information about individuals or other sensitive information and should be
handled accordingly. Unless you are the named addressee (or authorised to
receive it for the addressee) you may not copy or use it, or disclose it to
anyone else. If you have received this email in error, kindly disregard the
content of the message and notify the sender immediately. Please be aware that
all email may be subject to recording and/or monitoring in accordance with
relevant legislation."
"This e-mail is intended for the named addressee(s) only and may contain
information about individuals or other sensitive information and should be
handled accordingly. Unless you are the named addressee (or authorised to
receive it for the addressee) you may not copy or use it, or disclose it to
anyone else. If you have received this email in error, kindly disregard the
content of the message and notify the sender immediately. Please be aware that
all email may be subject to recording and/or monitoring in accordance with
relevant legislation."
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
