Thanks for the feedback.
Sorry for not being clear - I think I expressed myself wrong:
I would like to know why the Key authentication module calls the webservice
only for the first few requests (for example: the first 20 wms raster images
which are loaded in leaflet when navigating to my site the first time) – when
panning, zooming on the page afterwards for all other subsequent wms request
geoserver does not call the webservice anymore (no logs on my webservice
endpoint).
It is clear to me that all OWS requests are stateless, so there is no session –
but how does geoserver still know that any subsequent request from the client
is valid for requests with the specific token without calling the webservice
anymore and validating the token? As I understand, it can’t be the rememberme
filter, as this filter only works for the Web Login (and I can’t see any cookie
sent in the requests).
After waiting some time I found out that the service is called again – so it
looks like there is some “token-caching” done.
So my questions are:
* why is the webservice not called for every single geoserver wms request?
* Is there some “token-caching” mechanism?
* If so:
* Can I invalidate the token?
* Is there a timeout setting after which the webservice is called again?
Thank you!
Bernd
Von: Jody Garnett <[email protected]>
Gesendet: Mittwoch, 8. Jänner 2020 20:20
An: Loigge Bernd <[email protected]>
Cc: [email protected]
Betreff: Re: [Geoserver-users] Key Authentication Module External Webservice -
Invalidate / Expire Token
Not sure where exactly to start answering you.
It is a configuration option to control is using a filter chain, establishing a
list of authentication providers to try in order (basic authentication,
remember me to establish a session, etc...).
Having a session is useful for the web administration application, but not
required for the various stateless protocols such as WMS and WPS. Indeed for
those you may wish to check credentials each time.
Reading:
- https://docs.geoserver.org/latest/en/user/security/auth/chain.html
- https://docs.geoserver.org/latest/en/user/security/auth/web.html
--
Jody Garnett
On Wed, 8 Jan 2020 at 03:11, Loigge Bernd
<[email protected]<mailto:[email protected]>> wrote:
Hi all
I am using the Key authentication module. As my key provider I am using an
external web service.
When the external web services returns a valid user every subsequent request is
valid as I understand it – the webservice is not called anymore.
* How does Geoserver handle this internally? Is there some kind of session
created?
* How can I invalidate / expire the token from the external service? Is
there some timeout setting after which the wesbervice is called again to see if
the token is still valid?
Thanks
Bernd
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
