This is an interesting challenge as geoserver really wishes to share you information :)
a) You can may a layer group opaque to contain your layer and just use it to draw, and then it is not listed anywhere (see no evil). But if you wish to provided authenticated access to WFS then this will be a little too hidden. b) You can add your WFS authentication, and then for WMS ... disable GetFeatureInfo KML, PDF, SVG and any other WMS output format you consider too sufficiently detailed 🙂 You best lock down WMS GetFeatureInfo access as well as that can provided GML c) You could set up an internal GeoServer for those authenticated users, and a more public WMS only GeoServer for sharing the imagery. Use cascading WMS to have a separation. If you really need to "handle critical data" and only provided a visual ... you may not wish to be publishing at all? There are raster to vector processing chains around after all and WMS provided adhoc zoom to allow edge detection with great detail. -- Jody Garnett On Jun 27, 2023 at 3:12:12 PM, Carsten Klein <c.kl...@datagis.com> wrote: > Hi Jody, > > thanks for answering. Do you know any other way to do what I'm needing? > Removing Web UI completely is not really convenient... > > It's about not providing users access to download data as vectors. That is > required if GeoServer hosts unfree or even critical data. > > I could allow WFS requests for ROLE_AUTHENTICATED only. I could even deal > with that in my client application (which is capable of authenticating for > WFS requests). But I actually do not want to add security (authentication > requirements) for WMS requests (getting just dumb images is not a problem). > > However, there's one exception: KML. Although it is a WMS format (and so, > it is not protected by any WFS service security rule), KML is actually a > vector format, as it contains real WGS84 coordinates (maybe other WMS > formats do as well). Even worse for critical data (thing of line features > describing North Stream pipelines blown up recently), KML can easily be > imported into and publicly published by Google Earth. Even non-GIS related > users can do this in minutes. > > So, Layer Preview may be a "simple to exploit" security hole when dealing > with critical data. In order to prevent it, one has to secure all data > and/or all services. The latter is uncommon (or at least uncomfortable) for > WMS using raster formats like PNG or JPEG. > > What about a new option to disable Layer Preview for anonymous access? Or, > as an alternative, a new boolean layer property (like "enabled" or > "advertised") named "show in preview" (defaulting to true)? > Carsten > > Am 27.06.2023 um 13:53 schrieb Jody Garnett: > > There is an option to turn the entire geoserver admin console off in the > documentation: > > > https://docs.geoserver.org/latest/en/user/production/config.html#disable-the-geoserver-web-administration-interface > > I am not sure if I have heard of an option to turn off just the layer > preview before. > -- > Jody Garnett > > > On Jun 27, 2023 at 1:00:51 PM, Carsten Klein <c.kl...@datagis.com> wrote: > >> Hi there, >> >> some years ago, I found a quite simple mechanism to remove the "Layer >> Preview" link from GeoServer's start page, BEFORE being logged on. >> Currently, I do not find this mechanism any more nor any documentation >> about it. >> >> Any suggestions brought by Google search just mention to remove read >> access through Security settings (Layer Security or Service Security). >> >> However, I just want to provide access to the Layer Preview for an >> logged-on user. I don't want to add authentication requirements to >> layers or services (if a users manages to assemble a WFS request >> manually, he/she shall get that data... will never happen *lol*). >> >> I believe there was a rather simple trick to let the Layer Preview menu >> link not show up before a users has logged-in into the Web >> administration interface. Is it still there in a recent version (e.g. >> 2.22.x) and how enable it? >> >> Many thanks in advance, >> >> Carsten >> >> >> _______________________________________________ >> Geoserver-users mailing list >> >> Please make sure you read the following two resources before posting to >> this list: >> - Earning your support instead of buying it, but Ian Turton: >> http://www.ianturton.com/talks/foss4g.html#/ >> - The GeoServer user list posting guidelines: >> http://geoserver.org/comm/userlist-guidelines.html >> >> If you want to request a feature or an improvement, also see this: >> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >> >> >> Geoserver-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
