Hi Jukka,
actually, the customer just wants to disable anonymous access to Layer
Preview. For them, that is kind of a security feature. However, as
Andrea pointed out, it's not, since users could still access all
unsecured data through OGC services. Currently, the customer and its
security officer is fine with only removing anonymous access to Layer
Preview (which hands out data on a silver platter) so, I'm fine with
that, too. They are not willing to invest into a full blown data-level
or service-level security concept, which will effect many of their clients.
Yes, KML is one of the problematic formats for the customer (can simply
be added to Google Earth and published). On the other hand, some users
actually need KML for their daily work, so simply removing KML (which a
know about) is not an option.
Carsten
Am 01.07.2023 um 19:40 schrieb Rahkonen Jukka:
Hi,
Did I understand right that what you want to achieve is to disable the
KML outputformat for WMS? Have you considered to restrict the allowed
MIME types
https://docs.geoserver.org/latest/en/user/services/wms/webadmin.html#restricting-mime-types-for-getmap-and-getfeatureinfo-requests
-Jukka Rahkonen-
*Lähettäjä:* Carsten Klein <c.kl...@datagis.com>
*Lähetetty:* lauantai 1. heinäkuuta 2023 16.27
*Vastaanottaja:* Andrea Aime <andrea.a...@geosolutionsgroup.com>; Jody
Garnett <jody.garn...@gmail.com>
*Kopio:* geoserver-users@lists.sourceforge.net
*Aihe:* Re: [Geoserver-users] Remove Layer Preview from Login Page
(SOLVED)
Hi Andrea, hi Jody,
actually, the solution to the anonymous Layer Preview problem is quite
simple and relays on GeoServer's built in Security capabilities only.
Under *Security* -> Authentication, adding a new HTML Filter Chain
"webPreview" for path (ANT pattern)
"/web/wicket/bookmarkable/org.geoserver.web.demo.MapPreviewPage" is
the first step. I also checked "Allow creation of an HTTP session for
storing the authentication token" (don't know whether it's really
required). Finally, I've added Chain filters "rememberme" and "form"
in that order.
Obviously, that new filter chain must be positioned before the "web"
filter chain (which ist for path "/web/**" and allows for anonymous
access).
With that chain in place, clicking on the Layer Preview link while not
being authenticated, just forwards you to the FORM login page
org.geoserver.web.GeoServerLoginPage. Layer Preview is no longer
accessible anonymously... :-)
I did the same for pages for *Demos* -> Demo requests and *Demo* ->
WCS request builder.
As mentioned before, several German companies I know about are facing
the same problem. Maybe it's worth to mention that procedure in the
docs somewhere under "Running in a production environment".
Regards,
Carsten
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
