Our problem is that we dinamically have to create user group authorization with different layers, in that case we have to create a mapfile dinamically with the layers and configure the control access (with apache authorization?) of the user. The proxy approach is one of the option that we are considering, thanks.
2007/7/30, Rahkonen Jukka <[EMAIL PROTECTED]>: > > Hi, > > Perhaps you could make a separate WMS-service for each user group you > have? With Mapserver it is easy because you only need to create a new > mapfile and then control which mapfile the current user can access. This > should at least prevent fiddling with layer names. > > We are using proxy approach which creates a facede server on a local port > after successful login and we are rather satisfied with that. System is self > made but it is in principle close to OWS-proxy by deegree, of Web security > service by 52nort.org. > > -Jukka Rahkonen- > > > ________________________________ > > Lähettäjä: UMN MapServer Users List puolesta: Ruben Pardo > Lähetetty: ma 30.7.2007 10:59 > Vastaanottaja: [email protected] > Aihe: Re: [UMN_MAPSERVER-USERS] Authentication > > > but if the request is generated in other layer, people can ask with a > browser to the mapserver changing the name of the layer on the WMS, > We have a WMS accesible with some layer to everybody and other to > authenticate users. > we are thinking on using a remoteWMS like deegree (with WASS) with > mapserver, a single sign-on or something on apache (mod_auth or similiar). > but we want to know how people use to implement this issue. > > Thanks. > > > 2007/7/30, Gregor Mosheh <[EMAIL PROTECTED]>: > > Ruben Pardo wrote: > > We want to protect a number of layers to non-authenticate users. > > I want to ask how people use to protect layers served by > mapserver? is > > there any mechanism inside mapserver for this? > > There sure isn't. Authentication has to be done at some other > layer, > typically the webserver layer. If Tomcat is generating the > requests, > then that'd be the best place to do the authentication. > > -- > Gregor Mosheh / Greg Allensworth > System Administrator, HostGIS cartographic development & hosting > services > http://www.HostGIS.com/ > > "Remember that no one cares if you can back up, > only if you can restore." - AMANDA > > > >
