Thanks so much for all the good info below Larry!

Tim Sutton 
Co-founder of Kartoza 
Ex-QGIS project chairman 

> On 5 Jun 2019, at 18:59, Larry Shaffer <[email protected]> wrote:
> 
> Hi Tim,
> 
>> On Mon, Jun 3, 2019 at 10:22 AM Tim Sutton <[email protected]> wrote:
>> Hi All
>> 
>> As explained by the subject line, I would like to reply a QGIS 3.x server 
>> based site where the project uses the QGIS authentication framework to store 
>> user names and password for the database connection in an encrypted manner.
> 
> See these env vars for setting up access to an authentication database from 
> within Server:
> https://github.com/qgis/QGIS/blob/master/src/server/qgsserver.cpp#L234-L238
> 
> I have not tested this with recent QGIS versions, but maybe someone who has 
> worked with Server and the auth system may have (Alessandro?).
> 
> Most non-interactive auth method plugins should work, e.g. Basic, PKI, etc. 
> The OAuth2 auth plugin will not work if using a grant flow that requires 
> interaction; instead, use Resource Owner (the plugin doesn't support Client 
> Credentials grant flow).
> 
> Of course, this means the qgis-auth.db will need pre-populated using QGIS 
> Desktop prior to use by Server. You will probably want to create a new 
> profile, so that no other credentials are stored in the SQLite qgis-auth.db 
> file, or restart QGIS specifically to work on a specific qgis-auth.db file 
> (using option --authdbdirectory <dir>).
>  
>> I have used the authentication manager before on my desktop, but what do I 
>> need to do to set things up in a server environment?
>> 
>> Also the list of supported services in ’Settings->Authentication->Installed 
>> Plugins’ does not currently include Oracle. Did anyone use  the 
>> authentication manager against an Oracle database before?
> 
> I have investigated adding auth support to Oracle in the past, but did have 
> the chance to implement it. Generally, since it uses a QgsDataSourceURI 
> object for configurations, at least the Basic auth method plugin's update 
> function should be easy to adapt:
> https://github.com/qgis/QGIS/blame/master/src/auth/basic/qgsauthbasicmethod.cpp#L87
> 
> This means probably adding a conditional branch based upon oracle provider, 
> similar to what was done for ogr/gdal:
> https://github.com/qgis/QGIS/blame/master/src/auth/basic/qgsauthbasicmethod.cpp#L201-L202
> 
> Then, it is a matter of just integrating the auth updating during Oracle 
> connections (and its pool), and adding the auth widget into the Oracle 
> connection GUI. This would be similar to how Postgres provider was updated to 
> support the auth system.
> 
> Regards,
> 
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
>  
>> Thanks!
>> 
>> Regards
>> 
>> Tim
>> 
>> 
>> 
>> —
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> Tim Sutton
>> 
>> Co-founder: Kartoza
>> Ex Project chair: QGIS.org
>> 
>> Visit http://kartoza.com to find out about open source:
>> 
>> Desktop GIS programming services
>> Geospatial web development
>> GIS Training
>> Consulting Services
>> 
>> Skype: timlinux 
>> IRC: timlinux on #qgis at freenode.net
>> 
>> I'd love to connect. Here's my calendar link to make finding time easy.
>> 
>> _______________________________________________
>> QGIS-Developer mailing list
>> [email protected]
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
_______________________________________________
QGIS-Developer mailing list
[email protected]
List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer

Reply via email to