Thanks all for response.. I've found an alternative solution for that. I authenticate using the standard way with my security-proxy (without javascript) and then all the request have the right header (no need to set manually).
Hi Roald, If I send user and password in the header of the request usually it is visible by all, but not over a HTTPS channel. The parameters cames from the user-input not from source code. And YES there is a solution for managing secured access to geo-services that we are working on, but for now is still in beta testing. It can manage user-group access to many OGC servers and even add geografic permissions and filters on each layer. This year probably we will publish the code. I will inform the list when it will be ready. My Regards Milan M. Antonovic Software Engineer Institute of Earth Sciences (Division of Geomatic) University of Applied Sciences of the South Switzerland - SUPSI Trevano, C.P. 72, CH-6952 Canobbio, SWITZERLAND Web: http://www.ist.supsi.ch 2009/4/29 Roald de Wit <[email protected]> > Hi Milan, > > Even if you could pass the password into the request, this password > could easily be found by anyone by looking at the request or source code. > If you want this to work and keep the password secret, I think you'd > need to pass all your WMS requests (that need authentication) through a > proxy that adds the authentication header before forwarding the request > to the real WMS server. You might even want to use MapServer to do this > for you! > > And yes, wouldn't it be nice if there was an open source identity > management solution out there that can do that? I don't know of any at > the moment. > > Regards, Roald > > > Christopher Schmidt wrote: > >> On Tue, Apr 28, 2009 at 06:45:17PM +0200, Milan Antonovic wrote: >> >> Hi all, >>> I have a question for you.. >>> I would like to set the default header parameter for all the openlayers >>> ajax >>> request, even that used by OpenLayers.Layer.Wms. >>> >>> >> WMS requests don't go through AJAX, so this is not possible in the >> current OpenLayers code. (They are requested via <img>, which does not >> have support for adding headers.) >> >> -- Chris >> >> >> >> That's because I need to set the "Authorization" parameter in the header >>> with user and password for my WMS Layers. >>> >>> I've tried with: >>> >>> OpenLayers.Util.extend( >>> OpenLayers.Request.DEFAULT_CONFIG, >>> { >>> headers: {Authorization: "BASIC " + usrPsw} >>> } >>> ); >>> >>> But when I look at the request header sent it does not appear.. >>> >>> Help [?] >>> >>> my rgds >>> >>> Milan >>> >>> >> >> >> >> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://openlayers.org/mailman/listinfo/users >>> >>> >> >> >> > > -- > Roald de Wit > Software Engineer > [email protected] > > Commercial Support for Open Source GIS Software > http://lisasoft.com/LISAsoft/SupportedProducts/ > > > > The contents of this email are confidential and may be subject to legal or > professional privilege and copyright. No representation is made that this > email is free of viruses or other defects. If you have received this > communication in error, you may not copy or distribute any part of it or > otherwise disclose its contents to anyone. Please advise the sender of your > incorrect receipt of this correspondence. >
_______________________________________________ Users mailing list [email protected] http://openlayers.org/mailman/listinfo/users
