Hi Chris,
I work for Dorset county council and we are currently using the AUTHKEY plugin
which is available under the community plugins. This is great from an
OpenLayers point of view. With regard to the QGIS users, I setup a separate
role specifically assigned to the username and password which we are using in
QGIS.
Remember, as far as I'm aware, QGIS still stores the password in plain text in
the project files so at present I felt it best to just have one account for all
our QGIS users but I'm aware the role idea is perhaps not so great if you have
hundreds of users.
Andrea, in terms of the monitoring plugin, can it log the user being used for
each request?
I only wondered as the user session is maintained in the background and I'm not
sure it is currently included in the outputs.
I still have not had time to fully review the monitoring plugin but I have been
using the audit log functionality and I have decided that the files it creates
are what I'm after. These can be customised using the FreeMarker templates and
I can then write something my end to summarise the data.
This raises three questions:
1) Can you add the logged in user to the audit role?
2) Could you just have the audit role? (i.e. no other monitoring
plugin options just audit role files)
3) If you can do point 1, would this help Chris solve his issues
if he was using a specific user account for QGIS?
Cheers,
Paul
------------------------------
Message: 2
Date: Mon, 1 Aug 2016 08:02:01 +0000
From: Chris Buckmaster <[email protected]>
Subject: Re: [Geoserver-users] Geosever security - WFS / WMS services
and Openlayers
To: Andrea Aime <[email protected]>
Cc: "[email protected]"
<[email protected]>
Message-ID:
<0ae8eab40c6d4d439cc65cf2257093a0805aa...@rbcex01.civicoffices.runnymede.gov.uk>
Content-Type: text/plain; charset="utf-8"
Thank you Andrea, I will investigate this.
From: [email protected] [mailto:[email protected]] On Behalf Of Andrea
Aime
Sent: 29 July 2016 16:38
To: Chris Buckmaster
Cc: [email protected]
Subject: Re: [Geoserver-users] Geosever security - WFS / WMS services and
Openlayers
Hi Chris,
openlayers and the desktop clients are making pretty much the same OGC
requests, so I don't believe you can tell them apart using the built-in
authorization mechanism.
But the mechanism is pluggable, so you could write your own that checks the
incoming requests for hints... hard to find a solid solution, but some ideas
off the top of my head (warning, only thought about it a split minute):
* Desktop clients _may_ setup the "user agent" HTTP header in a way that can be
recognized, or you
could just whitelist the user agents of most browsers (mind, you might end
up blocking uncommon browsers in the process, and possibly the ones in
incognito mode too)
* If the openlayers based client is written by you, you could add an extra
vendor parameter to the GetMap requests, it's normally
hard/impossible to make common desktop clients to do the same.
Both approaches are weak against someone resourceful writing his own client and
spoofing the right params/user agent values by examining your web client of
course.
Cheers
Andrea
On Fri, Jul 29, 2016 at 5:06 PM, Chris Buckmaster
<[email protected]<mailto:[email protected]>>
wrote:
Hi
I am running Geoserver version 2.5 and have an Openlayers 3 web map application
which accesses some WMS and WFS services from the Geoserver instance.
At the moment I haven?t configured any authentication so it is running the
default settings.
What I would like is to allow this to continue so my Openlayers application has
full access to all of the layers on Geoserver, but for anyone accessing my WMS
/ WFS (i.e through QGIS), I would like to include a username / password or
restrict the layers visible through these services.
I have had a quick look the manual trying to understand how this works but
cannot seem to grasp it ? I know there are authentication settings within the
web interface, but would these not be for the whole of Geoserver? How am I able
to allow access to my Openlayers application, but also restrict access to the
WFS / WMS services for desktop users wanting to view my services?
Thanks, Chris
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo
? consentito esclusivamente al destinatario del messaggio, per le finalit?
indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne
il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di
procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro
sistema. Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalit? diverse,
costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the
attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act (Legislative
Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in
accord with its purpose, any disclosure, reproduction, copying, distribution,
or either dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the intended
recipient, please contact immediately the sender by telephone, fax or e-mail
and delete the information in this message that has been received in error. The
sender does not give any warranty or accept liability as the content, accuracy
or completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
-------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------------------------------------------------------
------------------------------
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
End of Geoserver-users Digest, Vol 123, Issue 1
***********************************************
"This e-mail is intended for the named addressee(s) only and may contain
information about individuals or other sensitive information and should be
handled accordingly. Unless you are the named addressee (or authorised to
receive it for the addressee) you may not copy or use it, or disclose it to
anyone else. If you have received this email in error, kindly disregard the
content of the message and notify the sender immediately. Please be aware that
all email may be subject to recording and/or monitoring in accordance with
relevant legislation."
------------------------------------------------------------------------------
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
