Hello everyone, I'm having issues with GeoServer layer security and layer groups. I would like to have a global rule to prevent unauthenticated users access, and then manually designate layers, layer groups and workspaces that unauthenticated users can read. My problem is that layer groups are not returned in the GetCapabilities request for unauthenticated users despite giving read access.
I tested this with GS 2.15.0 on W10 using the Windows installer and default data. I created a "tasmania_group" layer group inside the topp workspace. The layer group mode is single and the layer group contains only the topp:tasmania_roads layer with the CRS and bounds properly set. I have the following rules in layers.properties: *.*.r=ROLE_AUTHENTICATED,GROUP_ADMIN,ADMIN # prevent unauthenticated users from reading anything *.*.w=GROUP_ADMIN,ADMIN topp.*.*r=* # allow everyone to read the topp workspace tasmania.r=* # allow everyone to read the global layer group tasmania that comes in default datadirectory topp.tasmania_group.r=* # allow everyone to read the layer group I created mode=HIDE # hide layers user does not have read access to WMS GetCapabilities request returns all layers in topp workspace for unauthenticated users, and all layers for authenticated users. However, the layer groups are not included in the GetCapabilities response for unauthenticated users. Unauthenticated users can still do GetMap requests for tasmania and topp:tasmania_group layer groups without issues. How could I get the layer groups to appear in GetCapabilities response for unauthenticated users? Using CHALLENGE mode is unfortunately not a suitable option for my use case. I have a feeling I'm missing something, but I couldn't find an answer in the documentation. Thank you in advance for any help and suggestions. Best regards, Mikael Vaaltola Gispo Oy
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
