Hello,
I am trying to set up layer security in GeoServer 2.2.4, but am encountering
some problems.
I want to set access for 15 external (Internet) users on 30 different layers,
where user A is to
have access to layer A1 and A2, user B to access to layer B1 an B2 etc. They
should not be able to see each
other's layers, nor should the general public see any of them. In addition
there are
a number of layers that are to be freely accessible to everybody, and a couple
that are hidden to all except Admin.
All the layers are in the same workspace and the same store.
For the time being I am using default role service, basic authentication, and
have set up a separate
role for each user.
My layers.properties looks like this:
#Fri Apr 05 14:45:16 CEST 2013
*.*.r=*
*.*.w=ADMIN,GROUP_ADMIN
mode=MIXED
FMVA_Natur.sensartA_fl.r=ARolle,GROUP_ADMIN
FMVA_Natur.sensartB_flt.r=BRolle,GROUP_ADMIN
FMVA_Natur.sikretlag.r=ADMIN,GROUP_ADMIN
What happens is that everything looks perfect when I test using QGIS, both from
my Intranet and the
Internet - user A sees layer A and not B, and vice versa. But testing in Gaia
3, ArcGIS or requesting Capabilities in my
Firefox browser, the layers are either open to all these users, or invisible
to everybody. The same thing
happens when one of my external users tests for me (with a proprietary,
Norwegian map program). Both
A and B can see either both layers, or none.
But logging in these users in the GeoServer Admin interface, they cannot even
access Layer Preview for their own
layers, because access is denied for a couple of others (if I understand the
log file right).
Have I done something basically wrong in GeoServer? I have experimented a bit,
but finally followed the
procedure described in Iacovella/Youngbloods "Geoserver beginner's Guide". (Set
up users, groups, roles,
and data rules) But I wonder whether I should use different stores or
workspaces for the different users?
Or is it possible that these user programs formulate requests (or
authentication strings) in different ways, and that
GeoServer cannot interpret them, so that requests from Gaia 3 or ArcGis come
across as anonymous? If so, is
there anything I can do about it in GeoServer? I don't know how to find out
what the requests really look like.
It is difficult to see what is wrong when different tools give different
results, so I would really appreciate it if
somebody has any suggestions.
Best regards,
Lene Halling
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
