[OpenLayers-Users] Setting default header parameter for all
ajax requests
Milan Antonovic
milan.antonovic at gmail.com
Wed Apr 29 03:24:03 EDT 2009
Thanks all for response..
I've found an alternative solution for that. I authenticate using the
standard way with my security-proxy (without javascript) and then all the
request have the right header (no need to set manually).
Hi Roald,
If I send user and password in the header of the request usually it is
visible by all, but not over a HTTPS channel. The parameters cames from the
user-input not from source code.
And YES there is a solution for managing secured access to geo-services that
we are working on, but for now is still in beta testing.
It can manage user-group access to many OGC servers and even add geografic
permissions and filters on each layer.
This year probably we will publish the code. I will inform the list when it
will be ready.
My Regards
Milan
M. Antonovic
Software Engineer
Institute of Earth Sciences
(Division of Geomatic)
University of Applied Sciences of the South Switzerland - SUPSI
Trevano, C.P. 72, CH-6952 Canobbio, SWITZERLAND
Web: http://www.ist.supsi.ch
2009/4/29 Roald de Wit <roald.dewit at lisasoft.com>
> Hi Milan,
>
> Even if you could pass the password into the request, this password
> could easily be found by anyone by looking at the request or source code.
> If you want this to work and keep the password secret, I think you'd
> need to pass all your WMS requests (that need authentication) through a
> proxy that adds the authentication header before forwarding the request
> to the real WMS server. You might even want to use MapServer to do this
> for you!
>
> And yes, wouldn't it be nice if there was an open source identity
> management solution out there that can do that? I don't know of any at
> the moment.
>
> Regards, Roald
>
>
> Christopher Schmidt wrote:
>
>> On Tue, Apr 28, 2009 at 06:45:17PM +0200, Milan Antonovic wrote:
>>
>> Hi all,
>>> I have a question for you..
>>> I would like to set the default header parameter for all the openlayers
>>> ajax
>>> request, even that used by OpenLayers.Layer.Wms.
>>>
>>>
>> WMS requests don't go through AJAX, so this is not possible in the
>> current OpenLayers code. (They are requested via <img>, which does not
>> have support for adding headers.)
>>
>> -- Chris
>>
>>
>>
>> That's because I need to set the "Authorization" parameter in the header
>>> with user and password for my WMS Layers.
>>>
>>> I've tried with:
>>>
>>> OpenLayers.Util.extend(
>>> OpenLayers.Request.DEFAULT_CONFIG,
>>> {
>>> headers: {Authorization: "BASIC " + usrPsw}
>>> }
>>> );
>>>
>>> But when I look at the request header sent it does not appear..
>>>
>>> Help [?]
>>>
>>> my rgds
>>>
>>> Milan
>>>
>>>
>>
>>
>>
>> _______________________________________________
>>> Users mailing list
>>> Users at openlayers.org
>>> http://openlayers.org/mailman/listinfo/users
>>>
>>>
>>
>>
>>
>
> --
> Roald de Wit
> Software Engineer
> roald.dewit at lisasoft.com
>
> Commercial Support for Open Source GIS Software
> http://lisasoft.com/LISAsoft/SupportedProducts/
>
>
>
> The contents of this email are confidential and may be subject to legal or
> professional privilege and copyright. No representation is made that this
> email is free of viruses or other defects. If you have received this
> communication in error, you may not copy or distribute any part of it or
> otherwise disclose its contents to anyone. Please advise the sender of your
> incorrect receipt of this correspondence.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/openlayers-users/attachments/20090429/81907b26/attachment.html
More information about the Users
mailing list