Thanks all for response..<br>I've found an alternative solution for that. I authenticate using the standard way with my security-proxy (without javascript) and then all the request have the right header (no need to set manually).<br>
<br>Hi Roald,<br>If I send user and password in the header of the request usually it is visible by all, but not over a HTTPS channel. The parameters cames from the user-input not from source code.<br><br>And YES there is a solution for managing secured access to geo-services that we are working on, but for now is still in beta testing. <br>
It can manage user-group access to many OGC servers and even add geografic permissions and filters on each layer.<br>This year probably we will publish the code. I will inform the list when it will be ready.<br><br>My Regards <br>
<br> Milan<br><br><font style="color: rgb(102, 102, 102);" size="1">M. Antonovic<br>Software Engineer</font><font style="color: rgb(102, 102, 102);" size="1"></font><br><font style="color: rgb(102, 102, 102);" size="1">Institute of Earth Sciences</font><font style="color: rgb(102, 102, 102);" size="1"><br>
(Division of Geomatic)</font><br><font style="color: rgb(102, 102, 102);" size="1">University of Applied Sciences
of the South Switzerland - SUPSI<br>Trevano, C.P. 72, CH-6952 Canobbio,
SWITZERLAND<br>Web: <a href="http://www.ist.supsi.ch/" target="_blank">http://www.ist.supsi.ch</a><br></font><br><br><div class="gmail_quote">2009/4/29 Roald de Wit <span dir="ltr"><<a href="mailto:roald.dewit@lisasoft.com">roald.dewit@lisasoft.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi Milan,<br>
<br>
Even if you could pass the password into the request, this password<br>
could easily be found by anyone by looking at the request or source code.<br>
If you want this to work and keep the password secret, I think you'd<br>
need to pass all your WMS requests (that need authentication) through a<br>
proxy that adds the authentication header before forwarding the request<br>
to the real WMS server. You might even want to use MapServer to do this<br>
for you!<br>
<br>
And yes, wouldn't it be nice if there was an open source identity<br>
management solution out there that can do that? I don't know of any at<br>
the moment.<br>
<br>
Regards, Roald<div><div></div><div class="h5"><br>
<br>
Christopher Schmidt wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Tue, Apr 28, 2009 at 06:45:17PM +0200, Milan Antonovic wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br>
I have a question for you..<br>
I would like to set the default header parameter for all the openlayers ajax<br>
request, even that used by OpenLayers.Layer.Wms.<br>
<br>
</blockquote>
<br>
WMS requests don't go through AJAX, so this is not possible in the<br>
current OpenLayers code. (They are requested via <img>, which does not<br>
have support for adding headers.)<br>
<br>
-- Chris<br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
That's because I need to set the "Authorization" parameter in the header<br>
with user and password for my WMS Layers.<br>
<br>
I've tried with:<br>
<br>
OpenLayers.Util.extend(<br>
OpenLayers.Request.DEFAULT_CONFIG,<br>
{<br>
headers: {Authorization: "BASIC " + usrPsw}<br>
}<br>
);<br>
<br>
But when I look at the request header sent it does not appear..<br>
<br>
Help [?]<br>
<br>
my rgds<br>
<br>
Milan<br>
<br>
</blockquote>
<br>
<br>
<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@openlayers.org" target="_blank">Users@openlayers.org</a><br>
<a href="http://openlayers.org/mailman/listinfo/users" target="_blank">http://openlayers.org/mailman/listinfo/users</a><br>
<br>
</blockquote>
<br>
<br>
<br>
</blockquote>
<br>
<br>
--<br></div></div>
Roald de Wit<br>
Software Engineer<br>
<a href="mailto:roald.dewit@lisasoft.com" target="_blank">roald.dewit@lisasoft.com</a><br>
<br>
Commercial Support for Open Source GIS Software<br>
<a href="http://lisasoft.com/LISAsoft/SupportedProducts/" target="_blank">http://lisasoft.com/LISAsoft/SupportedProducts/</a><br>
<br>
<br>
<br>
The contents of this email are confidential and may be subject to legal or professional privilege and copyright. No representation is made that this email is free of viruses or other defects. If you have received this communication in error, you may not copy or distribute any part of it or otherwise disclose its contents to anyone. Please advise the sender of your incorrect receipt of this correspondence.<br>
</blockquote></div><br>