[Qgis-user] qGIS and GeoServer security

Jeff Dege jeff.dege at korterra.com
Thu Mar 24 11:13:21 PDT 2011 

I'm playing around with the security settings on a GeoServer site.

In GeoServer, I can set the "Catalog mode":
Catalog mode configuration - mode=HIDE|CHALLENGE|MIXED
Set the catalog mode level
hide (default): does not show to the user the layers that he cannot access, behaves as if a layer was read only if the user does not have write permissins. The capabilities document do not contain the clayers the current user cannot access to. This is the highest security mode, it assumes a privileged user has logged in before showing him the secured layers. Because of this, it does not work very well with clients such as uDig or Google Earth, where the authentication dialog pops up only if the server returns a HTTP 401 after attempting to access a secured resource.
challenge: allows free access to metadata, any attempt at accessing actual data is metby a HTTP 401 code that forces most clients to show an authentication dialog. The capabilities do contain the full list of layers, DescribeFeatureType and DescribeCoverage do work fine, the first attempt to access the actual data without the necessary privileges is met with a 401 error. This mode works fine with capabilities driven clients such as uDig, and with any client that needs a 401 in order to trigger an authentication dialog.
mixed: hides the layers the user cannot read from the capabilities, but triggers authentication for any other attempt to access the data or the metadata. Useful if you don't want the world to see the very existence of some of your data, but you still want selected people whom you give direct data access links to get the data after authentication.
When I set the mode to challenge, and do a Connect from the "Add Layer(s) from a Server" dialog, I see all the layers.  If I try to add one to the map, I get a "Enter Credentials" dialog, where I can enter Username and Password, and if correct I see the layer in the map.

When I set the mode to hide, and do a Connect, I don't see the layers.

But here's the thing.  All of the above is with the User name and Password fields of the "Create a new WMS connection" dialog blank.  And the above is the behavior I'd expect, with those fields blank.

But if I fill in username and password, in the connection dialog, I still get the same behavior.  I'd expect to be able to see the authenticated-only layers, in the getCapabilities XML, and hence in the layer list in the qGIS dialog, if the user name and password are correct.  I'm not seeing that.

In fact, it looks as if it makes no difference whatsoever whether I enter a username and password when defining a WMS connection.

Am I misunderstanding what the username and password fields are for?  Or are they not working?  Or is GeoServer handling something incorrectly?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20110324/6fd68d4f/attachment.html>

More information about the Qgis-user mailing list