[GeoNode-devel] Securely using Geoserver rest api with no Geoserver admin credentials Recibidos
Gonzalo Varela
gonzalo.varela1981 at gmail.com
Tue Apr 26 11:43:01 PDT 2022
Hi, this is my first interaction with Geonode developer mailing list.
I'd like to find a secure way for non-admin Geonode users to use Geoserver
REST API from external applications (python scripts, jupyter notebooks,
maybe mapstore or others).
Can you tell me if there is a security issue with my approach ?
A little context:
I'm currently using geoserver-restconfig lib to allow external applications
do the following:
- upload raster layers
- upload vector layers
- upload time-series layers
- edit layer style
- download layers
To do that I need to authenticate to geoserver with admin privileges.
Today I'm struggling with the requirement of allowing non-admin Geonode
users to do such things from external applications.
I've found Geonode is proxying some Geoserver REST functionalities using
either geoserver_proxy or geoserver_protected_proxy functions on
/geoserver/views.py
Some examples of these functionalities I mentioned are:
- Style editing from mapstore performs a request to
/gs/rest/workspaces/<workspace>/styles/<layer>?access_token=<token>
- WPS requests
I'm evaluating to expose geoserver_protected_proxy function, and use it to
allow logged in Geonode users to:
- create a REST request using geserver-restconfig lib
- send the request to Genode's geoserver_protected_proxy view method
- have geoserver_protected_proxy redirect to Geoserver REST API
- verify action performed succesfully (layer creation, style update and
others)
I believe this is the most clean and secure way to achieve this
functionality, If someone detects a flaw, security issue or a better way to
procue a similar result I'll be most grateful to hear you out.
Thanks in advance !
Gonzalo Varela
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20220426/79583c42/attachment.html>
More information about the geonode-devel
mailing list