[Geoprisma-users] Security and user authentication - open question
Yves Moisan
yves.moisan at boreal-is.com
Mon Mar 29 08:53:05 EDT 2010
Le 2010-03-29 07:39, paweluz a écrit :
> Hi!
>
> I wrote an application using GWT
> (http://sourceforge.net/projects/gwt-openlayers/), OL2.8, Geoserver2.0.1 and
> PostGIS. The user is able to view, save, delete and modify data using web
> browser. Now I have been thinking about a way to limit the functionality to
> the user.
> For example:
> - only the admin user can modify data.
> - only some users can view the specific layers
> - the anonymous user can just watch few layers
>
Hi Poul,
Exactly what we do with GeoPrisma :-).
> I have been reading about some authentication with geoserver:
> http://docs.geoserver.org/stable/en/user/security/sec_layer.html
>
> I have found information about GeoPrisma in some topic in geoserver forum. I
> have been wondering is there a way to use it in my application. I know that
> that GeoPriosma was written in PHP so I am guessing this is not hood idea in
> my case since I have been writing application in JAVA (GWT).
You can always mix and match languages especially considering you are
accessing those applications developed in diverse programming languages
as services so there is no coupling at the application level provided
you meet the services requirements for input and output. We use
FeatureServer, which is a Python application, as a replacement for the
write capabilities of GeoServer and we may also use the MapFish server
(another Python web application). We're also using the MapFish print
server which is a Java servlet.
>
> I have also been reading that Geoserver has implemented Acegi security. This
> is using basic authorization - but I found out that this is rather not save,
> especially if your application and server is on the different machine.
> I know that Acegi used in Geoserver may work with CAD or LDAP, but it is
> quite difficult to use.
>
> I know this is a really open question, but my programing experience is
> actually a little short, and I would very appreciate any help.
>
> So to sum up:
> - Is there a way to use Geoserver authorization (Acegi) from outside, in
> client application, and is this save enough (this question for users that
> have some experience with geoserver)
> - Is it possible to use GeoPrisma with java technology (GWT) - since it was
> written in PHP??
>
> I am completely new in security subject and I honestly have no idea what to
> choose... Maybe for someone this is really simple...
>
> Regards,
> Poul
>
It's funny at one point in time we as a company have been quite
interested in "securing" GeoServer. At the time, we were almost ready
to help integrate Spring (the new incarnation of Acegi) into GeoServer.
I don't know what the status of this project is nowadays, but I also
recall it was not easy to integrate fine-grained security in GeoServer.
At least not for me. As to your question about Acegi, I doubt you will
find answers on this list. Refer to the GeoServer users list or to a
Java list.
The way I see one could secure GeoServer on the UI side using GeoPrisma
would be to develop a driver for GeoServer in GeoPrisma that would
support WFS-T. The way we secure things is to deny acces to our web
services (MapServer for WMS/WFS) and FeatureServer to write features to
all machines but the server where the GeoPrisma proxy is installed
making it impossible from client computers to directly access the
services. Then we secure an application, basically the UI, with GeoPrisma.
HTH,
Yves
More information about the Geoprisma-users
mailing list