[Mapbender_dev] http_auth wrt layers and wms services

Armin Retterath armin.retterath at lvermgeo.rlp.de
Wed Dec 1 04:20:25 EST 2010

hi michael,

we have defined a task for the wheregroup last year, but there are too much 
other things, so this task has not been done til now. we thought about adding 
an additional get parameter to the wms script which control the behaviour. it 
should say s.th. like 'with childs' or 'without'. so you can use it also for 
requesting a special group of layers! 
we must beware of the mapbender proxy authorization, cause it is possible to 
give access to single layers.
the authorization component looks for guis. if an object with a special id is 
activated in a gui and a user or a group have the right to access this gui, 
the user and/or group have also the right to access the layer/wms thru the 
security proxy. we discussed this approach 2 weeks ago when thinking about 
mapbender30. unfortunately we have no solution til now :-(.

greetings from koblenz

Am Mittwoch 01 Dezember 2010, um 10:05:01 schrieb Michael Schulz:
> Hi Devs,
> currently I am testing the http_auth module and I can say it is really
> cool. I will soon update the wiki page since we discovered, that when
> using php as a cgi module you will need one additional apache
> rewriting rule in order for http_auth to work. I have a question,
> about the general behaviour of the http_auth and the involved wms.php
> script. Since the module was developped for the Geoportal RLP its
> paradigm is a layer based approach to generating capabilities
> documents.
> In my use case a central mapbender installation shall be used to serve
> different complete wms-services to the users, that themselves used
> also either a mapbender or a desktop GIS to consume the services. For
> this use-case it is not practical to have each layer of a wms served
> by separate capabilities document.
> That's why I would like to suggest an additional http_auth
> configuration parameter in mapbender.conf, that switches between
> either the layer based approach or a service based approach. In the
> service based variant when a getcapabilities request is made to any
> layer of a wms service the complete wms service with all layers is
> returned to the caller.
> At a first glance this is only a minimal change (atm if this wms based
> approach is requested, I just dont append the layer id to the sql
> querying a wms sublayers, wms.php line 775+), but I'm under the
> impression that wms.php is currently not able to handle nested layers.
> Can someone confirm this? If this is the case, I would have to look
> into wms.php to be able to retrieve also nested layer structures in a
> wms service, presumbly recursive.
> Are there any major objections to such a change, because of
> side-effects I haven't thought of? Armin, what do you think?
> Cheers, Michael

Im Auftrag
Armin Retterath

Kompetenz- und Geschäftsstelle Geodateninfrastruktur Rheinland-Pfalz
Landesamt für Vermessung und Geobasisinformation Rheinland-Pfalz

Ferdinand-Sauerbruch-Straße 15
56073 Koblenz
Telefon 0261/492-466
Telefax 0261/492-492
armin.retterath at lvermgeo.rlp.de

More information about the Mapbender_dev mailing list