[Mapbender_dev] http_auth wrt layers and wms services

Michael Schulz mschulz at webgis.de
Wed Dec 1 05:13:30 EST 2010

Hi Armin,

yeah, that is true. I also though about adding an additional request
parameter, but this should already be present at the call via the
http_auth url, right? Sth. like .../http_auth/layer/42235 or
.../http_auth/service/34345 maybe? Another option would be to return
the complete service with all layers, when the root layer is requested
and otherwise only the layer and its children. The layer permissions
should be taken into account and not allowed i.e. not activated layers
in a users gui should be omitted.

Actually I like the second option better. I am not sure whether its
useful to return only the requested layer, if that layer has children,
esp. when the requested layer may be only a layer container and could
even not be drawn separately.

Cheers, Michael

Am 1. Dezember 2010 10:20 schrieb Armin Retterath
<armin.retterath at lvermgeo.rlp.de>:
> hi michael,
> we have defined a task for the wheregroup last year, but there are too much
> other things, so this task has not been done til now. we thought about adding
> an additional get parameter to the wms script which control the behaviour. it
> should say s.th. like 'with childs' or 'without'. so you can use it also for
> requesting a special group of layers!
> we must beware of the mapbender proxy authorization, cause it is possible to
> give access to single layers.
> the authorization component looks for guis. if an object with a special id is
> activated in a gui and a user or a group have the right to access this gui,
> the user and/or group have also the right to access the layer/wms thru the
> security proxy. we discussed this approach 2 weeks ago when thinking about
> mapbender30. unfortunately we have no solution til now :-(.
> greetings from koblenz
> armin
> Am Mittwoch 01 Dezember 2010, um 10:05:01 schrieb Michael Schulz:
>> Hi Devs,
>> currently I am testing the http_auth module and I can say it is really
>> cool. I will soon update the wiki page since we discovered, that when
>> using php as a cgi module you will need one additional apache
>> rewriting rule in order for http_auth to work. I have a question,
>> about the general behaviour of the http_auth and the involved wms.php
>> script. Since the module was developped for the Geoportal RLP its
>> paradigm is a layer based approach to generating capabilities
>> documents.
>> In my use case a central mapbender installation shall be used to serve
>> different complete wms-services to the users, that themselves used
>> also either a mapbender or a desktop GIS to consume the services. For
>> this use-case it is not practical to have each layer of a wms served
>> by separate capabilities document.
>> That's why I would like to suggest an additional http_auth
>> configuration parameter in mapbender.conf, that switches between
>> either the layer based approach or a service based approach. In the
>> service based variant when a getcapabilities request is made to any
>> layer of a wms service the complete wms service with all layers is
>> returned to the caller.
>> At a first glance this is only a minimal change (atm if this wms based
>> approach is requested, I just dont append the layer id to the sql
>> querying a wms sublayers, wms.php line 775+), but I'm under the
>> impression that wms.php is currently not able to handle nested layers.
>> Can someone confirm this? If this is the case, I would have to look
>> into wms.php to be able to retrieve also nested layer structures in a
>> wms service, presumbly recursive.
>> Are there any major objections to such a change, because of
>> side-effects I haven't thought of? Armin, what do you think?
>> Cheers, Michael
> --
> Im Auftrag
> --
> Armin Retterath
> Kompetenz- und Geschäftsstelle Geodateninfrastruktur Rheinland-Pfalz
> beim
> Landesamt für Vermessung und Geobasisinformation Rheinland-Pfalz
> Ferdinand-Sauerbruch-Straße 15
> 56073 Koblenz
> Telefon 0261/492-466
> Telefax 0261/492-492
> armin.retterath at lvermgeo.rlp.de
> http://www.geoportal.rlp.de
> _______________________________________________
> Mapbender_dev mailing list
> Mapbender_dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapbender_dev

Michael Schulz
mschulz at webgis.de

in medias res
Gesellschaft für Informationstechnologie mbH

Schwimmbadstraße 2
D-79100  Freiburg i. Br.

Tel:  +49 (0)761 705798-102
Tel:  +49 (0)761 705798-0
Fax: +49 (0)761 705798-09

http://www.webgis.de / http://www.zopecms.de
Geschäftsführer: Stefan Giese, Dr. Christof Lindenbeck
Eingetragen im Handelsregister HRB 5930 beim Amtsgericht Freiburg

More information about the Mapbender_dev mailing list