[mapserver-users] Spatial access restriction based on "secret" in URL, WMS Getcapabilities

Dan Little theduckylittle at gmail.com
Sat Jan 10 05:07:41 PST 2015


If you launder everything through a script (in any of your favorite
languages) you can capture the output stream before you send it back
to the user.  When my Mapserver-fu runs out I tend to go with
scripting.

On Sat, Jan 10, 2015 at 6:55 AM, Arne Kepp <arne at tiledmarble.org> wrote:
> If I go with environment variables and 1), how do I get SECRET_CODE into the
> URLs in the GetCapabilities document ?
>
> I'm assuming I need to modify wms_onlineresource ?
>
>
> It would be really cool if .map files automatically substituted $variables
> in general, beyond what [1] covers.
>
> -Arne
>
> 1: https://trac.osgeo.org/mapserver/wiki/EnvironmentVariables
>
>
>
>
> On 10/01/15 13:30 , Dan Little wrote:
>>
>> I'd probably do something with a script and some URL rewriting.
>>
>> For example, a URL like...
>> - http://myserver.whee/path/SECRET_CODE/mapserv?[WMS parameters]
>>
>> Then do the following:
>> 1. Low-buck: Use apache rewrite rules to set an environment variable.
>> Then use the environment variable for my substitutions.
>> 2. Using WSGI (I'm a python kind of guy): Parse the URL to get the
>> secret to do the limiting.
>>
>> Really this kind of stuff is always application specific, and you are
>> ultimately the person who needs to maintain it, so stick to what
>> you'll be able to understand 6-months after you've implemented it. :-)
>>
>>
>> On Sat, Jan 10, 2015 at 5:41 AM, Arne Kepp <arne at tiledmarble.org> wrote:
>>>
>>> Hi,
>>>
>>> I would like to restrict different users to different geographic regions
>>> based on a secret in the URL they are using to access MapServer.
>>>
>>> I intend to use an inner join on a table with secrets / polygons, and
>>> then
>>> use the run-time substitution in MapServer to insert the sanitized secret
>>> into the Postgis query.
>>>
>>> The crux, I think, is that I have to send WMS 1.3.0 GetCapabilities URLs
>>> to
>>> our users. And I don't think I can make the getcapabilties document
>>> include
>>> the (variable) secret in the OnlineResource elements ?
>>>
>>> So I am thinking about writing a wrapper that rewrites the
>>> GetCapabilities
>>> document on the fly. My question is, is there a better way that I have
>>> not
>>> thought of?
>>>
>>> Kind regards,
>>> Arne
>>>
>>> _______________________________________________
>>> mapserver-users mailing list
>>> mapserver-users at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>
>



More information about the MapServer-users mailing list