From: Micka <mic...@gm...> - 2011-09-30 08:59:32
|
Hi everyone, I would like to know if the problem of GWC security have been fixed ? Or do you have a solution to fix it ? What should I do ? The problem that I discovered is also reported here : http://osgeo-org.1803224.n2.nabble.com/GeoWebCache-integration-in-geoserver-and-security-td6124001.html In fact, when the request is not cached, GWC connect with geoserver and the layer is displayed only if the user give the correct credentials (geoserver is working as expected, serving only layers authorized for the current user). But if the request is already cached, GWC will not contact Geoserver and it will replies to the client with the layer in cache even if the user doesn't give the credentials. So even a client without the credentials will have access to the layers cached in GWC, and bypass any security measure. Thanks, |