Menu
▾
▴
Re: [Geoserver-devel] Using geoserver like spatial proxy
|
From: Jim H. <jn...@cc...> - 2016-05-23 12:11:44
|
Hi Jorge, It sounds like you have two broad tasks: 1) managing layers (while respecting user roles provided by LDAP), and 2) viewing and updating data. Building on what Andrea mentioned, if LDAP is your role management process, you may need to configure certain LDAP users/groups to have the GeoServer admin role. At the moment, what happens when you log into the GeoServer web UI with your ldap credentials? (I have experimented with this with PKI certs, so that may be a bad question.) Once security is handled, you might look at the existing QGIS GeoServer plugin (1). It'll may require some updates based on the LDAP security concerns. For the second I believe QGIS supports WFS-T for layers registered through WFS. Any layer registration from the GeoServer plugin would likely use this approach, so you might just have to test out making edits and saving them. Cheers, Jim 1. http://blog.geoserver.org/2015/12/23/geoserver-explorer-plugin-for-qgis/ Source: https://github.com/boundlessgeo/qgis-geoserver-plugin Docs: http://boundlessgeo.github.io/qgis-geoserver-plugin/index.html https://plugins.qgis.org/plugins/geoserverexplorer/ On 5/23/2016 7:58 AM, Andrea Aime wrote: > Hi Jorge, > as far as I know (but I have vague memories) the REST API right now > demands admin rights to be accessed, and the > rest.properties file does little or nothing in that regard, e.g. one > cannot open the REST api to non admin users. > I believe this changed when per workspace services where introduced... > if this is confirmed we might want to just > drop the documentation for rest.properties. > > I've cc'ed Justin, hopefully he's got a more precise idea of what's > going on here > > Cheers > Andrea > > > On Mon, May 23, 2016 at 1:46 PM, Jorge Infante <jol...@gm... > <mailto:jol...@gm...>> wrote: > > Hi. > I'm trying to work in a plugin for qgis, using geoserver as a > proxy to spatial layers. > I did check the rest api, but, this interface only works for > internal users (like admin/geoserver). > I need connect from the qgis using ldap authentication (like the > web application). > I did check if I use the code: > > cat=Catalog("http://"+ip+":8080/geoserver/rest/", "jinfant0", > myldappass) > > The geoserver code are validating with ldap my user & pass (I did > debug to code): > > 23 may 07:07:56 DEBUG [geoserver.security] - ==========on > guavaAuthenticationCacheImpl.put(basic,jinfant0:570d0722c55d10f77243dfd1d8f00e77,org.springframework.security.authentication.UsernamePasswordA > uthenticationToken@4aff155f: Principal: > org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@aff52e97: > Dn: uid=jinfant0,ou=cuentas,dc=rosario,dc=gov,dc=ar; Username: > jinfant0; Password: [ > PROTECTED]; Enabled: true; AccountNonExpired: true; > CredentialsNonExpired: true; AccountNonLocked: true; Granted > Authorities: ROLE_ADMINISTRATOR, ROLE_CARTOGRAFIA_RO, > ROLE_GROUP_ADMIN; Credentials: [PROTECTED]; Authenticated: true; > Details: > org.geoserver.security.filter.GeoServerWebAuthenticationDetails@957e: > RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: > ROLE_AUTHENTICATED, ROLE_ADMINISTRATOR, ROLE_CARTOGRAFIA_RO, > ROLE_GROUP_ADMIN,etc)========== > 23 may 07:07:56 DEBUG [geoserver.security] - AuthenticationCache > adding new entry for basic, jinfant0:570d0722c55d10f77243dfd1d8f00e77 > 23 may 07:07:56 DEBUG [geoserver.security] - Cache entries #: 0 > 23 may 07:07:56 DEBUG [geoserver.security] - AuthenticationCache > added new entry for basic, jinfant0:570d0722c55d10f77243dfd1d8f00e77 > 23 may 07:07:56 DEBUG [geoserver.security] - Cache entries #: 1 > > But, then, the rest code are using authorization information from > rest.properties (RESTAccessRuleDAO.java) > The web app code are using authorization information from > layers.properties (DataAccessRuleDAO). On this file, I have: > > muni.*.w=ROLE_CARTOGRAFIA_RW > muni.manzanas.r=ROLE_CARTOGRAFIA_RO > mode=HIDE > > Then, we have two worlds to access same data. > I'd like, from a plugin on qgis: > * Get list of layers authorized to authenticaded user (using the > value for "mode=" in the layers.properties). > * Get layers for read using wfs or wms methods. > * Update elements of layers, using wfs-t methods. > * Another similar things. > > I did try using the csw catalog, but, this, don't user the > authentication methods. > > My boss don't enable to use my spatial database open to network. > Then, I need use geoserver to access to it. > > Can you help me about where I can go with it? > > PD: If necessary, I can help with the adequacy of the code. > > TIA > jorge infante > rosario - santa fe - argentina > > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition > of MDM > restrictions. Mobile Device Manager Plus allows you to control > only the > apps on BYO-devices by containerizing them, leaving personal data > untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > Geoserver-devel mailing list > Geo...@li... > <mailto:Geo...@li...> > https://lists.sourceforge.net/lists/listinfo/geoserver-devel > > > > > -- > == > GeoServer Professional Services from the experts! Visit > http://goo.gl/it488V for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via di Montramito 3/A > 55054 Massarosa (LU) > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > *AVVERTENZE AI SENSI DEL D.Lgs. 196/2003* > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i sono da considerarsi strettamente riservate. > Il loro utilizzo è consentito esclusivamente al destinatario del > messaggio, per le finalità indicate nel messaggio stesso. Qualora > riceviate questo messaggio senza esserne il destinatario, Vi preghiamo > cortesemente di darcene notizia via e-mail e di procedere alla > distruzione del messaggio stesso, cancellandolo dal Vostro sistema. > Conservare il messaggio stesso, divulgarlo anche in parte, > distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità > diverse, costituisce comportamento contrario ai principi dettati dal > D.Lgs. 196/2003. > > The information in this message and/or attachments, is intended solely > for the attention and use of the named addressee(s) and may be > confidential or proprietary in nature or covered by the provisions of > privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New > Data Protection Code).Any use not in accord with its purpose, any > disclosure, reproduction, copying, distribution, or either > dissemination, either whole or partial, is strictly forbidden except > previous formal approval of the named addressee(s). If you are not the > intended recipient, please contact immediately the sender by > telephone, fax or e-mail and delete the information in this message > that has been received in error. The sender does not give any warranty > or accept liability as the content, accuracy or completeness of sent > messages and accepts no responsibility for changes made after they > were sent or for other risks which arise as a result of e-mail > transmission, viruses, etc. > > > ------------------------------------------------------- > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > > > _______________________________________________ > Geoserver-devel mailing list > Geo...@li... > https://lists.sourceforge.net/lists/listinfo/geoserver-devel |
