unexpected behaviour in layer wise security restrictions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

unexpected behaviour in layer wise security restrictions

Dominik Gärner

Hi, I found some inconsistencies when setting up a security for single layers.

 

What I want is, for a specific role and workspace, to set up something like: “Hide/restrict access to all layers except of…”

 

With a simple set up for the “topp" workspace it would look like this:

*.*.r=*

*.*.w=*

topp.*.r=ADMIN,GROUP_ADMIN

topp.states.r=TEST

mode=HIDE

 

A GetCapabilities request (and also the layer preview in the browser) for a TEST-user looks like what I’d expect: he sees only the topp.states layer from the topp workspace. But the access to it is still restricted, giving me a 404:resource not available.

 

Now, setting the mode=CHALLENGE, I can access topp.states. But this workaround isn’t what I want because it exposes all the layers to a getCapabilities request.

 

Do I misunderstood the security concept or is this a wrong behaviour of Geoserver?

 

Best Regards

Dominik

-- 

Dominik Gärner
GRINTEC GmbH
Anzengrubergasse 6, 8010 Graz, Austria
Tel: +43(316)383706-0
mailto:[hidden email]
http://www.grintec.com

FN 47845k Handelsgericht Graz


------------------------------------------------------------------------------

_______________________________________________
Geoserver-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users