Sunday, 25 November 2018

GeoServer and OpenLayers in production - Securing WMS calls?


I've a mapping site where users have to login in with username and password. Once logged in the user gets a map of their data using WMS and WFS to display and edit data. This data is served using GeoServer and displayed using OpenLayers. The WMS on the layer is secured using a username\password. I've seen similar questions to this but basically I want to access the secured layers via WMS without exposing my username\password. Any advice\clarity would be appreciated - my own thoughts are as follows:



  1. User logs in to website.

  2. WMS request using HTTPS for their specific information - uses some filter based upon who they are.


  3. How do I send this filter without exposing it in the WMS call?

  4. How do I send username\password without exposing it in WMS call?


Theres lots of talk about reverse proxies - do I send the WMS request with no username\password then when the request reaches the proxy I validate the user then modify the request by adding the WMS username\password using the reverse proxy. If so dont I still need to send some identifier to determine who sent the request or will the proxy knows this due to the users session?


Basically any help would be appreciated



Answer



how about this: http://osgeo-org.1560.x6.nabble.com/Load-GeoServer-WMS-secured-layers-with-OpenLayers-td3919938.html, basically it uses a proxy script to do what you need.


No comments:

Post a Comment

arcpy - Changing output name when exporting data driven pages to JPG?

Is there a way to save the output JPG, changing the output file name to the page name, instead of page number? I mean changing the script fo...