Is it possible to adjust GeoServer in a way to block GeoServer-users' access to specific folders in the data directory? (I mean the actual folders on the computer drive where the shapefiles are physically stored)
I ask this question because of the following problem:
I have several users logging to the running GeoServer. When loading shapefiles (using "add store") they must not be able to access the shapefiles which do not belong to them. It seems that GeoServer do not work with the security rules of the host network (i.e. NTFS in this case).
I am not a security expert. I am familiar with the subject as much I usually need it.
Answer
By Specifying NTFS, I assume you are on a Windows Server, or other Windows Computer.
I would recommend creating a separate Directory for each user where they then can upload their shape files. Point Geoserver to those individual shape files in each store. Use System Policies to specify ACL's and Directory Permissions (Standard Windows Security) to restrict their access to only their directory. You could also make the data Directory their "Home Directory" for their login if you are not running a Server Version of Windows.
For this to work, each user will need their own Login and you must make sure that the Geoserver Service or Logged in User if not running as a service has Read/Write permissions on those directories as well.
The shape Files do NOT have to reside in the Geoserver Data Directory, they can be anywhere on your file system.
The URL for the file in the store would look like this:
file://\ShapeFles\JohnSmith\basemap.xyz
I don't think I was ever able to get the URL to be able to point to a UNC Path or another Drive, but it certainly works on the same drive where the GeoServer data directory resides. Later versions of GeoServer may allow UNC paths, I have not tried.
No comments:
Post a Comment