1

I disable all anonymous requests (WMS/WFS/... ) to my GeoServer, but now I can't access to any layer from my OpenLayers app.

I want to know if it is possible authenticate on my GeoServer via PHP or JavaScript before any OpenLayers request.

If yes, what is the best option? Via PHP cURL, JavaScript or proxy (http://docs.geoserver.org/stable/en/user/security/tutorials/httpheaderproxy/index.html)

nmtoken
13.6k5 gold badges39 silver badges91 bronze badges
asked Jun 27, 2014 at 0:43
2
  • What Proxy are you running? Commented Jun 27, 2014 at 2:39
  • Hi, So far I don't use any proxy, what I have is geoserver running over tomcat and a proxy.cgi script to connect openlayer and geoserver trac.osgeo.org/openlayers/wiki/… Commented Jun 27, 2014 at 14:08

1 Answer 1

2

We do not use GeoServer Authentication, but we do use an ASP version of that Proxy Script we wrote ourselves with some tweaks.

Our script handles the authentication via a Hashtag we included in the WMS Client Calls.

The HashTag is set into a database at the Application Level User Login and removed at LogOut or Timeout. It is sent to the client via Ajax at Client logIn Time as well.

The Hashtag is used only once and is not repeated again for x amount of days. (we use one year)

We use a url format as follows (asp)

http://maps4.markware.net/?" & HashTag & ":-:" & LAYERS=

and parse out the hash between the ? and the :-: in the proxy script, check the tag is valid then rebuild the string to a new valid url pointing to the Geoserver instance.

Of course, you have to handle the return posts from Geoserver and forward back to the client, the script you mentioned handles that.

If your Geoserver Instance is behind the proxy and only accessible via a local lan, then this is all you need, It is secure. If not, you need to set up a firewall rule on the Geoserver machine that only allows port 8080 from your proxy Ip Address.

This way, we do not have to keep track of hosts and we handle authentication at the Application Level. Invalid or no hash tag, no tiles.

We later enhanced our script to load balance over multiple GeoServer Instances and forward some requests to GeoWebCache and some to GeoServer depending on the application requirements. It does give you a great deal of control over your setup!

answered Jun 28, 2014 at 0:52
4
  • Hi Mark C Thanks for you comment, but I don't understant your workflow. So, you use geoserver behind the proxy? Wich proxy ? Also, your ASP script can be done in php? Can you send a example of your script? Best regards Commented Jul 1, 2014 at 21:27
  • Andre, The script IS the proxy itself and a good PHP programmer should be able to make one based on the example you gave. Sorry, our ASP script is commercial and I cannot post it unfortunately. Commented Jul 2, 2014 at 2:36
  • Hi Mark C, I understand, I balieve that I found something like your ASP sctipt groups.google.com/forum/#!msg/geoext-viewer-devel/1Fzhbo8H9Sg/… Best regards Commented Jul 2, 2014 at 10:14
  • Great. Feel free to mark my answer as correct if it helped you and answered the question, Cheers Commented Jul 2, 2014 at 11:47

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.