PROXY V2 : authentication and policy configuration
I'm trying to relay a geoserver wms with a configuration applying specific policy access rules. Below is my simple policy file :
<?xml version="1.0" encoding="UTF-8"?> <PolicySet> <Policy Id="testPolicy" ConfigId="localwms"> <Servers All="false"> <Server> <url>http://localhost:8080/geoserver/wms</url> <Prefix>ogo</Prefix> <Namespace>http://geosysin.iict.ch/ogo</Namespace> <Layers All="false"> <Layer> <Name>ogo:node_trace</Name> </Layer> </Layers> </Server> </Servers> <Subjects All="true"> </Subjects> <Operations All="true"/> <AvailabilityPeriod> <Mask>d-mm-yyyy</Mask> <From> <Date>28-01-2008</Date> </From> <To> <Date>28-01-2108</Date> </To> </AvailabilityPeriod> <ImageSize/> </Policy> </PolicySet>
As you can see, it's a wide open access for all subjects allowing all operations, and I get a nice capabilities file when requesting http://localhost:8080/proxy/ogc/localwms?request=GetCapabilities (even without giving any authentification Joomla user/passwd, is this normal by the way ?)
Now, let's say I reduce the access by allowing only one Joomla user :
<Subjects All="false"> <User>olivier</User> </Subjects>
BUT I'm still able to get the capabilities file without any authentication (I shouldn't) !
Let's now restart my tomcat6 and retry the GetCapabilities ... now I get : org.easysdi.proxy.exception.PolicyNotFoundException: No policy found. Ok, restarting the server may have refresh something and now it is no more a wide open access.
BUT when doing a request with an authentication corresponding to my only allowed user (http://olivier:passwd@localhost:8080/proxy/ogc/localwms?request=GetCapabilities), it is the same, No policy found (I should have access with this user).
In conclusion there is something wrong here.
Does someone face the same problem and/or can someone help ?
- I use Apache Tomcat 6.0.26
- I edit policies by hand because of Joomla UI problems previously identified
- I do my requests with Firefox being carefull with client-side cache effect
Thanks in advance,
We just opened a ticket about this issue : http://forge.easysdi.org/issues/406
We realized that the PROXY do not manage properly HTTP 401 error and need some extra code to do it properly.
It will be done in the next weeks and next release of PROXY will contain the corrections.
Good news, this issue is solved with last PROXY release 2.2.0.
Download it here : http://forge.easysdi.org/projects/proxy/files