Problem with Geoserver WMS / WFS

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problem with Geoserver WMS / WFS

Fred Lehodey
Hi,
(thanks for all 52 N projects..)

sorry if this is a stupid question but:

- when I define an <EnforcementPoint> in security-config.xml for a geoserver WMS (endPointType="WMS"), I can access without any restriction of all layers using WFS  (including WFS-T !!)

- in the same way, If I configure a WFS security (endPointType="WFS") with layer restriction (in permissions.xml), I can access to all layers via WMS.

How can I avoid this and control WMS and WFS services with distinct behavior ?

Thanks for any help.
Regards,
Fred




_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Jan Drewnak
Fred,

how does a sample GetCapabilities request URL look like in your case?


Regards,

  Jan

----------------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 3:47 PM
To: Jan Drewnak (52north)
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
(not sure this is the best way to know the version, but:)  :)
in my pom.properties, I have:
version=2.2.0-alpha-1

thanks,
Fred



On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Hi Fred,

which version of the WSS are you using?


Best regards,

 Jan


--------------

From: [hidden email] [mailto:[hidden email]] On Behalf Of Fred Lehodey
Sent: Monday, June 06, 2011 3:30 PM
To: [hidden email]
Subject: [52N Security] Problem with Geoserver WMS / WFS

Hi,
(thanks for all 52 N projects..)

sorry if this is a stupid question but:

- when I define an <EnforcementPoint> in security-config.xml for a geoserver WMS (endPointType="WMS"), I can access without any restriction of all layers using WFS  (including WFS-T !!)

- in the same way, If I configure a WFS security (endPointType="WFS") with layer restriction (in permissions.xml), I can access to all layers via WMS.

How can I avoid this and control WMS and WFS services with distinct behavior ?

Thanks for any help.
Regards,
Fred


_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Fred Lehodey
Jan,
thanks for reply.

- getCap_GeoServ.xml come from a request directly to geoserver
- getCap_52N.xml  is returned by 52N, with just one layer, as configured in permissions.xml....  
this fine and perfect, as expected, using, for example, QuantumGIS for tests.

But, also with QuantumGIS and the WFS plugin, I can see (and edit) all layers via WFS. And that is not expected.. ;)

I am probably doing something wrong... but..... :(

Best regards
Fred




On Mon, Jun 6, 2011 at 3:15 PM, Jan Drewnak <[hidden email]> wrote:
Fred,

how does a sample GetCapabilities request URL look like in your case?


Regards,

 Jan

----------------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 3:47 PM
To: Jan Drewnak (52north)
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
(not sure this is the best way to know the version, but:)  :)
in my pom.properties, I have:
version=2.2.0-alpha-1

thanks,
Fred



On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Hi Fred,

which version of the WSS are you using?


Best regards,

 Jan


--------------

From: [hidden email] [mailto:[hidden email]] On Behalf Of Fred Lehodey
Sent: Monday, June 06, 2011 3:30 PM
To: [hidden email]
Subject: [52N Security] Problem with Geoserver WMS / WFS

Hi,
(thanks for all 52 N projects..)

sorry if this is a stupid question but:

- when I define an <EnforcementPoint> in security-config.xml for a geoserver WMS (endPointType="WMS"), I can access without any restriction of all layers using WFS  (including WFS-T !!)

- in the same way, If I configure a WFS security (endPointType="WFS") with layer restriction (in permissions.xml), I can access to all layers via WMS.

How can I avoid this and control WMS and WFS services with distinct behavior ?

Thanks for any help.
Regards,
Fred




_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org

getCap_52N.xml (11K) Download Attachment
getCap_GeoServ.xml (53K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Jan Drewnak (52north)
Hi Fred,

Could you please send the WSS log file and the WFS permissions as defined in the permissions.xml file (if they don't contain any secret information)?


Jan


----
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 4:42 PM
To: [hidden email]
Cc: Jan Drewnak
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
thanks for reply.

- getCap_GeoServ.xml come from a request directly to geoserver
- getCap_52N.xml  is returned by 52N, with just one layer, as configured in permissions.xml....  
this fine and perfect, as expected, using, for example, QuantumGIS for tests.

But, also with QuantumGIS and the WFS plugin, I can see (and edit) all layers via WFS. And that is not expected.. ;)

I am probably doing something wrong... but..... :(

Best regards
Fred



On Mon, Jun 6, 2011 at 3:15 PM, Jan Drewnak <[hidden email]> wrote:
Fred,

how does a sample GetCapabilities request URL look like in your case?


Regards,

 Jan

----------------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 3:47 PM
To: Jan Drewnak (52north)
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
(not sure this is the best way to know the version, but:)  :)
in my pom.properties, I have:
version=2.2.0-alpha-1

thanks,
Fred



On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Hi Fred,

which version of the WSS are you using?


Best regards,

 Jan


--------------

From: [hidden email] [mailto:[hidden email]] On Behalf Of Fred Lehodey
Sent: Monday, June 06, 2011 3:30 PM
To: [hidden email]
Subject: [52N Security] Problem with Geoserver WMS / WFS

Hi,
(thanks for all 52 N projects..)

sorry if this is a stupid question but:

- when I define an <EnforcementPoint> in security-config.xml for a geoserver WMS (endPointType="WMS"), I can access without any restriction of all layers using WFS  (including WFS-T !!)

- in the same way, If I configure a WFS security (endPointType="WFS") with layer restriction (in permissions.xml), I can access to all layers via WMS.

How can I avoid this and control WMS and WFS services with distinct behavior ?

Thanks for any help.
Regards,
Fred


_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Jan Drewnak (52north)
In reply to this post by Fred Lehodey
Fred,

I think I have an idea what's wrong. I assume you created an enforcement point of type WFS for http://.../geoserver/wfs, defined permissions, and so on.
If you connect to that WFS-type enforcement point with a WMS request, say ".?SERVICE=WMS&REQUEST=GetCapabilities", you have full access.
This is due to the fact, that a WFS-type enforcement point doesn't recognize WMS requests as being under access control and simply forwards it to http://.../geoserver/wfs. Although Geoserver's WFS endpoint was connected, Geoserver responds with the WMS capabilities.
This of course can be fixed on our side, making the WSS more restrictive on inappropriate requests.

Is it feasible for you to switch to WSS 2.2.0-beta-1?

Regards,

  Jan

--------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 4:42 PM
To: [hidden email]
Cc: Jan Drewnak
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
thanks for reply.

- getCap_GeoServ.xml come from a request directly to geoserver
- getCap_52N.xml  is returned by 52N, with just one layer, as configured in permissions.xml....  
this fine and perfect, as expected, using, for example, QuantumGIS for tests.

But, also with QuantumGIS and the WFS plugin, I can see (and edit) all layers via WFS. And that is not expected.. ;)

I am probably doing something wrong... but..... :(

Best regards
Fred



On Mon, Jun 6, 2011 at 3:15 PM, Jan Drewnak <[hidden email]> wrote:
Fred,

how does a sample GetCapabilities request URL look like in your case?


Regards,

 Jan

----------------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 3:47 PM
To: Jan Drewnak (52north)
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
(not sure this is the best way to know the version, but:)  :)
in my pom.properties, I have:
version=2.2.0-alpha-1

thanks,
Fred



On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Hi Fred,

which version of the WSS are you using?


Best regards,

 Jan


--------------

From: [hidden email] [mailto:[hidden email]] On Behalf Of Fred Lehodey
Sent: Monday, June 06, 2011 3:30 PM
To: [hidden email]
Subject: [52N Security] Problem with Geoserver WMS / WFS

Hi,
(thanks for all 52 N projects..)

sorry if this is a stupid question but:

- when I define an <EnforcementPoint> in security-config.xml for a geoserver WMS (endPointType="WMS"), I can access without any restriction of all layers using WFS  (including WFS-T !!)

- in the same way, If I configure a WFS security (endPointType="WFS") with layer restriction (in permissions.xml), I can access to all layers via WMS.

How can I avoid this and control WMS and WFS services with distinct behavior ?

Thanks for any help.
Regards,
Fred


_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Fred Lehodey
Jan,

You're right: I have created an WFS enforcement point...
(but a WMS one gives also access to WFS request, I think..)

Just a thought: it is a bit dangerous to have to restrict something.
For some inappropriate requests, by default, It will be more careful that a security tool have to open than to restrict.

I will try to update to WSS 2.2.0-beta-1 tomorrow afternoon...
Will this update change this behavior ?

Anything I can do to contribute, please tell me.

thanks a lot.
Fred




On Wed, Jun 8, 2011 at 7:38 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Fred,

I think I have an idea what's wrong. I assume you created an enforcement point of type WFS for http://.../geoserver/wfs, defined permissions, and so on.
If you connect to that WFS-type enforcement point with a WMS request, say ".?SERVICE=WMS&REQUEST=GetCapabilities", you have full access.
This is due to the fact, that a WFS-type enforcement point doesn't recognize WMS requests as being under access control and simply forwards it to http://.../geoserver/wfs. Although Geoserver's WFS endpoint was connected, Geoserver responds with the WMS capabilities.
This of course can be fixed on our side, making the WSS more restrictive on inappropriate requests.

Is it feasible for you to switch to WSS 2.2.0-beta-1?

Regards,

 Jan

--------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 4:42 PM
To: [hidden email]
Cc: Jan Drewnak
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
thanks for reply.

- getCap_GeoServ.xml come from a request directly to geoserver
- getCap_52N.xml  is returned by 52N, with just one layer, as configured in permissions.xml....  
this fine and perfect, as expected, using, for example, QuantumGIS for tests.

But, also with QuantumGIS and the WFS plugin, I can see (and edit) all layers via WFS. And that is not expected.. ;)

I am probably doing something wrong... but..... :(

Best regards
Fred



On Mon, Jun 6, 2011 at 3:15 PM, Jan Drewnak <[hidden email]> wrote:
Fred,

how does a sample GetCapabilities request URL look like in your case?


Regards,

 Jan

----------------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 3:47 PM
To: Jan Drewnak (52north)
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
(not sure this is the best way to know the version, but:)  :)
in my pom.properties, I have:
version=2.2.0-alpha-1

thanks,
Fred



On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Hi Fred,

which version of the WSS are you using?


Best regards,

 Jan


--------------

From: [hidden email] [mailto:[hidden email]] On Behalf Of Fred Lehodey
Sent: Monday, June 06, 2011 3:30 PM
To: [hidden email]
Subject: [52N Security] Problem with Geoserver WMS / WFS

Hi,
(thanks for all 52 N projects..)

sorry if this is a stupid question but:

- when I define an <EnforcementPoint> in security-config.xml for a geoserver WMS (endPointType="WMS"), I can access without any restriction of all layers using WFS  (including WFS-T !!)

- in the same way, If I configure a WFS security (endPointType="WFS") with layer restriction (in permissions.xml), I can access to all layers via WMS.

How can I avoid this and control WMS and WFS services with distinct behavior ?

Thanks for any help.
Regards,
Fred




_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Fred Lehodey
In reply to this post by Jan Drewnak (52north)
Hi Jan,
I have instaled WSS 2.2.0b1
I have the same problem.
How to turn the WSS more restrictive on inapropriate requests ?

Thanks
Regards,
Fred



On Wed, Jun 8, 2011 at 7:38 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Fred,

I think I have an idea what's wrong. I assume you created an enforcement point of type WFS for http://.../geoserver/wfs, defined permissions, and so on.
If you connect to that WFS-type enforcement point with a WMS request, say ".?SERVICE=WMS&REQUEST=GetCapabilities", you have full access.
This is due to the fact, that a WFS-type enforcement point doesn't recognize WMS requests as being under access control and simply forwards it to http://.../geoserver/wfs. Although Geoserver's WFS endpoint was connected, Geoserver responds with the WMS capabilities.
This of course can be fixed on our side, making the WSS more restrictive on inappropriate requests.

Is it feasible for you to switch to WSS 2.2.0-beta-1?

Regards,

 Jan

--------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 4:42 PM
To: [hidden email]
Cc: Jan Drewnak
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
thanks for reply.

- getCap_GeoServ.xml come from a request directly to geoserver
- getCap_52N.xml  is returned by 52N, with just one layer, as configured in permissions.xml....  
this fine and perfect, as expected, using, for example, QuantumGIS for tests.

But, also with QuantumGIS and the WFS plugin, I can see (and edit) all layers via WFS. And that is not expected.. ;)

I am probably doing something wrong... but..... :(

Best regards
Fred



On Mon, Jun 6, 2011 at 3:15 PM, Jan Drewnak <[hidden email]> wrote:
Fred,

how does a sample GetCapabilities request URL look like in your case?


Regards,

 Jan

----------------------
From: Fred Lehodey [mailto:[hidden email]]
Sent: Monday, June 06, 2011 3:47 PM
To: Jan Drewnak (52north)
Subject: Re: [52N Security] Problem with Geoserver WMS / WFS

Jan,
(not sure this is the best way to know the version, but:)  :)
in my pom.properties, I have:
version=2.2.0-alpha-1

thanks,
Fred



On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north) <[hidden email]> wrote:
Hi Fred,

which version of the WSS are you using?


Best regards,

 Jan


--------------

From: [hidden email] [mailto:[hidden email]] On Behalf Of Fred Lehodey
Sent: Monday, June 06, 2011 3:30 PM
To: [hidden email]
Subject: [52N Security] Problem with Geoserver WMS / WFS

Hi,
(thanks for all 52 N projects..)

sorry if this is a stupid question but:

- when I define an <EnforcementPoint> in security-config.xml for a geoserver WMS (endPointType="WMS"), I can access without any restriction of all layers using WFS  (including WFS-T !!)

- in the same way, If I configure a WFS security (endPointType="WFS") with layer restriction (in permissions.xml), I can access to all layers via WMS.

How can I avoid this and control WMS and WFS services with distinct behavior ?

Thanks for any help.
Regards,
Fred




_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Jan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Jan
Administrator
Fred,

I further analyzed the problem. It will be fixed with a new release to be
ready in two weeks.

Best regards,

  Jan



> Hi Jan,
> I have instaled WSS 2.2.0b1
> I have the same problem.
> How to turn the WSS more restrictive on inapropriate requests ?
>
> Thanks
> Regards,
> Fred
>
>
>
> On Wed, Jun 8, 2011 at 7:38 PM, Jan Drewnak (52north)
> <[hidden email]>wrote:
>
>> Fred,
>>
>> I think I have an idea what's wrong. I assume you created an enforcement
>> point of type WFS for http://.../geoserver/wfs, defined permissions, and
>> so on.
>> If you connect to that WFS-type enforcement point with a WMS request,
>> say
>> ".?SERVICE=WMS&REQUEST=GetCapabilities", you have full access.
>> This is due to the fact, that a WFS-type enforcement point doesn't
>> recognize WMS requests as being under access control and simply forwards
>> it
>> to http://.../geoserver/wfs. Although Geoserver's WFS endpoint was
>> connected, Geoserver responds with the WMS capabilities.
>> This of course can be fixed on our side, making the WSS more restrictive
>> on
>> inappropriate requests.
>>
>> Is it feasible for you to switch to WSS 2.2.0-beta-1?
>>
>> Regards,
>>
>>  Jan
>>
>> --------------
>> From: Fred Lehodey [mailto:[hidden email]]
>> Sent: Monday, June 06, 2011 4:42 PM
>> To: [hidden email]
>> Cc: Jan Drewnak
>> Subject: Re: [52N Security] Problem with Geoserver WMS / WFS
>>
>> Jan,
>> thanks for reply.
>>
>> - getCap_GeoServ.xml come from a request directly to geoserver
>> - getCap_52N.xml  is returned by 52N, with just one layer, as configured
>> in
>> permissions.xml....
>> this fine and perfect, as expected, using, for example, QuantumGIS for
>> tests.
>>
>> But, also with QuantumGIS and the WFS plugin, I can see (and edit) all
>> layers via WFS. And that is not expected.. ;)
>>
>> I am probably doing something wrong... but..... :(
>>
>> Best regards
>> Fred
>>
>>
>>
>> On Mon, Jun 6, 2011 at 3:15 PM, Jan Drewnak <[hidden email]>
>> wrote:
>> Fred,
>>
>> how does a sample GetCapabilities request URL look like in your case?
>>
>>
>> Regards,
>>
>>  Jan
>>
>> ----------------------
>> From: Fred Lehodey [mailto:[hidden email]]
>> Sent: Monday, June 06, 2011 3:47 PM
>> To: Jan Drewnak (52north)
>> Subject: Re: [52N Security] Problem with Geoserver WMS / WFS
>>
>> Jan,
>> (not sure this is the best way to know the version, but:)  :)
>> in my pom.properties, I have:
>> version=2.2.0-alpha-1
>>
>> thanks,
>> Fred
>>
>>
>>
>> On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north)
>> <[hidden email]>
>> wrote:
>> Hi Fred,
>>
>> which version of the WSS are you using?
>>
>>
>> Best regards,
>>
>>  Jan
>>
>>
>> --------------
>>
>> From: [hidden email] [mailto:[hidden email]]
>> On Behalf Of Fred Lehodey
>> Sent: Monday, June 06, 2011 3:30 PM
>> To: [hidden email]
>> Subject: [52N Security] Problem with Geoserver WMS / WFS
>>
>> Hi,
>> (thanks for all 52 N projects..)
>>
>> sorry if this is a stupid question but:
>>
>> - when I define an <EnforcementPoint> in security-config.xml for a
>> geoserver WMS (endPointType="WMS"), I can access without any restriction
>> of
>> all layers using WFS  (including WFS-T !!)
>>
>> - in the same way, If I configure a WFS security (endPointType="WFS")
>> with
>> layer restriction (in permissions.xml), I can access to all layers via
>> WMS.
>>
>> How can I avoid this and control WMS and WFS services with distinct
>> behavior ?
>>
>> Thanks for any help.
>> Regards,
>> Fred
>>
>>
>>
>


--
Jan Drewnak
52°North Initiative for Geospatial Open Source Software GmbH
Martin-Luther-King-Weg 24
48155 Muenster
Germany

Tel.: +49 (0)251 7474- 432
Fax: +49 (0)251 396 371- 11

[hidden email]
www.52north.org
www.52north.org/security

General Managers: Dr. Albert Remke, Dr. Andreas Wytzisk
Local Court Muenster HRB 10849

_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Geoserver WMS / WFS

Fred Lehodey
Jan,
It  will be  a pleasure to test that new release....

Thanks,
Fred


On Fri, Jul 1, 2011 at 8:56 PM, Jan Drewnak <[hidden email]> wrote:
Fred,

I further analyzed the problem. It will be fixed with a new release to be
ready in two weeks.

Best regards,

 Jan



> Hi Jan,
> I have instaled WSS 2.2.0b1
> I have the same problem.
> How to turn the WSS more restrictive on inapropriate requests ?
>
> Thanks
> Regards,
> Fred
>
>
>
> On Wed, Jun 8, 2011 at 7:38 PM, Jan Drewnak (52north)
> <[hidden email]>wrote:
>
>> Fred,
>>
>> I think I have an idea what's wrong. I assume you created an enforcement
>> point of type WFS for http://.../geoserver/wfs, defined permissions, and
>> so on.
>> If you connect to that WFS-type enforcement point with a WMS request,
>> say
>> ".?SERVICE=WMS&REQUEST=GetCapabilities", you have full access.
>> This is due to the fact, that a WFS-type enforcement point doesn't
>> recognize WMS requests as being under access control and simply forwards
>> it
>> to http://.../geoserver/wfs. Although Geoserver's WFS endpoint was
>> connected, Geoserver responds with the WMS capabilities.
>> This of course can be fixed on our side, making the WSS more restrictive
>> on
>> inappropriate requests.
>>
>> Is it feasible for you to switch to WSS 2.2.0-beta-1?
>>
>> Regards,
>>
>>  Jan
>>
>> --------------
>> From: Fred Lehodey [mailto:[hidden email]]
>> Sent: Monday, June 06, 2011 4:42 PM
>> To: [hidden email]
>> Cc: Jan Drewnak
>> Subject: Re: [52N Security] Problem with Geoserver WMS / WFS
>>
>> Jan,
>> thanks for reply.
>>
>> - getCap_GeoServ.xml come from a request directly to geoserver
>> - getCap_52N.xml  is returned by 52N, with just one layer, as configured
>> in
>> permissions.xml....
>> this fine and perfect, as expected, using, for example, QuantumGIS for
>> tests.
>>
>> But, also with QuantumGIS and the WFS plugin, I can see (and edit) all
>> layers via WFS. And that is not expected.. ;)
>>
>> I am probably doing something wrong... but..... :(
>>
>> Best regards
>> Fred
>>
>>
>>
>> On Mon, Jun 6, 2011 at 3:15 PM, Jan Drewnak <[hidden email]>
>> wrote:
>> Fred,
>>
>> how does a sample GetCapabilities request URL look like in your case?
>>
>>
>> Regards,
>>
>>  Jan
>>
>> ----------------------
>> From: Fred Lehodey [mailto:[hidden email]]
>> Sent: Monday, June 06, 2011 3:47 PM
>> To: Jan Drewnak (52north)
>> Subject: Re: [52N Security] Problem with Geoserver WMS / WFS
>>
>> Jan,
>> (not sure this is the best way to know the version, but:)  :)
>> in my pom.properties, I have:
>> version=2.2.0-alpha-1
>>
>> thanks,
>> Fred
>>
>>
>>
>> On Mon, Jun 6, 2011 at 2:36 PM, Jan Drewnak (52north)
>> <[hidden email]>
>> wrote:
>> Hi Fred,
>>
>> which version of the WSS are you using?
>>
>>
>> Best regards,
>>
>>  Jan
>>
>>
>> --------------
>>
>> From: [hidden email] [mailto:[hidden email]]
>> On Behalf Of Fred Lehodey
>> Sent: Monday, June 06, 2011 3:30 PM
>> To: [hidden email]
>> Subject: [52N Security] Problem with Geoserver WMS / WFS
>>
>> Hi,
>> (thanks for all 52 N projects..)
>>
>> sorry if this is a stupid question but:
>>
>> - when I define an <EnforcementPoint> in security-config.xml for a
>> geoserver WMS (endPointType="WMS"), I can access without any restriction
>> of
>> all layers using WFS  (including WFS-T !!)
>>
>> - in the same way, If I configure a WFS security (endPointType="WFS")
>> with
>> layer restriction (in permissions.xml), I can access to all layers via
>> WMS.
>>
>> How can I avoid this and control WMS and WFS services with distinct
>> behavior ?
>>
>> Thanks for any help.
>> Regards,
>> Fred
>>
>>
>>
>


--
Jan Drewnak
52°North Initiative for Geospatial Open Source Software GmbH
Martin-Luther-King-Weg 24
48155 Muenster
Germany

Tel.: +49 (0)251 7474- 432
Fax: +49 (0)251 396 371- 11

[hidden email]
www.52north.org
www.52north.org/security

General Managers: Dr. Albert Remke, Dr. Andreas Wytzisk
Local Court Muenster HRB 10849



_______________________________________________
Security mailing list
[hidden email]
http://list.52north.org/mailman/listinfo/security
http://security.forum.52north.org
Loading...