-
Notifications
You must be signed in to change notification settings - Fork 94
Authorization section
GeoStore provide two default users:
-
admin
with pwadmin
-
user
with pwuser
Authorization, at the moment, in GeoStore is only at resource level. It means that there is a Security entity that provide the authorization mechanism according to a resource.
Every user can perform specific actions according to the own level of authorization:
- admin: is the administrator of the system. This user can perform any kind of action on every stored resource.
- user: this user can perform any kind of action on its own resource, but not in other user's resources.
- guest (not authenticated): this user can only see all resources in the system, but not delete or modify them.
You can authenticate for a service prepending the string ?user=&psw= to the service URL.
About the creation of new user, see the REST API section and Inizialize User and Categories
This option is disabled by default.
You can activate the auto create user interceptor in the configuration file:
<!-- Auto create users interceptor (uncomment to allow users autocreation for /users requests) -->
<ref bean="autoCreateUsersInterceptor"/>
<ref bean="geostoreAuthInterceptor"/>
<bean class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
<property name="securedObject" ref="restUserService"/>
</bean>
</jaxrs:inInterceptors>
When you uncomment the autoCreateUsersInterceptor
, the first interceptor for the JAX requests is the AutoUserCreateGeostoreAuthenticationInterceptor and you can change the properties in the property overrider with:
autoCreateUsersInterceptor.autoCreateUsers=true
autoCreateUsersInterceptor.newUsersRole.role=USER
autoCreateUsersInterceptor.newUsersPassword=NONE|USERNAME|FROMHEADER
autoCreateUsersInterceptor.newUsersPasswordHeader=newUserPassword
Some documentation for this options:
- autoCreateUsers: Flag to indicate if an user that not exists could be created when it's used
- newUsersRole: New role for the user (default it's USER)
- newUsersPassword: New password strategy. Can be: NONE --> empty password, USERNAME --> password = username, FROMHEADER --> see newUsersPasswordHeader
- newUsersPasswordHeader: Header key for the new password if the selected strategy is FROMHEADER
Then, you can create a new user with a get user details call:
- If newUsersPassword==USERNAME
Request : $ curl -u newUser:newUser -XGET http://localhost:9191/geostore/rest/users/user/details
Response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><User><id>3</id><name>newUser</name><role>USER</role></User>
- If newUsersPassword==NONE
Request : $ curl -u newUser: -XGET http://localhost:9191/geostore/rest/users/user/details
Response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><User><id>3</id><name>newUser</name><role>USER</role></User>
If you want to active it on another request, you must add the interceptor for the rest path. For example, if you want to allow the user auto creation on the /data
path, you must add the interceptor on the JAX interceptors configuration