Skip to content

Authorization section

Jump to bottom
Alejandro Díaz Torres edited this page Jan 27, 2014 · 26 revisions

About authorizations

GeoStore provide two default users:

  • admin with pw admin
  • user with pw user

Authorization, at the moment, in GeoStore is only at resource level. It means that there is a Security entity that provide the authorization mechanism according to a resource.

Every user can perform specific actions according to the own level of authorization:

  • admin: is the administrator of the system. This user can perform any kind of action on every stored resource.
  • user: this user can perform any kind of action on its own resource, but not in other user's resources.
  • guest (not authenticated): this user can only see all resources in the system, but not delete or modify them.

You can authenticate for a service prepending the string ?user=&psw= to the service URL.

About users creation

About the creation of new user, see the REST API section and Inizialize User and Categories

Auto create users

This option is disabled by default.

You can activate the auto create user interceptor in the configuration file:

            <!-- Auto create users interceptor (uncomment to allow users autocreation for /users requests)  -->
            <ref bean="autoCreateUsersInterceptor"/>
            <ref bean="geostoreAuthInterceptor"/>
            <bean class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
               <property name="securedObject" ref="restUserService"/>
            </bean>
        </jaxrs:inInterceptors>

When you uncomment the autoCreateUsersInterceptor, the first interceptor for the JAX requests is the AutoUserCreateGeostoreAuthenticationInterceptor and you can change the properties in the property overrider with:

autoCreateUsersInterceptor.autoCreateUsers=true
autoCreateUsersInterceptor.newUsersRole.role=USER
autoCreateUsersInterceptor.newUsersPassword=NONE|USERNAME|FROMHEADER
autoCreateUsersInterceptor.newUsersPasswordHeader=newUserPassword

Some documentation for this options:

  • autoCreateUsers: Flag to indicate if an user that not exists could be created when it's used
  • newUsersRole: New role for the user (default it's USER)
  • newUsersPassword: New password strategy. Can be: NONE --> empty password, USERNAME --> password = username, FROMHEADER --> see newUsersPasswordHeader
  • newUsersPasswordHeader: Header key for the new password if the selected strategy is FROMHEADER

Then, you can create a new user with a get user details call:

  • If newUsersPassword==USERNAME

Request : $ curl -u newUser:newUser -XGET http://localhost:9191/geostore/rest/users/user/details

Response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><User><id>3</id><name>newUser</name><role>USER</role></User>

  • If newUsersPassword==NONE

Request : $ curl -u newUser: -XGET http://localhost:9191/geostore/rest/users/user/details

Response: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><User><id>3</id><name>newUser</name><role>USER</role></User>

If you want to active it on another request, you must add the interceptor for the rest path. For example, if you want to allow the user auto creation on the /data path, you must add the interceptor on the JAX interceptors configuration

Clone this wiki locally