Tampilkan postingan dengan label enterprise services. Tampilkan semua postingan
Tampilkan postingan dengan label enterprise services. Tampilkan semua postingan

Senin, 26 Maret 2012

Developer's Corner: Authenticating dummy clients in GeoServer

In this blog post we'll introduce a simple authentication method we developed for GeoServer that allows to deal with security unaware clients.

GeoServer can be configured to force a user to authenticate, either directly when trying to access the capabilities document (challenge mode) or when trying to access a protected resource (mixed mode). GeoServer will send a "http basic authentication" challenge, that will force browsers to show up the "username/password" authentication dialog, and make other desktop application ask and send over the user credentials.

There are surely more secure means to authenticate a user, yet basic http authentication is the minimum common denominator, something that most clients support, and coupled with HTTPS transport it provides a good starting point for a secured site.

Unfortunately there are clients out there that cannot even deal with basic authentication.
Some of the existing solutions deal with this by making you install a little desktop proxy software that the other software can connect to, with the proxy dealing with all security considerations. That is fine when you are in control of the client side, but not practical when the user is not able, willing, or allowed to install extra software on their machine.

To allow for some level of authentication and security in those cases we developed a community module called "authkey", or "Key authentication module", where all that is requested to the client is to add a unique key indentifying the user into the capabilities request.
Something like:
http://myhost/geoserver/wms?service=WMS&request=GetCapabilities&authkey=ef18d7e7-963b-470f-9230-c7f9de166888
And voilĂ , the user associated to that code will be recognized. The capabilities document returned will also contain back links to GeoServer that replicate the same code, so that also GetMap and GetFeatureInfo requests will work under that same user.
This way the authentication is done without the software having to willingly participate in the authentication mechanism.

The default implementation of the module will look for a property file that configures the associations between the unique codes and the existing users, but different solutions can be plugged in that allow for authentication via hardware code tokens, or daily tokens, or whatever solution you might come up with: see the documentation for more details on the configuration and instructions on how to write your own plugin.

Of course the solution is simple, but coupled with HTTPS it's more or less as secure as using basic authentication, and allows a wider range of client software solutions to participate in the game.

What about you, looking for some missing GeoServer security features? Interested in knowing more about our Enterprise Services? Let us know!

The GeoSolutions team,
Diposting oleh di Tidak ada komentar:
Label: , , , , , ,
Lokasi: Via Poggio Viti in Piano Conca, 12, 55054 Massarosa LU, Italia

Kamis, 26 Januari 2012

Improving GeoServer SQL Server support

Dear All,
in recent times we were hired to improve GeoServer SQL Server support story.

The SQL Server store was created and maintained during spare time by Justin DeOliveira, however due to lack of production usage, and work time to pour on it, it failed to reach to the same level of robustness and speed as the best supported stores, such as Oracle and PostGIS.

Our work this week tried to close this gap with a number of little and big improvements that make the code run faster and in a more reliable way:
  • add support for connection validation (very important for SQL Azure, which is very keen on closing pooled connections in your face)
  • use binary encoding, instead of text, to transfer geometries from the database
  • support for data paging at the database level
  • make sure the rich database test suite we have in GeoTools is fully implented for SQL server, ensuring good support for use cases such as dynamic SQL views, proper date/time encoding in filters, and the like, both on the development series and on the stable series
Our develoment focused on testing the code against both SQL Server 2008 and SQL Azure. SQL Azure is the SQL database one can use in the Microsoft Azure cloud system: while it does look a lot like SQL Server 2008, it does not quite behave the same way in all cases, and requires a specific JDBC driver to work properly.

There are still some improvements missing on the table, such as geography columns support, but we're sure you'll be able to get more out of a production usage of GeoServer and SQL Server now.

Interested in sponsoring further improvements? Looking for professional support service that deliver for your group? Let us know!

The GeoSolutions team,

Diposting oleh di Tidak ada komentar:
Label: , , , , , ,
Lokasi: Via Poggio alle Viti, 55049 Viareggio LU, Italia
Langganan: Postingan (Atom)