Service Level SecurityΒΆ
GeoServer allows access to be determined on a service level (WFS, WMS). Access to services are linked to roles.
Services and roles are linked in a file called services.properties
which is located in the security
directory in your $geoserver_data folder (%geoserver_data% in Windows).
Note
The syntax for setting security is as follows (parameters in brackets are optional):
service[.method]=role[,role2,...]where:
- service can be
wfs
,wms
, orwcs
- method can be any method supported by the service. (ie.: GetFeature for WFS, GetMap for WMS)
- role[,role2,...] is the name(s) of predefined roles.
Service-level security and Layer level security cannot be combined. For example, it is not possible to specify access to a specific OGC service on one specific layer.
From the Welcome page click the Services link on the Menu Security section.
Note
You have to be logged in as Administrator in order to activate this function.
Click Add new rule in the top menu and enter the following configuration:
- Select
wms
fromService
combo box. - Select
GetMap
frommethod
combo box. - Select the ROLE_WS created in previous section and pres the right arrow at the center of the window.
- Select
Click the Save button.
Navigate to the Map Preview and try to show a layer with OpenLayers. You’ll find that it is inaccessible.
Logout as
admin
and login aswsuser
.Navigate to the Map Preview and try to show a layer with OpenLayers. Now the layers are accessible.