Service Level SecurityΒΆ

GeoServer allows access to be determined on a service level (WFS, WMS). Access to services are linked to roles. Services and roles are linked in a file called services.properties which is located in the security directory in your $geoserver_data folder (%geoserver_data% in Windows).

Note

The syntax for setting security is as follows (parameters in brackets are optional):

service[.method]=role[,role2,...]

where:

  • service can be wfs, wms, or wcs
  • method can be any method supported by the service. (ie.: GetFeature for WFS, GetMap for WMS)
  • role[,role2,...] is the name(s) of predefined roles.

Service-level security and Layer level security cannot be combined. For example, it is not possible to specify access to a specific OGC service on one specific layer.

  1. From the Welcome page click the Services link on the Menu Security section.

    Note

    You have to be logged in as Administrator in order to activate this function.

  2. Click Add new rule in the top menu and enter the following configuration:

    • Select wms from Service combo box.
    • Select GetMap from method combo box.
    • Select the ROLE_WS created in previous section and pres the right arrow at the center of the window.
    ../_images/service1.png

    The new role form

  3. Click the Save button.

    ../_images/service2.png

    The Service access rules list

  4. Navigate to the Map Preview and try to show a layer with OpenLayers. You’ll find that it is inaccessible.

  5. Logout as admin and login as wsuser.

  6. Navigate to the Map Preview and try to show a layer with OpenLayers. Now the layers are accessible.