Rodrigo Antonialli
2017-06-07 22:22:30 UTC
Hi everyone!
I'm configuring a new instance of Geoserver (v. 2.11.1) and setting the
embeded GeoWebCache.
I have 2 doubts:
Short version:
*First:* Does the Catalog Mode applies to GWC ?
*Second:* When enabling Direct integration with WMS, requests to default
WMS always tries GWC firs? How does data security applies with this setup?
Long version:
*First: *I've set the following options within Caching Defaults panel:
[checked] Enable direct integration with GeoServer WMS
[checked] Enable WMS-C Service
[ ] Enable TMS Service
[checked] Enable Data Security
Then, I've set a Data Security Rule for topp:states layer:
topp.states.r = ROLE_AUTHENTICATED
With this rule and *Caralog Mode HIDE*, the layer is not shown in
capabilities request for WMS and WFS, but it is listed for
/GWC/SERVICE/WMTS and /GWC/SERVICE/WMS capabilities.
Is this the expected behaviour or I'm missing something? Just to know, the
access to the layer itself is restricted using any service (when accessing
it using openlayers wmts
<https://openlayers.org/en/latest/apidoc/ol.source.WMTS.html>, no error is
shown, although the layer is not shown if i'm not authenticated).
*Second: *To avoid this "problem" with GetCapabilities of GWC,* l*et's say
I keep:
[checked] Enable direct integration with GeoServer WMS
[ ] Enable WMS-C Service
[ ] Enable TMS Service
[ ] Enable Data Security
and now set up a service rule like this:
gwc.* = ADMIN
Does it means that requests to /GEOSERVER/WMS (and virtual endpoints) will
always try GWC first, even for public layers? Using it this way does it
mean I dont need /geoserver/gwc/service/wms or /geoserver/gwc/service/wmts
endpoints to use gwc?
I'm imagining this: now, only admin can use GWC directly and so, only admin
can see all the layers in capabilities doc of gwc. Any other user will
benefit from gwc when acessing WMS... the data security and catalog mode is
now controlled by Geoserver WMS only... is this correct? Or should I
enable Data Security anyway?
Thanks!
Rodrigo C. Antonialli
======================================
Rio Claro - SP - Brasil
LinkedIn: http://www.linkedin.com/in/rcantonialli
Contato: ***@gmail.com
Skype: rc_antonialli
I'm configuring a new instance of Geoserver (v. 2.11.1) and setting the
embeded GeoWebCache.
I have 2 doubts:
Short version:
*First:* Does the Catalog Mode applies to GWC ?
*Second:* When enabling Direct integration with WMS, requests to default
WMS always tries GWC firs? How does data security applies with this setup?
Long version:
*First: *I've set the following options within Caching Defaults panel:
[checked] Enable direct integration with GeoServer WMS
[checked] Enable WMS-C Service
[ ] Enable TMS Service
[checked] Enable Data Security
Then, I've set a Data Security Rule for topp:states layer:
topp.states.r = ROLE_AUTHENTICATED
With this rule and *Caralog Mode HIDE*, the layer is not shown in
capabilities request for WMS and WFS, but it is listed for
/GWC/SERVICE/WMTS and /GWC/SERVICE/WMS capabilities.
Is this the expected behaviour or I'm missing something? Just to know, the
access to the layer itself is restricted using any service (when accessing
it using openlayers wmts
<https://openlayers.org/en/latest/apidoc/ol.source.WMTS.html>, no error is
shown, although the layer is not shown if i'm not authenticated).
*Second: *To avoid this "problem" with GetCapabilities of GWC,* l*et's say
I keep:
[checked] Enable direct integration with GeoServer WMS
[ ] Enable WMS-C Service
[ ] Enable TMS Service
[ ] Enable Data Security
and now set up a service rule like this:
gwc.* = ADMIN
Does it means that requests to /GEOSERVER/WMS (and virtual endpoints) will
always try GWC first, even for public layers? Using it this way does it
mean I dont need /geoserver/gwc/service/wms or /geoserver/gwc/service/wmts
endpoints to use gwc?
I'm imagining this: now, only admin can use GWC directly and so, only admin
can see all the layers in capabilities doc of gwc. Any other user will
benefit from gwc when acessing WMS... the data security and catalog mode is
now controlled by Geoserver WMS only... is this correct? Or should I
enable Data Security anyway?
Thanks!
Rodrigo C. Antonialli
======================================
Rio Claro - SP - Brasil
LinkedIn: http://www.linkedin.com/in/rcantonialli
Contato: ***@gmail.com
Skype: rc_antonialli