Service Level SecurityΒΆ

GeoServer allows access to be determined on a service level (WFS, WMS). Access to services is linked to roles. Services and roles are linked in a file called services.properties, which is located in the security directory in your $GEOSERVER_DATA_DIR.

Note

The syntax for setting security is as follows. (Parameters in brackets are optional.):

service[.method]=role[,role2,...]

where:

  • service can be wfs, wms, or wcs
  • method can be any method supported by the service. (Ex: GetFeature for WFS, GetMap for WMS)
  • role[,role2,...] is the name(s) of predefined roles.

Service-level security and Layer level security cannot be combined. For example, it is not possible to specify access to a specific OGC service on one specific layer.

  1. From the Welcome page click the Services link on the Menu Security section.

    Note

    You have to be logged in as Administrator in order to activate this function.

  2. Click Add new rule in the top menu and enter the following configuration:

    • Select wms from Service combo box.
    • Select GetMap from method combo box.
    • Select the ROLE_WS created in previous section and pressing the right arrow on center of the window.
    ../_images/service1.png

    The new role form

  3. Click the Save button.

    ../_images/service2.png

    The Service access rules list

  4. Navigate to the Map Preview and trying to show a layer and Try visualizing with OpenLayers a layer. You’ll find that it is inaccessible.

  5. Logout as admin and login as wsuser.

  6. Navigate to the Map Preview and trying to show a layer and Try visualizing with OpenLayers a layer. Now the layers are accessible.