I've a mapping site where users have to login in with username and password. Once logged in the user gets a map of their data using WMS and WFS to display and edit data. This data is served using GeoServer and displayed using OpenLayers. The WMS on the layer is secured using a username\password.
I've seen similar questions to this but basically I want to access the secured layers via WMS without exposing my username\password. Any advice\clarity would be appreciated – my own thoughts are as follows:
- User logs in to website.
- WMS request using HTTPS for their specific
information – uses some filter based upon who they are. - How do I send this filter without exposing it in the WMS call?
- How do I send username\password without exposing it in WMS call?
Theres lots of talk about reverse proxies – do I send the WMS request with no username\password then when the request reaches the proxy I validate the user then modify the request by adding the WMS username\password using the reverse proxy. If so dont I still need to send some identifier to determine who sent the request or will the proxy knows this due to the users session?
Basically any help would be appreciated
Best Answer
how about this: http://osgeo-org.1560.x6.nabble.com/Load-GeoServer-WMS-secured-layers-with-OpenLayers-td3919938.html, basically it uses a proxy script to do what you need.