You can give anonymous users access to service endpoints in two ways:
-
Add the service endpoint to the endpoint patterns defined in
authenticatedEndpoints
withauthenticated
set tofalse
. -
Remove the service endpoint from the endpoint patterns defined in
authenticatedEndpoints
withauthenticated
set totrue
.
The following examples illustrate how to configure specific use cases.
In each case we will modify the fusion.accessControl
section that can be found in application-fusion.development.yml
and application-fusion.production-template.yml
.
Our starting point is a configuration with access control enabled and authentication required for all services.
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:
- endpointPattern: "${fusion.ogc.wms.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wmts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wfs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.csw.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogctilesservice.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wcs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ecwp.erdasIws.path}/**"
authenticated: true
- endpointPattern: "${fusion.fileserver.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.hspc.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.lts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.panoramics.basePath}/**"
authenticated: true
Enabling anonymous access for all services
To enable anonymous access for all services we remove all endpoint patterns defined in authenticatedEndpoints
.
This results in the following configuration.
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:
Enabling anonymous access for all services of a specific type
To enable anonymous access for all services of a specific type we remove the endpoint patterns defined in authenticatedEndpoints
that match the specific type.
If we remove anonymous access for the WMS service type (The endpointPattern ${fusion.ogc.wms.basePath}/**
), this results in the following configuration:
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:
- endpointPattern: "${fusion.ogc.wmts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wfs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.csw.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogctilesservice.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wcs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ecwp.erdasIws.path}/**"
authenticated: true
- endpointPattern: "${fusion.fileserver.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.hspc.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.lts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.panoramics.basePath}/**"
authenticated: true
Enabling anonymous access for services of a specific type and with a specific name
To enable anonymous access for all services of a specific type and with a name that starts with a certain value, we add an
endpoint pattern to authenticatedEndpoints
that matches the endpoint and with authenticated
set to false
.
To enable anonymous access for the WMS service type with a name that starts with public
we added a new endpointPattern at the start, this results in the following configuration:
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:
- endpointPattern: "${fusion.ogc.wms.basePath}/public*/**"
authenticated: false
- endpointPattern: "${fusion.ogc.wms.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wmts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wfs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.csw.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogctilesservice.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wcs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ecwp.erdasIws.path}/**"
authenticated: true
- endpointPattern: "${fusion.fileserver.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.hspc.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.lts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.panoramics.basePath}/**"
authenticated: true
You need to grant permissions to the LFN_ANONYMOUS role for the Data resources to which the anonymous users must have access.
See Access Control in LuciadFusion for more information.
|