You can give anonymous users access to service endpoints in two ways:
-
Add the service endpoint to the endpoint patterns defined in
authenticatedEndpointswithauthenticatedset tofalse. -
Remove the service endpoint from the endpoint patterns defined in
authenticatedEndpointswithauthenticatedset totrue.
The following examples illustrate how to configure specific use cases.
In each case we will modify the fusion.accessControl section that can be found in application-fusion.development.yml and application-fusion.production-template.yml.
Our starting point is a configuration with access control enabled and authentication required for all services.
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:
- endpointPattern: "${fusion.ogc.wms.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wmts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wfs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.csw.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogctilesservice.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wcs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ecwp.erdasIws.path}/**"
authenticated: true
- endpointPattern: "${fusion.fileserver.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.hspc.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.lts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.panoramics.basePath}/**"
authenticated: trueEnabling anonymous access for all services
To enable anonymous access for all services we remove all endpoint patterns defined in authenticatedEndpoints.
This results in the following configuration.
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:Enabling anonymous access for all services of a specific type
To enable anonymous access for all services of a specific type we remove the endpoint patterns defined in authenticatedEndpoints that match the specific type.
If we remove anonymous access for the WMS service type (The endpointPattern ${fusion.ogc.wms.basePath}/**), this results in the following configuration:
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:
- endpointPattern: "${fusion.ogc.wmts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wfs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.csw.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogctilesservice.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wcs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ecwp.erdasIws.path}/**"
authenticated: true
- endpointPattern: "${fusion.fileserver.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.hspc.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.lts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.panoramics.basePath}/**"
authenticated: trueEnabling anonymous access for services of a specific type and with a specific name
To enable anonymous access for all services of a specific type and with a name that starts with a certain value, we add an
endpoint pattern to authenticatedEndpoints that matches the endpoint and with authenticated set to false.
To enable anonymous access for the WMS service type with a name that starts with public we added a new endpointPattern at the start, this results in the following configuration:
# Enables access control
fusion.accessControl:
enabled: true
# The value for property 'adminRole' automatically defaults to 'ADMIN' when access control is enabled and this property is undefined.
# An empty value for the 'adminRole' property is not allowed.
adminRole: ADMIN
# Configures all service endpoints to be authenticated using Platform's authentication system
authenticatedEndpoints:
- endpointPattern: "${fusion.ogc.wms.basePath}/public*/**"
authenticated: false
- endpointPattern: "${fusion.ogc.wms.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wmts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wfs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.csw.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogctilesservice.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ogc.wcs.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.ecwp.erdasIws.path}/**"
authenticated: true
- endpointPattern: "${fusion.fileserver.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.hspc.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.lts.basePath}/**"
authenticated: true
- endpointPattern: "${fusion.panoramics.basePath}/**"
authenticated: true
You need to grant permissions to the LFN_ANONYMOUS role for the Data resources to which the anonymous users must have access.
See Access Control in LuciadFusion for more information.
|