---

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #AVQ-822608]: info retrieved passing tomcat/thredds password protection

---

• Subject: [THREDDS #AVQ-822608]: info retrieved passing tomcat/thredds password protection
• Date: Tue, 05 Apr 2016 16:36:33 -0600

---

Ok, sorry to take so long to get back to you.
You may need to make some changes. 

Since this works for the web browser, I am guessing you have
already done most of this. so if I repeat things you already
have done, then compare and skip.

The following has worked for me.

1. Think about your URL patterns in web.xml. Can this be
   simplified? Note also that the url path element 'restrictedAccess'
   can be whatever you want as long as you are consistent.

2. Edit tomcat-users.xml to ensure that the following
   lines are included.You will need to repeat the <user...>
   entry for every user who can access the dataset(s).
   Also, the rolename can be anything you want as long as you
   are consistent: there is nothing magic about 'restrictedDatasetUser'.
    <role rolename="restrictedDatasetUser"/>
    <user username="..."
        password="..."
        roles="restrictedDatasetUser"/>

3.  In your web.xml, you have
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
     This means you must access the datasets using https:
     If you want to allow http:, then change CONFIDENTIAL to NONE.

4.  Your web.xml also needs this:
      <security-role>
         <description>...</description>
         <role-name>restrictedDatasetUser</role-name>
      </security-role>

5. You need to add this to your catalog.xml, the exact form
   varies depending on if you are doing a dataset scan vs specifying
   a root.
      <datasetRoot path="restrictedAccess" location="..."/>
      <dataset name="..."
               ID="..."
               serviceName="all"
               urlPath="restrictedAccess/..."
               restrictAccess="restrictedDatasetUser"/>
   For a datasetscan, you will need something like this:
     <datasetScan name="..." ID="..." path="..." 
                  location="..."
                  restrictAccess="restrictedDatasetUser">
         ...
     </datasetScan>

=Dennis Heimbigner
  Unidata


Ticket Details
===================
Ticket ID: AVQ-822608
Department: Support THREDDS
Priority: Normal
Status: Closed

---

• Prev by Date: [THREDDS #AVQ-822608]: info retrieved passing tomcat/thredds password protection
• Next by Date: [THREDDS #AVQ-822608]: info retrieved passing tomcat/thredds password protection
• Previous by thread: [THREDDS #AVQ-822608]: info retrieved passing tomcat/thredds password protection
• Next by thread: [THREDDS #AVQ-822608]: info retrieved passing tomcat/thredds password protection
• Index(es):
  • Date
  • Thread