Thanks for the reply Marcos!
I don't think I want to secure the catalog/ path as we are aiming to
keep that open for discovery purposes (geoportal).
I'll take a look at the CORS stuff, but I'll probably start with trying
to modify the javascript.
Thanks!
-kevin.
On 7/31/13 2:40 PM, Marcos Hermida wrote:
Hi Kevin,
when the catalog page is resolved and the Godiva2 link is created, TDS
uses the request url for building the links. As that page (the catalog
page) is an http without security constraint the base url starts with
http and the link in the catalog resolves to something like:
http://castle.ucar.edu/thredds/godiva2/godiva2.html?server=http://castle.ucar.edu/thredds/wms/ds083.2/best
Then, when you click that link, since that url matches one of the
secured url-patterns tomcat redirects to:
https://castle.ucar.edu:8443/thredds/godiva2/godiva2.html?server=http://castle.ucar.edu/thredds/wms/ds083.2/best
It changes the url but not the query string on it, so Godiva2 tries to
make http requests on a different domain (different protocol,
actually) and fails, I guess, because the ajax cross-domain restrictions.
One possible solution would be to add /catalog/* to the url patterns
so the catalog's urls would be secured and start by https and the
Godiva2 links should be fine.
Another solution would be to force Godiva2 to match the protocols in
the url and the value in the server parameter, but that would require
to change the javascript code.
Also, not sure if it would work here, there is a TDS with CORS support
version: https://github.com/tkunicki-usgs/thredds-cors that you might
want to try.
Cheers!
On 07/30/2013 01:17 PM, Kevin Manross wrote:
I was able to get the Godiva2 viewer to work properly with out
datasets when the data were unrestricted, or if I restricted the
entire TDS.
In order to open our catalogs for searching, I have set the security
restraints at the access level. Unfortunately, this doesn't play
nicely with the Godiva2 viewer as the value for the server attribute
in the url is not the same as the root url.
I.e., from my web.xml:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
</security-constraint>
results in
https://castle.ucar.edu:8443/thredds/godiva2/godiva2.html?server=https://castle.ucar.edu:8443/thredds/wms/ds083.2/best
Whereas:
<security-constraint>
<web-resource-collection>
<url-pattern>/dodsC/*</url-pattern>
<url-pattern>/fileServer/*</url-pattern>
<url-pattern>/wcs/*</url-pattern>
<url-pattern>/wms/*</url-pattern>
<url-pattern>/ncss/*</url-pattern>
<url-pattern>/cdmremote/*</url-pattern>
<url-pattern>/ncml/*</url-pattern>
<url-pattern>/godiva2/*</url-pattern>
</web-resource-collection>
</security-constraint>
results in
https://castle.ucar.edu:8443/thredds/godiva2/godiva2.html?server=http://castle.ucar.edu/thredds/wms/ds083.2/best
and a JSON error
Is there a URL-pattern that I am missing, or a way that I can tell
Godiva2 to use the SSL URL for the value for the value for the server
attribute?
-kevin.
--
Kevin Manross
NCAR/CISL/Data Support Section
Phone: (303)-497-1218
Email:manross@xxxxxxxx <mailto:manross@xxxxxxxx>
Web:http://rda.ucar.edu
_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx
For list information or to unsubscribe, visit:http://www.unidata.ucar.edu/mailing_lists/
--
Kevin Manross
NCAR/CISL/Data Support Section
Phone: (303)-497-1218
Email:manross@xxxxxxxx <mailto:manross@xxxxxxxx>
Web:http://rda.ucar.edu
