Logo of 52°North
52North Security User Guide... WSS User Guide Previous Versions 2.1 User Guide

Chapter 1: Introduction & Quick Start

1. Introduction

This user guide shows how to work with the 52°North Web Security Service v2.2.x.

2. Basic Architecture

In the most simple case the architecture of the 52°North Security System is quite simple:

You just have to deploy and configure the Web Security Service (WSS) that...

  • receives all service requests instead of the protected service (eg. your WMS),
  • authenticates the user by some kind of credentials passed on with the request,
  • checks and enforces access permissions defined in a policy XML file,
  • and forwards the request to the protected service.

3. System Requirements

  • Apache Tomcat 5.0, 5.5, 6.0
  • Java Development Kit (JDK) 1.5, 1.6

4. Installation

  • Download the latest 2.2.x version of the WSS application.

    The WSS service is delivered as a zipped web archive file ('war') to be easily deployed in a Servlet container.

  • Deploy the WSS web application into Apache Tomcat.

    The easiest way to deploy a web application is to unzip the downloaded file and save wss.war to <TOMCAT_HOME>/webapps.

5. Quick Start

This section guides you through the steps to test the newly installed WSS with as few modifications needed as possible, making use of pre-defined services, users and policies.

5.1 Pre-defined service, users and policies

When you downloaded and installed the WSS it is pre-configured to protect the Demis WMS. The URL of the protected service is http://localhost:8080/wss/service/wms_demis/httpauth (adjust host, port, and context name if necessary). It can be connected and loaded like any other WMS, but requires HTTP Basic Authentication.

The installation comes with three user accounts and defines the following access policies:

  • User Alice (username/password: alice/alice) has full access to all layers and operations on the Demis WMS
  • User Bob (bob/bob) and user Guest (guest/guest) have GetMap and GetCapabilities access to the layers Cities, Builtup areas, Hillshading, Borders, and Countries.
  • User Bob can only query features (GetFeatureInfo) from the Countries layer.
  • User Guest can query features (GetFeatureInfo) from the Countries layer whithin the area of the Americas.

5.2 Adjusting the policies

As the WSS base URL is a part of the policies, you most likely have to replace the default URL http://localhost:8080/wss with your actual WSS URL in the policies. If your actual WSS base URL matches the default URL you don't need to replace the URLs!

To do so, follow these steps:

  • In a text editor open <WSS_DIR>/WEB-INF/classes/permissions.xml
  • Replace all occurances of http://localhost:8080/wss with your actual WSS URL.
  • Save the modifcations.

5.3 Hello World!

Browser

To test the installation let us request the capabilities of the protected service using Bob's account.

In a browser open http://localhost:8080/wss/service/wms_demis/httpauth?SERVICE=WMS&REQUEST=GetCapabilities (adjust host, port, and path if necessary).

If you are requested for username/password, enter bob / bob.

You will receive a capabilities document that only contains the layers, Bob is allowed to see.

If you'd like to request the capabilites with a different user account (alice or guest) you have to restart the browser in order to invalidate Bob's cached credentials.

uDig

To load the protected service into uDig

  • Start uDig
  • Select File > New > New Map
  • Rename map to protected
  • Right-click on protected > Add... > Web Map Server > Enter http://localhost:8080/wss/service/wms_demis/httpauth
  • Log in as Bob (bob/bob)
  • Select all available layers

You are now able to navigate the map as with any other WMS. If you use the info button to identify the features, you can only get information for the Countries layers -- according to the permissions.