Logo of 52°North

Tutorial for setting up and using the components from the OWS-6 testbed

This tutorial will guide you to set up the components (developed during the OWS-6 testbed) to protect an OGC Web Map Servive and load it into an OGC WMS client.

You will install the 52°North WSC.Web, Gatekeeper and STS. For demonstration purposes, the "protected" WMS will be the ArcIMS 9.2.0 brd Web Map Service. The uDig client will be used to visualize the results.

  1. System requirements

    The components are delivered as web archive files ("war") to be easily deployed in a servlet container.

    • Apache Tomcat 6.x
    • Java Development Kit (JDK) 1.4.x, 1.5., 1.6
  2. Installation
  3. Test the default Installation (with uDig)
  4. Restrict GetMap access

    The user Alice should only be able to load the layer "Bundeslaender":

    • Stop Tomcat
    • Go to TOMCAT_HOME/webapps/52n-security-gatekeeper-webapp-0.1\WEB-INF\classes and open the rights.xml with an editor of your choice
    • Look for the XML element <PermissionCollection> with the type atribute value target:wms:layer
      <rights:PermissionCollection type="target:wms:layer">
                      <rights:Permission>
                              <rights:Resource>*</rights:Resource>
                              <rights:Action>GetCapabilities</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">alice</rights:Subject>
                      </rights:Permission>
                      <rights:Permission>
                              <rights:Resource>*</rights:Resource>
                              <rights:Action>GetMap</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">alice</rights:Subject>
                      </rights:Permission>
                      <rights:Permission>
                              <rights:Resource>Bundeslaender</rights:Resource>
                              <rights:Action>GetFeatureInfo</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">alice</rights:Subject>
                              <rights:Obligation type="obligation:wms:extent:boundingbox">
                                      <rights:Attribute id="srs">EPSG:31467</rights:Attribute>
                                      <!-- Only North Rhine-Westfalia -->
                                      <rights:Attribute id="box">3276171,5573465,3534133,5821553</rights:Attribute>
                              </rights:Obligation>
                      </rights:Permission>
                      <rights:Permission>
                              <rights:Resource>*</rights:Resource>
                              <rights:Action>GetCapabilities</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">main</rights:Subject>
                      </rights:Permission>
                      <rights:Permission>
                              <rights:Resource>*</rights:Resource>
                              <rights:Action>GetMap</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">main</rights:Subject>
                      </rights:Permission>
                      <rights:Permission>
                              <rights:Resource>Bundeslaender</rights:Resource>
                              <rights:Action>GetFeatureInfo</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">main</rights:Subject>
                              <rights:Obligation type="obligation:wms:extent:boundingbox">
                                      <rights:Attribute id="srs">EPSG:31467</rights:Attribute>
                                      <!-- Only North Rhine-Westfalia -->
                                      <rights:Attribute id="box">3276171,5573465,3534133,5821553</rights:Attribute>
                              </rights:Obligation>
                      </rights:Permission>
                      <rights:Permission>
                              <rights:Resource>Bundeslaender</rights:Resource>
                              <rights:Action>GetMap</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">guest</rights:Subject>
                      </rights:Permission>
                      <rights:Permission>
                              <rights:Resource>Bundeslaender</rights:Resource>
                              <rights:Action>GetCapabilities</rights:Action>
                              <rights:Subject type="urn:n52:authentication:subject:principal:role">guest</rights:Subject>
                      </rights:Permission>
      
              </rights:PermissionCollection>
      • Look for the following <Permission>
        <rights:Permission>
                <rights:Resource>*</rights:Resource>
                <rights:Action>GetMap</rights:Action>
                <rights:Subject type="urn:n52:authentication:subject:principal:role">alice</rights:Subject>
        </rights:Permission>
    • Change the value of the XML element <Resource> to Bundeslaender
      <rights:Permission>
              <rights:Resource>Bundeslaender</rights:Resource>
              <rights:Action>GetMap</rights:Action>
              <rights:Subject type="urn:n52:authentication:subject:principal:role">alice</rights:Subject>
      </rights:Permission>
    • Start Tomcat and repeat Step 3
    • You will only see the layer "Bundeslaender"