Logo of 52°North

WSS Quick Start Guide

Intro

This Quick Start Guide shows how to configure a standard installation of a WSS, version 1.2. Following this guide you will

  • enable WAS-based authentication
  • protect layers of a WMS service (http://www2.demis.nl/wms/wms.asp?wms=WorldMap by default)

Steps

  1. Install the WAS web application as described in the WAS Quick Start Guide.

    The WAS will be used to authenticate users who want to access the protected service through the WSS.

  2. Install the WSS web application as described here

    Within the scope of this guide, the WSS should be installed on the same machine as the WAS.

  3. Make sure your Tomcat is stopped
  4. Open the <WSS_INSTALL_DIR>/WEB-INF/classes/conf/pes/pesConfig.xml file with a text or xml editor
  1. Configure the trusted WAS that issues accepted authentication issue

Find the line

                                <auth:Parameter name="was.url">https://localhost:8443/was/WAS</auth:Parameter>

and enter the WAS URL as defined during the WAS installation.

  1. Enter the URL of the protected service

    Find the line

    <ServiceEndpoint>http://www2.demis.nl/wms/wms.asp?wms=WorldMap</ServiceEndpoint>

    and replace the exisiting URL by the URL of a WMS you want to protect or leave as is to test with the Demis WMS.

  2. Enter the WSS URL

    Find the line

    <Parameter name="wss.url">https://localhost:8443/wss/WSS</Parameter>

    and adjust the URL to match your installation, e.g. http://localhost:8080/wss/WSS if HTTPS is not enabled on your machine.

  3. Restart your Tomcat

    Unfortunately, there is no simple client to check the success of the installation. To be able to access the protected service with standard WMS clients and requests you can install the 52n WSC.Web application

  4. The missing step...

    Of course, just by installing a WSS your protected service is not safe from being requested directly, bypassing the WSS security measures. It lies in your responsibility to make sure that only the WSS can access the protected service. This can be achieved by IP filtering mechanisms that are depending on the system environment, application container etc.

When you finished the last step, your WSS should be ready to operate. The user permissions are defined in the file <WSS_INSTALL_DIR>/WEB-INF/classes/conf/pes/rights.xml. The default permissions that fit the pre-configured Demis WMS are:

  • User "Alice" (username/password for WAS: alice/alice) is allowed to view/access all layers.
  • User "Bob" (username/password for WAS: bob/bob) is allowed to only view a selection of layers. GetFeatureInfo is only allowed for the "Countries" layer.
  • User "Guest" (username/password for WAS: guest/guest) has the same permissions as bob, except that he can only query GetFeatureInfo on "Ccountries" on the American continent.