Re: [las_users] LAS 8.0: securing "save as..." by password

[Roland Schweitzer - NOAA Affiliate <roland.schweitzer@xxxxxxxx>]

Emanuele,

Glad you like the new UI.

Here are a couple of things you can do:

If you remove the operations where category="file" and category="table" from the operationsV7.xml file on your deployed server (or change them to private="true") and restart your server the "Show Values" and "Save As..." buttons on the interface will be disabled.  They will still show on the interface, but they will remain "grayed out" and won't respond to clicks.

In general we don't support putting parts of the interface behind an authentication filter, but there seems to nothing to prevent you from setting up your server to work that way.

In general, you want to add the security constraint configuration to the web.xml of the deployed LAS.  Look in WebContent/WEB-INF/web.xml for the file that gets deployed by the "ant deploy" step.  There's a security constraint in there for the admin and ReInit page.  Turn that on and then the URL you want to protect for "Save As..." is of the form las/InteractiveDownloadData.html.

Roland

On Fri, Feb 22, 2013 at 9:10 AM, emanuele lombardi <emanuele.lombardi@xxxxxxx> wrote:

Hi to everybody!

I'm very happy with new LAS 8.0 which now is my default LAS.

I'd like to know how to put "Save As..." option under the control of a
password. This is necessary since we allow everybody to see our data, but we
wish to give data only to registerd users.

With LAS 7.3 I bypassed the problem removing the "Save As..." by editing
productserver/templates/V7UI.vm, (but in 8.0 I didn't find a similar file to
edit).

In any case it would better to leave the "Save As..." and activate an access
control over the data to be saved, but I don't know how to achieve this.


I tried acting at TDS level adding the following lines to thredds' web.xml

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>restricted access datasets</web-resource-name>
      <url-pattern>/dodsC/las_tirreno/*</url-pattern>
      <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>accediTIRRENO</role-name>
    </auth-constraint>
    <!-- user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint -->
  </security-constraint>


and the following lines to catalog.xml

<datasetScan name="Data From LAS Tirreno" path="las_tirreno"
location="/usr/local/tomcat7/content/las_tirreno/conf/server/data"
serviceName=
"all">
      <filter>
         <include wildcard="*.nc"/>
         <include wildcard="*.fds"/>
         <include wildcard="*.jnl"/>
      </filter>
   </datasetScan>


It appens that accessing data via thredds is secured by password but LAS 8
"Save as..." option still doesn't ask for any password.


I'll be glad for any help,

Ciao from Italy,

Emanuele