Re: [thredds] Godiva2 vs Restricted Access


Thanks for the reply Marcos!

I don't think I want to secure the catalog/ path as we are aiming to keep that open for discovery purposes (geoportal).

I'll take a look at the CORS stuff, but I'll probably start with trying to modify the javascript.

Thanks!

-kevin.


On 7/31/13 2:40 PM, Marcos Hermida wrote:
Hi Kevin,

when the catalog page is resolved and the Godiva2 link is created, TDS uses the request url for building the links. As that page (the catalog page) is an http without security constraint the base url starts with http and the link in the catalog resolves to something like: http://castle.ucar.edu/thredds/godiva2/godiva2.html?server=http://castle.ucar.edu/thredds/wms/ds083.2/best Then, when you click that link, since that url matches one of the secured url-patterns tomcat redirects to: https://castle.ucar.edu:8443/thredds/godiva2/godiva2.html?server=http://castle.ucar.edu/thredds/wms/ds083.2/best It changes the url but not the query string on it, so Godiva2 tries to make http requests on a different domain (different protocol, actually) and fails, I guess, because the ajax cross-domain restrictions. One possible solution would be to add /catalog/* to the url patterns so the catalog's urls would be secured and start by https and the Godiva2 links should be fine. Another solution would be to force Godiva2 to match the protocols in the url and the value in the server parameter, but that would require to change the javascript code. Also, not sure if it would work here, there is a TDS with CORS support version: https://github.com/tkunicki-usgs/thredds-cors that you might want to try.


Cheers!



On 07/30/2013 01:17 PM, Kevin Manross wrote:

I was able to get the Godiva2 viewer to work properly with out datasets when the data were unrestricted, or if I restricted the entire TDS.

In order to open our catalogs for searching, I have set the security restraints at the access level. Unfortunately, this doesn't play nicely with the Godiva2 viewer as the value for the server attribute in the url is not the same as the root url.

I.e., from my web.xml:

  <security-constraint>
    <web-resource-collection>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
  </security-constraint>

results in

https://castle.ucar.edu:8443/thredds/godiva2/godiva2.html?server=https://castle.ucar.edu:8443/thredds/wms/ds083.2/best

Whereas:

  <security-constraint>
    <web-resource-collection>
      <url-pattern>/dodsC/*</url-pattern>
      <url-pattern>/fileServer/*</url-pattern>
      <url-pattern>/wcs/*</url-pattern>
      <url-pattern>/wms/*</url-pattern>
      <url-pattern>/ncss/*</url-pattern>
      <url-pattern>/cdmremote/*</url-pattern>
      <url-pattern>/ncml/*</url-pattern>
      <url-pattern>/godiva2/*</url-pattern>
    </web-resource-collection>
  </security-constraint>

results in

https://castle.ucar.edu:8443/thredds/godiva2/godiva2.html?server=http://castle.ucar.edu/thredds/wms/ds083.2/best

and a JSON error

Is there a URL-pattern that I am missing, or a way that I can tell Godiva2 to use the SSL URL for the value for the value for the server attribute?

-kevin.


--
Kevin Manross
NCAR/CISL/Data Support Section
Phone: (303)-497-1218
Email:manross@xxxxxxxx <mailto:manross@xxxxxxxx>
Web:http://rda.ucar.edu


_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx
For list information or to unsubscribe, visit:http://www.unidata.ucar.edu/mailing_lists/


--
Kevin Manross
NCAR/CISL/Data Support Section
Phone: (303)-497-1218
Email:manross@xxxxxxxx <mailto:manross@xxxxxxxx>
Web:http://rda.ucar.edu
  • 2013 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: