Authentication Filters¶
- Authentication filters perform a variety of tasks, including:
- gathering user credentials from a request, for example from Basic and Digest Authentication headers
- handling events such as ending the session (logging out), or setting the “Remember Me” browser cookie
- performing session integration, detecting existing sessions and creating new sessions if necessary
- invoking the authentication provider chain to perform actual authentication
 
- Available filters are:
- J2EE - Delegates to servlet container for authentication
- Anonymous - Authenticates anonymously performing no actual authentication
- Remember Me - Authenticates by recognizing authentication from a previous request
- Form - Authenticates by processing username/password from a form submission
- X.509 - Authenticates by extracting the common name (cn) of a X.509 certificate
- HTTP Header - Authenticates by checking the existence of an HTTP request header
- Basic - Authenticates using HTTP basic authentication
- Digest - Authenticates using HTTP digest authentication
 
Some filter chains are available in order to configure which filters are to be used in a different context.
- Available chains are:
- web
- webLogin
- webLogout
- rest
- gwc
- default
 
Many filters can be active for a particular chain at the same time, just add them to the filter chain.
Now we will modify the Default authentication filter to disable anonymous access for OWS services:
- From the Welcome page click the Authentication link on the Menu Security section. 
- Click the default link from Filter Chains list. 
- Select the anonymous element in the Selected list of the Chain filters menu   
- Click the arrow left button to add the element to the Available list 
- Click the Close button. 
- Click the Save button. 
Now we are going to verify that the anonymous user is not allowed to launch OWS requests:
- From the Welcome page click the Demos link on the Menu. - Note - You have to be logged out from Geoserver admin console. 
- Click the Demo requests link 
- Select WMS_getMap.url from Request combo box. 
- Insert: - http://localhost:8083/geoserver/wms?service=WMS&version=1.1.0&request=GetMap&layers=geosolutions:Counties&styles=&bbox=-109.060256,36.992424,-102.040878,41.003443999999995&width=577&height=330&srs=EPSG:4269&format=image/png 
in the URL text field
- Click the Submit button.   
You should get an error like: HTTP response: 401. Now let’s try with an authenticated user:
- Insert admin in the Username text field.
- Insert Geos in the Password text field.
- Click the Submit button.
You should get a map.
