terriajs icon indicating copy to clipboard operation
terriajs copied to clipboard

Published 20 hours ago verified publisher icon TerriaJS

Support for User-Provided Credentials to Access Secured WMS/WFS Layers

Open not-Karot opened this issue 9 months ago • 0 comments

Feature Request: User-Provided Credentials for WMS/WFS Private Layers

Description: Currently, TerriaJS does not support a way to dynamically set up WMS/WFS private layers where users can provide their own credentials. The only available method is to hard-code the credentials in the configuration, which exposes them to the user or sets them as static credentials, posing security risks and inflexibility.

Feature Request: It would be highly beneficial to implement a feature that allows users to input their own credentials for accessing private WMS/WFS layers. If the provided credentials are authorized by the WMS/WFS service, the user should be able to view the data on the TerriaJS map.

Use Case:

  1. Users need to access private geospatial data layers secured by credentials.
  2. Allowing users to input their own credentials ensures security and flexibility.
  3. Users authenticated by the WMS/WFS service can visualize the protected data seamlessly in TerriaJS.

Proposed Solution:

  • Implement a user interface component in TerriaJS that prompts users for their credentials when attempting to access a secured WMS/WFS layer.
  • Use these credentials to authenticate against the WMS/WFS service.
  • If authenticated successfully, allow the user to view and interact with the secured layer on the map.
  • Optionally, store these credentials securely for the session to avoid repeated prompts.

Benefits:

  • Enhanced security by avoiding hard-coded credentials in the configuration.
  • Improved user experience by providing flexibility to access protected layers.
  • Maintains the integrity of private data access in compliance with security protocols.

Example Configuration: Here is a hypothetical example to illustrate how this could be configured:

{
  "catalog": [
    {
      "name": "Protected GeoServer Layer",
      "type": "wms",
      "url": "https://www.someurl.com/geoserver/wms",
      "layers": "workspace:layername",
      "requiresAuth": true
    }
  ]
}

When a user tries to access Protected GeoServer Layer, TerriaJS should prompt for credentials and authenticate them against the WMS service.

not-Karot avatar May 16 '24 16:05 not-Karot