search

ESGF / esg-orp

ESGF Openid Relying Party (ORP)
http://esgf.org/esg-orp/
Other
3 stars 6 forks source link

Allow access control for images and other files served through thredds #2

Closed LucaCinquini closed 11 years ago

LucaCinquini commented 11 years ago

Cuurently all .gif and .jpg URLs served by a TDS are not applied any security, because of the "authenticationNOtRequiredPattern" value of the "authenticationFilter" in web.xml. The list of open URLs patterns should be changed to include ONLY those images that are part of the THREDDS distribution, namely:

<init-param>
  <param-name>authenticationNotRequiredPatterns</param-name>      <param-value>"[^?]*(/|(/admin/)(.*)|(/remoteCatalogService\?.*)|(/folder\.gif)|(/threddsIcon\.gif)|(/thredds\.jpg)|(/threddsSmall\.jpg)|(/unidataIcon\.gif)|(/unidataLogo\.gif)|(?&lt;=\.(html|xml|css|js))(\?.*)?)"</param-value>
  <!--  Alternatively, e.g.:
       <param-name>authenticationRequiredPatterns</param-name>
       <param-value>"[^?]*/fileServer/.*", "[^?]*/dodsC/[^?]*(?&lt;!\.html)(\?.*)?"</param-value>
  -->
</init-param>