The WFS Interceptor

WFSGetCapabilitiesInterceptor

• Interceptor for WFS GetCapabilities request
• Filters unauthorized feature types from the capabilities
• Resource: /featuretype
• Action: /operations/GetCapabilities
• Supported HTTP method: GET

WFSGetFeatureInterceptor

• Interceptor for WFS GetFeature requests
• Requests the rights for every requested feature
• Only if the user has the permission, the feature is added to the service request
• Resource: /featuretype
• Action: /operations/GetFeature
• If the user has no rights for the requested Feature an EnforcementServiceException is thrown "Not allowed"
• Supported HTTP method: GET and POST

WFSDescribeFeatureTypeInterceptor

• Interceptor for SOS DescribeFeatureType requests
• Requests the rights for every requested feature type
• Only if the user has the permission, the feature is added to the service request
• Resource: /featuretype
• Action: /operations/DescribeFeatureType
• If the user has no rights for the requested Feature an EnforcementServiceException is thrown "Not allowed"
• Supported HTTP method: GET and POST

Example Permissions

   <Permission name="alice_all">
         <Resource value="/featuretype/*"/>
         <!-- Any operations allowed -->
         <Action value="/operations/*"/>
         <!-- Any operations -->
         <Subject value="alice"/>
      </Permission>

   <Permission name="bob_Capabilities">
         <Resource value="/featuretype/topp%3Astates"/>
         <Resource value="/featuretype/tiger%3Apoly_landmarks"/> 
         <Resource value="/featuretype/topp%3Atasmania_state_boundaries"/>
         <Action value="/operations/GetCapabilities"/>
         <Subject value="bob"/>
      </Permission>