Table of Contents

MapBender with Owsproxy

Functions

A secure web service can be activate with the mapbender administration tool 'OWS Proxy'. Therefor a md5-representation will be created. Now mapbender doesn´t use the unaccessible onlineressource of the WMS but a dynamic generated URL composed of the sessionID of the user and the md5-representation. The sessionID will be created during the authentification and is the ticket for the authorization.

Request from the browser are not send to the WMS but to the mapbender OWS Proxy module which act like a WMS and transfer the request for internal use. With the sessionID the authorization of the user and the IP will be checked. The dynamically generated onlineressource can be used till the session is finished.

External clients can include the secure services by authentification of the user in mapbender. Now you can get a list of all secure services. The changed onlineressource will be changed dynamically in the capabilities document of the service.

Security note

The service have to be secure for unauthorized access independet of the mapbender. Mapbender prepare the access-tunnel but doesn´t secure the service itself who ca be used on every external computer. Depending on the architecture mapbender server has to be advertised to the secure service.

Changes in the database

The wms table gets a new column to store the md5 string for each wms resource:

ALTER TABLE wms ADD wms_owsproxy VARCHAR( 50 )  NULL ;

New module

Owsproxy is composed of three part: the module to configure the secure web service, the module to display the safe URLs and the OWSPROXY code itself:

Module install

Note: xxx is replaced with the GUI name.

Administration module

If you add an already existing administration module to a GUI, you get an error.

INSERT INTO gui_element(fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes,
e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod,
e_target, e_requires)
VALUES ('xxx', 'owsproxy', '0002', '1', 'secure services', 'a', '',
'href=\\\"../php/mod_owsproxy_conf.php?sessionID\\\"\\\' target=\\\"AdminFrame\\\"',
'10', '910', '200', '20', '1',
'font-family: Arial, Helvetica, sans-serif; font-size : 12px; text-decoration : none; color: #808080;',
'OWSPROXY', 'a', '', '', '', 'AdminFrame');

The module is installed per default into admin1, admin_de_services and admin_en_services GUIs.

User GUI module

Otherwise it consists only of the body:

INSERT INTO gui_element (fkey_gui_id, e_id, e_pos, e_public, e_comment, e_element, e_src, e_attributes,
e_left, e_top, e_width, e_height, e_z_index, e_more_styles, e_content, e_closetag, e_js_file, e_mb_mod,
e_target, e_requires) VALUES('xxx', 'owsproxy', '0002', '1',
'display the secure urls to the capabilities document.', 'iframe',
'../javascripts/mod_owsproxy.php?sessionID', 'id=\\\'owsproxy\\\' name=\\\'owsproxy\\\'', '100', '10',
'800', '700', '1', '', '', 'iframe', '', '', '', '');

Web server configuration

The Owsproxy directory is located into the MapBender base directory (default directory after installation). You have to configure an alias directive in the Apache configuration file:

Alias /owsproxy/ "/var/www/mapbender/owsproxy/"
<Directory /var/www/mapbender/owsproxy/>
    AllowOverride None
    Order Deny,Allow
    Allow from all
</Directory>

Check if AllowOverride, Order or Allow directives should be changed. Don't forget to restart Apache.

MapBender configuration

Edit the mapbender.conf configuration file, and add the URL for the Owsproxy:

# --------------------------------------------
# URL to owsproxy
# (no terminating slash)
# --------------------------------------------
define("OWSPROXY", "http://<ip or name>/owsproxy");