Geomajas Community Documentation

Chapter 8. Security

8.1. Authentication versus authorization
8.2. What can be authorized
8.3. SecurityManager service
8.4. SecurityContext service

Geomajas has security built-in. If you don't provide a security configuration, nothing will be authorized. For unsecured access, you can add

<bean name="security.securityInfo" class="org.geomajas.security.SecurityInfo">
    <property name="loopAllServices" value="false"/>
    <property name="securityServices">
        <list>
            <bean class="org.geomajas.security.allowall.AllowAllSecurityService"/>
        </list>
    </property>
</bean>

Example 8.1. Allow full access to everybody


which will allow all access to everybody, including full access to features which are only partly within configured bounds.

It is also possible to configure other security services, to allow authentication and authorization to be done by the services which are configured.

Note

When configuring security services, it is important to assure that login is possible. Anything which is not explicitly allowed in not allowed, which likely includes the command which is used to login. You have to make sure that everybody can access the login command.

Specific configuration depends on the configured security services, details of which can be found in the specific plugin's documentation.