Simulating an App or API key

While user based authentication is built-in to mapping services, some effort is required to simulate the idea of a App or API key.

Define a new User/Role service appkey, this will be used to manage a list of applications.

The following example uses an XML User Role Service and the file application.xml (which it will check every 10 seconds).

XML User / Role Service

Note

Distinct role service to avoid accidentially providing acccess to the admin user
Create a number of users using the appkey User/Role service.
Navigate to Security ❯ Authentication and add a new Authentication Filter.

Use the header attribute application, with appkey role service created above, and Save.

The request header application is setup by GeoCat Live for this purpose, to use a different header field contact support.

HTTP Request Header Authentication application
Navigate to Security ❯ Authentication and select the default filter chain matching / ** requests.

Add the header filter as the first entry in the chain, if the expected header is provided it will be used to authenticate the incoming request.

Default filter chain header authentication
Restrict the workspace you wish the application to work with to AUTHENTICATED.

Update your web or mobile client application to include the application header.

OpenLayers tileLoad function:

function(tile, src) {
  var client = new XMLHttpRequest();
  client.responseType = 'blob';
  client.open('GET', src);
  client.setRequestHeader("Application", "app1");
  client.onload = function() {
    tile.getImage().src = URL.createObjectURL(client.response);
  };
  client.send();
};

ArcGIS JavaScript API interceptor:

esriConfig.request.interceptors.push({
   urls: "http://localhost:8080/geoserver/workspace/ows",
   before: function(params) {
     params.requestOptions.headers = {
        "application": "app1"
     };
   }
})

Tips:

Remote management of the /security/usergroup/appkey/application.xml list is available via the REST Resource API.