One, foreword

Recently, IN my work, I often encounter the security problem of map service access. For this problem, I have read a lot of information, and most of the schemes offered on the Internet are agents. According to the guidance on the official website, after several attempts, there were no satisfactory results. Finally, after repeated discussions with colleagues, the technical route of the solution was determined and realized — ArcGIS 10.2 for Server Rest service security management based on user rights.

ArcGIS 10.2 for Server Rest Service Security Management based on user permissions

ArcGIS Server security determines the users who manage THE GIS Server, publish to the GIS Server and use the service.

1. Create a user

Users refer to any personnel or software agents who access ArcGIS Server resources.

2. Set the access permission for the map service

Set the security of the map service to private, giving access only to users.

3. Map service access test

Open the map service address to access: https://

: /

/MapServer. At this point, you need to enter the user account and password to access, so that the purpose is achieved.

3. Token-based map service address access authentication processing

1. Obtain the token for accessing the map service address

Here you can use the interface provided by the ArcGIS REST API to obtain the token:

http:// < host > : < port > / < site > / generateToken.

The details of the interface can be reference: developers.arcgis.com/rest/servic… .

(1) The clientAccess token

In the browser, open http://

: /

/generateToken and enter the configured parameter values to obtain the token for accessing the map service address.

(2) The front endThe code to get the token

/ * * *@description: Obtain the token for map service access *@params: URL {String} Specifies the address to request the token, in the format of http://<host>:<port>/<site>/generateToken */
function getArcgisToken(url) {
    var params = {
        username: userName, // userName: indicates the userName
        password: password, // password: indicates the user password
        client: 'requestip'.// Client id type
        referrer: ' '.// Reference mode
        ip: ' '.expiration: 60 * 24 * 10.// Unit: minute. If this parameter is not set, the maximum value can be set by default
        f: 'json'
    };
    $.ajax({
        type: "get".url: url,
        data: params,
        dataType: "json".success: function (data) {
            if (data.success) {
                var arcgisToken = data.data.Token; // Map service address access token. }},error: function (error) {
            console.log(error); }}); }Copy the code

(3) The back-endThe code to get the token

public class ArcgisServerToken {
    @Value("${arcgis.server.url}")
    private String url; // Request the token address
    @Value("${arcgis.server.username}")
    private String username; / / user name
    @Value("${arcgis.server.password}")
    private String password; // User password
    @Value("${arcgis.server.client}")
    private String client; // Client id type
    @RequestMapping
    public AjaxResult getToken(a) throws IOException {
        HttpRequester request = new HttpRequester();
        Map param = new HashMap();
        param.put("username", username); 
        param.put("password", password); 
        param.put("client", client); 
        param.put("referer"."");
        param.put("ip"."");
        param.put("f"."json");
		// param.put("expiration", 60*24*10); // Unit: minute. If this parameter is not set, the maximum value can be set by default
        HttpRespons respons = (HttpRespons) request.sendPost(url, param);
        String json = respons.getContent();
        JSONObject jsonObject = JSONObject.fromObject(json);
        String token = jsonObject.getString("Token");
        return newAjaxResult(token); }}Copy the code

2. Token-based secure access to map service addresses

In the above way, no matter whether the token returned by the back end or the front end is spliced, the secure access policy for the map service address is realized.

http://<host>:<port>/<site>/MapServer?token=LM1zdTdqq8heIbGGJk9Iao7h5WIZskdFRpQFARe-UzVOeT_rEJjTR3Nk47VWB1Fu

Four,

  • Encountered such a problem, first of all to find whether there is a relevant working scene of the technical scheme and implementation ideas; When there is a technical solution, analyze and evaluate how it needs to be implemented and what problems it may encounter.

  • The technical realization route of this paper is summarized as follows:

    1. inMap Service Manager (ArcGIS Manager)Create a user with access rights.
    2. configurationCorresponding to map serviceAccess permissions;
    3. Can be achieved byThe client,The front end,The backgroundObtain the token of map service access;
    4. inThe browseraccessMap service after token stitching.

  • Do things before they are done. Early to see this problem, the search information is mostly solved by proxy, so I think we can build a proxy framework through the background. In fact, we should try more, after all, practice is the only criterion for testing truth.

5. Refer to the article

ArcGIS 10.1 for Server Rest Service Security Management: Based on user and role permissions

ArcGIS for JavaScript to obtain token

Six, the last

Well, that’s all for sharing ideas of this article.

It’s 2021. The epidemic in the past year is not easy to verify.

In the New Year, I wish you all a “cow” turn; In the New Year, if THERE is any new work discovery, I will also insist on sharing.

For the first article of this year, please like ❤️ + favorites + forward ❤️, thank you all 🙏

If you have this problem at work, give it a try!

If you have any questions or suggestions, please leave a message. If the article is not correct, welcome everyone comments, not stingy comments.