I know it's stated on http://docs.geoserver.org/stable/en/user/security/layer.html that layer security and service security, but i was wondering if it'd be possible to have per-workspace (not even per-layer) service ACL.
My usecase is simple : i want two workspaces for two different targets :
- one public workspace where the published data is available freely to anyone via WMS/WFS/WCS
- one 'private' workspace where the user need to login (http auth) to access WMS/WFS/WCS
As it is now, i didnt find a way to implement that in GeoServer itself. You either allow full access to a service on all workspaces, or restrict services on all workspaces to a role via http auth.
I can still put the http auth on my frontend reverse proxy (my users are in a LDAP), but it'd be nice to have that directly integrated in GeoServer.
How hard would it be to implement that ? After all it's "just" adding a workspace key to service acls (or a service key to data acls..) in the UI and in the access backend. Would it be a wanted feature, or against GeoServer's design ?
Sorry if this bug report is a duplicate, didnt find a similar subject in the open issues.