To use headers for GeoServer's Proxy URL see client proxy documentation.
Web Map Service (WMS) endpoint is implemented using combination of Layman's authentication proxy, Layman's WMS proxy, and GeoServer.
The authentication proxy understands same authentication credentials as Layman REST API (e.g. OAuth2 credentials) and passes the request to GeoServer with credentials understandable by GeoServer.
The WMS proxy parses request and adapts it in case of WMS GetMap requests:
- If incoming request is in CRS:84 and one of requested SLD layers has native CRS EPSG:5514, it changes CRS of the request to EPSG:4326. It fixes wrong transformation of features in GeoServer.
WMS respects publication access rights. If user asks for layer he has not read access to by GetMap or GetFeatureInfo request, GeoServer returns standard ServiceExceptionReport (code LayerNotDefined).
GetLegendGraphic query is answered directly by GeoServer for layers with SLD style and can be parametrized according to GeoServer documentation. For layers with QML style is such query redirected by GeoServer to QGIS server and can be parametrized according to QGIS documentation.
Web Feature Service (WFS) endpoint is implemented using combination of Layman's authentication proxy, Layman's WFS proxy, and GeoServer.
The authentication proxy behaves in the same way as in case of WMS.
The WFS proxy parses request and adapts it in few ways in case of WFS-T 1.0, 1.1 and 2.0:
- If incoming WFS-T request Insert, Replace, or Update refers to an attribute, that does not exist yet in DB, the attribute is automatically created in DB table before redirecting WFS-T request to GeoServer. The attributes name must match to regex
^[a-zA-Z_][a-zA-Z_0-9]*$, otherwise Layman error is raised. Data type of the attributes isVARCHAR(1024). Also if QML style is used, attribute is automatically added to QGS project file. If attribute creation fails for any reason, warning is logged and request is forwarded to GeoServer nevertheless. - Bounding box and thumbnail of each vector layer referenced in incoming Insert, Replace, Update, or Delete WFS-T request is updated in asynchronous chain after the request is finished.
- Calling WFS-T on a vector layer when previous asynchronous chain of the layer (POST, PATCH or another WFS-T) is still running causes run of WFS-T asynchronous chain after the current one is finished.
- Calling WFS-T on a vector layer that is contained by map whose previous asynchronous chain (POST, PATCH or another chain caused by WFS-T) is still running causes run of map's asynchronous chain after the current one is finished.
WFS respects publication access rights. If user asks for type (layer) he has not read access to by DescribeFeatureType or GetFeature request, GeoServer returns standard ExceptionReport (code InvalidParameterValue, locator typeName or typeNames). To perform WFS-T requests, write access is needed.
For layers in EPSG:5514 and WFS requests in CRS:84, the features may have wrong coordinates by hundreds of meters. For requests in EPSG:4326, coordinates are correct.
Catalogue Service (CSW) is implemented using Micka.