Sample: Layer access

Purpose
This sample demonstrates two things:
  • How to handle REST, SOAP, and binary requests.
  • How to implement layer level controls and conditionally give access to certain layers based on an external permissions file.
As part of the handling of SOAP and binary requests, this samples makes use of the SOIHelper class to show how to call into the ArcGIS Server default operation handlers.
Note that this sample is not comprehensive in what operations are intercepted. Developers should use this as the basis for learning how to implement security related functionality, but all production code should be carefully vetted to ensure that all appropriate operations are handled and no information is inadvertently leaked or made accessible.
This sample is dependent on a file named permission.json to be present in the directory containing the arcgisoutput server directory. For example, in a default Windows installation this is C:\arcgisserver.
See Deploying extensions to learn how to deploy the extension to your server.

How to use

See How to use ArcGIS samples for help on running the sample.

Data has been provided for your use with this sample. It can be found at <Your ArcGIS Developer Kit Install directory>/Samples/data/arcobjects/serverobjectinterceptors/LayerAccessSOI.

  1. Deploy LayerAccessSOI.soe to your server (or your own modified version if you have changed the path for the permission.json file).
  2. Enable the SOI on a map service.
  3. Disable caching of layer resources in the ArcGIS Server REST handler.
  4. Consume the service using different users.
  5. Note how certain layers are only visible when the request is authenticated and matches the permissions defined in permission.json.

If you installed the samples feature, you will find the files associated with this sample in <Your Developer Kit install location>\DeveloperKit10.4\Java\Samples\ArcObjects.

soi/LayerAccessSOI.java
(view code)
 The LayerAccessSOI Java Server Object Interceptor Extension class.
lib/LayerAccessSOI.soe The deployable SOE file.
permission.json Defines layer permissions. Place this file in the arcgisoutput server directory.