In the previous chapters, you've extensively used the web interface. To do this, you always needed a user ID and password. Also, when using the REST interfaces to manage the GeoServer configuration, you had to submit your login credentials. However, you could anonymously access the layers and maps. This is because we used the default settings in the GeoServer security, configured to provide free access to your data for everyone.
While this is quite understandable when you are developing your application, it may not be the best option for a real site.
There could be many different reasons to hide your services, or at least a part of them. Your maps could be a part of a bigger site with a security system requiring your user to log on.
Whenever your data should not be freely available, you need to update the Security Settings
. Users may be linked to different roles, with some confidential data only visible from a few of them. GeoServer security...