SlideShare a Scribd company logo

Advanced Security With GeoServer

Download as PPTX, PDF
GeoSolutions
GeoSolutions

The presentation will provide an introduction to GeoServer own authentication and authorization subsystems. We’ll cover the supported authentication protocols, such as from basic/digest authentication and CAS support, check through the various identity providers, such as local config files, database tables and LDAP servers, and how it’s possible to combine the various bits in a single comprehensive authentication tool, as well as providing examples of custom authentication plugins for GeoServer, integrating it in a home grown security architecture. We’ll then move on to authorization, describing the GeoServer pluggable authorization mechanism and comparing it with proxy based solution, and check the built in service and data security system, reviewing its benefits and limitations. Finally we’ll explore an advanced authentication tool called GeoFence, and see how it can plug into GeoServer to provide graphical configuration abilities for use complex authorization rules over data and OGC services, taking into account spatial filters, attribute filters, attribute hiding as well as cropping raster data to areas of interest. Finally we’ll show how using LDAP both GeoFence and GeoServer can use a common users database, simplifying administrators job, and provide some real world examples.

Technology
1 of 49
Advanced Security With GeoServer Ing. Mauro Bartolomeoli, GeoSolutions Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2014, Portland 10th September 2014
GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoBatch, GeoNetwork  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers) FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview  Based on Spring Security  Users / Groups / Roles  User/group services  Role services  Authentication  Chains  Filters  Providers  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS  By role FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage  User/Group service  Storage for users and groups details  Storage for user credentials (e.g. passwords)  Password encryption handling  Read/Write or Read-only  Default implementations  XML files  Database through JDBC  Easy to implement and plug new services  Used by many filters/providers as a source for authenticated users detail  Missing: Read/Write LDAP User/Group service FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage  Role service  Storage for roles  Read/Write or Read-only  Assign roles to users and or groups  Default implementations  XML files  Database through JDBC  J2EE (from the Java Web Container)  LDAP  Easy to implement and plug new services  Active (Default) Role service  Used by many filters/providers as a source for authenticated users roles FOSS4G 2014, Portland 10th September 2014
Authentication FOSS4G 2014, Portland 10th September 2014
Authentication  Filter Chains  By «request url» pattern matching  Web UI  OGC Services  REST API  …  By Method: GET, POST, …  HTTP Session handling  Each chain applies a sequence of configured Filters to matching requests  Only SSL flag FOSS4G 2014, Portland 10th September 2014
Authentication  Filters  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  HTTP Header  Digest  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO) FOSS4G 2014, Portland 10th September 2014
Authentication  Authentication Providers  Used if filters require further authentication of gathered credentials (no preauthentication can be applied)  Username Password (using user/group service)  Database through JDBC (uses credentials to connect to a database, very different from the JDBC user/group service)  LDAP  with ActiveDirectory support  Easy to implement and plug new providers  Providers chain, to allow for different authentication mechanisms (e.g intranet users from LDAP, internet users from db) FOSS4G 2014, Portland 10th September 2014
Authentication  Extensions  CAS (https://www.apereo.org/cas): example of SSO integration  Community modules  Authkey: simple UUID to user mapper  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)  Real World Use Cases  Shibboleth SSO (using Headers or CGI environment variables)  Mixing filters/providers: LDAP/AD for internal users, jdbc for external users FOSS4G 2014, Portland 10th September 2014
Authentication  Future improvements  Clean up and filling holes  Increase LDAP support (e.g. LDAP User/Group Service for LDAP read-write support)  Greater flexibility  Improve authkey community module (new webservice based mappers) and promote to extension  New authentication filters (e.g. reading credentials from CGI environment variables) FOSS4G 2014, Portland 10th September 2014
Authorization FOSS4G 2014, Portland 10th September 2014
Authorization  Simple default implementation  Permissions assigned only by user role(s)  Data Access Authorization Rules  Workspace  Single Layer  Access Mode: Read, Write, Admin  Services Authorization Rules  Service (WMS, WFS, …)  Method (GetMap, GetLegendGraphic, …)  Pluggable ResourceAccessManager  SecureCatalog  Security Wrapped Catalog Objects (e.g. ReadOnlyDataStore) FOSS4G 2014, Portland 10th September 2014
Authorization  ResourceAccessManager  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Allows for fine grained limits  Read filters  Write filters  Spatial filters  SecureCatalog  Wraps original Catalog objects with secured implementations, aware of ResourceAccessManager defined limits  Secured wrappers take care of enforcing authorization rules, transparently FOSS4G 2014, Portland 10th September 2014
Meet GeoFence FOSS4G 2014, Portland 10th September 2014
GeoFence  Extended A&A for GeoServer  Authentication  Optional  Integrated with GeoServer authorization architecture  Open Source  GPL  Code on GitHub  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS FOSS4G 2014, Portland 10th September 2014
GeoFence  Based on GSIP 57  Mixed Interceptor + Probe approach  Extended authorization management for GeoServer  External Rule-Based System  GeoServer Internal Probe  On-the-fly manipulation of incoming requests  Role Based Access Control  Users  Groups  Rule-based database  IPTables-like FOSS4G 2014, Portland 10th September 2014
GeoFence  Fine Grain Authorization Control  Services  Operations  Workspaces  Layers  Attributes (alphanumeric and geospatial)  External Web Application  REST Interface  GUI  Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2014, Portland 10th September 2014
GeoFence  Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF  Supports DBMS  PostgreSQL/PostGIS  Oracle spatial  H2  Performance ensured thanks to a fine-tunable cache FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model  The GeoFence Authentication provider delegates credential checks to GeoFence  The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
Digging GeoFence FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  Geofence Stack (again…) FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture Modules and packages  GUI  core: GUI logic, implemented using GWT  webapp: produces the final web application .war file  Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer  GeoServer instances in a cluster must share the same ClusterID (instance name)  GeoFence uses the instance name to select rules  The Probe queries GeoFence on each request* with proper info  Instance name  User  Request Details  GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence.  The cache can be configured on different aspects:  number of entries,  expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request  Incoming authorization requests are transformed in a rule filter  Filtering can be performed on one or more of these fields:  Username  Group the provided user belongs to FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Source geoserver instance  We can control multiple GeoServer clusters  OGC Service  E.g. WMS  OGC Service Operation  E.g. GetCapabilities  Workspace  E.g. it.geosolutions  Layer name  E.g. topp:states FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED. FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  When an ALLOW rule is matched, the user will have access to the requested resource.  Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Examples  Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requests)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System FOSS4G 2014, Portland 10th September 2014
GeoFence REST Interface  GeoFence provides a REST interface for administration  Allows automation!  It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability.  Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules.  https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
GeoFence REST Interface  The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation!  Backup and restore operations are provided as part of the REST interface as well  REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
GeoFence User Interface  Top Categories  Users  Groups  Instances  Rules FOSS4G 2014, Portland 10th September 2014
GeoFence User Interface Users FOSS4G 2014, Portland 10th September 2014 Groups Instances
GeoFence User Interface Rules FOSS4G 2014, Portland 10th September 2014 Details Details
GeoFence and LDAP  An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy  LDAP can be configured through the datasource properties file  When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY)  LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2014, Portland 10th September 2014
GeoFence and Existing Auth Proxies External Auth Source LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2014, Portland 10th September 2014 Users Groups GeoFence DB GeoFence
GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 SIAN
GeoFence Use Cases MapManager MapStore GeoFence GeoFence GeoStore GeoServer JMX Agents FOSS4G 2014, Portland 10th September 2014 GeoGraphic Building Block
GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 Astrium GetGeo
GeoFence Use Cases  Layers filtered (CQL filters) by user profile to constrain access to advanced functionality  Possibility of spatial filters to allow regional access only FOSS4G 2014, Portland 10th September 2014 Destination
GeoFence Status  Project Released as Open Source  Continuous Build is in place  Dev and Users Mailing Lists are in place  Latest Improvements  IP based filter rules  Catalog Mode support  GeoServer community module for the probe  Probe Wicket Configuration Page  Further Improvements FOSS4G 2014, Portland 10th September 2014  Documentation  Official Releases  UI Refactor (based on REST APIs)
The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2014, Portland 10th September 2014

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
Deep Dive into the AOSP
Deep Dive into the AOSPDeep Dive into the AOSP
Deep Dive into the AOSPDr. Ketan Parmar
 
오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초HaNJiN Lee
 
오픈소스GIS의 이해와 활용
오픈소스GIS의 이해와 활용오픈소스GIS의 이해와 활용
오픈소스GIS의 이해와 활용SANGHEE SHIN
 

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
Deep Dive into the AOSP
Deep Dive into the AOSPDeep Dive into the AOSP
Deep Dive into the AOSPDr. Ketan Parmar
 
오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초HaNJiN Lee
 
오픈소스GIS의 이해와 활용
오픈소스GIS의 이해와 활용오픈소스GIS의 이해와 활용
오픈소스GIS의 이해와 활용SANGHEE SHIN
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGIS오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGISJungHwan Yun
 
Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Introduction To PostGIS
Introduction To PostGISIntroduction To PostGIS
Introduction To PostGISmleslie
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018Jody Garnett
 
GeoServer 기초
GeoServer 기초GeoServer 기초
GeoServer 기초Seong geon Kim
 
Vector Tiles with GeoServer and OpenLayers
Vector Tiles with GeoServer and OpenLayersVector Tiles with GeoServer and OpenLayers
Vector Tiles with GeoServer and OpenLayersJody Garnett
 
오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeo오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeoSANGHEE SHIN
 
Embedded Android : System Development - Part III
Embedded Android : System Development - Part IIIEmbedded Android : System Development - Part III
Embedded Android : System Development - Part IIIEmertxe Information Technologies Pvt Ltd
 
Proj4를 이용한 좌표계 변환
Proj4를 이용한 좌표계 변환Proj4를 이용한 좌표계 변환
Proj4를 이용한 좌표계 변환BJ Jang
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판BJ Jang
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part IEmertxe Information Technologies Pvt Ltd
 
LX 공간정보아카데미 PostGIS 강의자료
LX 공간정보아카데미 PostGIS 강의자료LX 공간정보아카데미 PostGIS 강의자료
LX 공간정보아카데미 PostGIS 강의자료JungHwan Yun
 
오픈소스 GIS의 이해와 활용(육군사관학교 특강)
오픈소스 GIS의 이해와 활용(육군사관학교 특강)오픈소스 GIS의 이해와 활용(육군사관학교 특강)
오픈소스 GIS의 이해와 활용(육군사관학교 특강)SANGHEE SHIN
 
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례BJ Jang
 
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습 공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습HaNJiN Lee
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기MinPa Lee
 
Firebase
FirebaseFirebase
FirebaseRanjith Alappadan
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
Sword Crig 2007 12 06
Sword Crig 2007 12 06Sword Crig 2007 12 06
Sword Crig 2007 12 06Julie Allinson
 

More Related Content

What's hot

Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGIS오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGISJungHwan Yun
 
Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Introduction To PostGIS
Introduction To PostGISIntroduction To PostGIS
Introduction To PostGISmleslie
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018Jody Garnett
 
Vector Tiles with GeoServer and OpenLayers
Vector Tiles with GeoServer and OpenLayersVector Tiles with GeoServer and OpenLayers
Vector Tiles with GeoServer and OpenLayersJody Garnett
 
오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeo오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeoSANGHEE SHIN
 
Proj4를 이용한 좌표계 변환
Proj4를 이용한 좌표계 변환Proj4를 이용한 좌표계 변환
Proj4를 이용한 좌표계 변환BJ Jang
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판BJ Jang
 
LX 공간정보아카데미 PostGIS 강의자료
LX 공간정보아카데미 PostGIS 강의자료LX 공간정보아카데미 PostGIS 강의자료
LX 공간정보아카데미 PostGIS 강의자료JungHwan Yun
 
오픈소스 GIS의 이해와 활용(육군사관학교 특강)
오픈소스 GIS의 이해와 활용(육군사관학교 특강)오픈소스 GIS의 이해와 활용(육군사관학교 특강)
오픈소스 GIS의 이해와 활용(육군사관학교 특강)SANGHEE SHIN
 
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례BJ Jang
 
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습 공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습HaNJiN Lee
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기MinPa Lee
 

What's hot (20)

Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
 
오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGIS오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGIS
 
Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFence
 
Introduction To PostGIS
Introduction To PostGISIntroduction To PostGIS
Introduction To PostGIS
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018
 
GeoServer 기초
GeoServer 기초GeoServer 기초
GeoServer 기초
 
Vector Tiles with GeoServer and OpenLayers
Vector Tiles with GeoServer and OpenLayersVector Tiles with GeoServer and OpenLayers
Vector Tiles with GeoServer and OpenLayers
 
오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeo오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeo
 
Embedded Android : System Development - Part III
Embedded Android : System Development - Part IIIEmbedded Android : System Development - Part III
Embedded Android : System Development - Part III
 
Proj4를 이용한 좌표계 변환
Proj4를 이용한 좌표계 변환Proj4를 이용한 좌표계 변환
Proj4를 이용한 좌표계 변환
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
 
Embedded Android : System Development - Part I
Embedded Android : System Development - Part IEmbedded Android : System Development - Part I
Embedded Android : System Development - Part I
 
LX 공간정보아카데미 PostGIS 강의자료
LX 공간정보아카데미 PostGIS 강의자료LX 공간정보아카데미 PostGIS 강의자료
LX 공간정보아카데미 PostGIS 강의자료
 
오픈소스 GIS의 이해와 활용(육군사관학교 특강)
오픈소스 GIS의 이해와 활용(육군사관학교 특강)오픈소스 GIS의 이해와 활용(육군사관학교 특강)
오픈소스 GIS의 이해와 활용(육군사관학교 특강)
 
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례
[Foss4 g2013 korea]postgis와 geoserver를 이용한 대용량 공간데이터 기반 일기도 서비스 구축 사례
 
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습 공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
 
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기
[FOSS4G Korea 2017] uDig GIS 효율적으로 활용하기
 
Firebase
FirebaseFirebase
Firebase
 

Similar to Advanced Security With GeoServer

Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Julie Allinson
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 JulieallinsonJulie Allinson
 
Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Julie Allinson
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoSolutions
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoSolutions
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework riround
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoSolutions
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeoSolutions
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoSolutions
 
Flagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis VZW
 
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMadaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMtherealgaston
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006kkorovkin
 
Compliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing ServicesCompliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing ServicesTheodor Foerster
 

Similar to Advanced Security With GeoServer (20)

Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
 
Sword Crig 2007 12 06
Sword Crig 2007 12 06Sword Crig 2007 12 06
Sword Crig 2007 12 06
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 Julieallinson
 
Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginners
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
 
Sword 2007 06 22
Sword 2007 06 22Sword 2007 06 22
Sword 2007 06 22
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginners
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 Redux
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
 
Flagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertier
 
Parse par Nicolas Lauquin
Parse par Nicolas LauquinParse par Nicolas Lauquin
Parse par Nicolas Lauquin
 
Dog2 0
Dog2 0Dog2 0
Dog2 0
 
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMadaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006
 
Compliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing ServicesCompliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing Services
 

More from GeoSolutions

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The StoryGeoSolutions
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNodeGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZYGeoSolutions
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12GeoSolutions
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactGeoSolutions
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016GeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015GeoSolutions
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerGeoSolutions
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingGeoSolutions
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04GeoSolutions
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015GeoSolutions
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCGeoSolutions
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoSolutions
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoSolutions
 

More from GeoSolutions (20)

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The Story
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNode
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZY
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and React
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServer
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGC
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Advanced Security With GeoServer

  • 1. Advanced Security With GeoServer Ing. Mauro Bartolomeoli, GeoSolutions Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2014, Portland 10th September 2014
  • 2. GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoBatch, GeoNetwork  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2014, Portland 10th September 2014
  • 3. GeoServer Security Subsystem Overview FOSS4G 2014, Portland 10th September 2014
  • 4. GeoServer Security Subsystem Overview  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers) FOSS4G 2014, Portland 10th September 2014
  • 5. GeoServer Security Subsystem Overview  Based on Spring Security  Users / Groups / Roles  User/group services  Role services  Authentication  Chains  Filters  Providers  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS  By role FOSS4G 2014, Portland 10th September 2014
  • 6. Users / Groups / Roles Storage FOSS4G 2014, Portland 10th September 2014
  • 7. Users / Groups / Roles Storage  User/Group service  Storage for users and groups details  Storage for user credentials (e.g. passwords)  Password encryption handling  Read/Write or Read-only  Default implementations  XML files  Database through JDBC  Easy to implement and plug new services  Used by many filters/providers as a source for authenticated users detail  Missing: Read/Write LDAP User/Group service FOSS4G 2014, Portland 10th September 2014
  • 8. Users / Groups / Roles Storage  Role service  Storage for roles  Read/Write or Read-only  Assign roles to users and or groups  Default implementations  XML files  Database through JDBC  J2EE (from the Java Web Container)  LDAP  Easy to implement and plug new services  Active (Default) Role service  Used by many filters/providers as a source for authenticated users roles FOSS4G 2014, Portland 10th September 2014
  • 9. Authentication FOSS4G 2014, Portland 10th September 2014
  • 10. Authentication  Filter Chains  By «request url» pattern matching  Web UI  OGC Services  REST API  …  By Method: GET, POST, …  HTTP Session handling  Each chain applies a sequence of configured Filters to matching requests  Only SSL flag FOSS4G 2014, Portland 10th September 2014
  • 11. Authentication  Filters  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  HTTP Header  Digest  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO) FOSS4G 2014, Portland 10th September 2014
  • 12. Authentication  Authentication Providers  Used if filters require further authentication of gathered credentials (no preauthentication can be applied)  Username Password (using user/group service)  Database through JDBC (uses credentials to connect to a database, very different from the JDBC user/group service)  LDAP  with ActiveDirectory support  Easy to implement and plug new providers  Providers chain, to allow for different authentication mechanisms (e.g intranet users from LDAP, internet users from db) FOSS4G 2014, Portland 10th September 2014
  • 13. Authentication  Extensions  CAS (https://www.apereo.org/cas): example of SSO integration  Community modules  Authkey: simple UUID to user mapper  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)  Real World Use Cases  Shibboleth SSO (using Headers or CGI environment variables)  Mixing filters/providers: LDAP/AD for internal users, jdbc for external users FOSS4G 2014, Portland 10th September 2014
  • 14. Authentication  Future improvements  Clean up and filling holes  Increase LDAP support (e.g. LDAP User/Group Service for LDAP read-write support)  Greater flexibility  Improve authkey community module (new webservice based mappers) and promote to extension  New authentication filters (e.g. reading credentials from CGI environment variables) FOSS4G 2014, Portland 10th September 2014
  • 15. Authorization FOSS4G 2014, Portland 10th September 2014
  • 16. Authorization  Simple default implementation  Permissions assigned only by user role(s)  Data Access Authorization Rules  Workspace  Single Layer  Access Mode: Read, Write, Admin  Services Authorization Rules  Service (WMS, WFS, …)  Method (GetMap, GetLegendGraphic, …)  Pluggable ResourceAccessManager  SecureCatalog  Security Wrapped Catalog Objects (e.g. ReadOnlyDataStore) FOSS4G 2014, Portland 10th September 2014
  • 17. Authorization  ResourceAccessManager  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Allows for fine grained limits  Read filters  Write filters  Spatial filters  SecureCatalog  Wraps original Catalog objects with secured implementations, aware of ResourceAccessManager defined limits  Secured wrappers take care of enforcing authorization rules, transparently FOSS4G 2014, Portland 10th September 2014
  • 18. Meet GeoFence FOSS4G 2014, Portland 10th September 2014
  • 19. GeoFence  Extended A&A for GeoServer  Authentication  Optional  Integrated with GeoServer authorization architecture  Open Source  GPL  Code on GitHub  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS FOSS4G 2014, Portland 10th September 2014
  • 20. GeoFence  Based on GSIP 57  Mixed Interceptor + Probe approach  Extended authorization management for GeoServer  External Rule-Based System  GeoServer Internal Probe  On-the-fly manipulation of incoming requests  Role Based Access Control  Users  Groups  Rule-based database  IPTables-like FOSS4G 2014, Portland 10th September 2014
  • 21. GeoFence  Fine Grain Authorization Control  Services  Operations  Workspaces  Layers  Attributes (alphanumeric and geospatial)  External Web Application  REST Interface  GUI  Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2014, Portland 10th September 2014
  • 22. GeoFence  Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF  Supports DBMS  PostgreSQL/PostGIS  Oracle spatial  H2  Performance ensured thanks to a fine-tunable cache FOSS4G 2014, Portland 10th September 2014
  • 23. GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
  • 24. GeoServer Security Model  The GeoFence Authentication provider delegates credential checks to GeoFence  The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2014, Portland 10th September 2014
  • 25. GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
  • 26. Digging GeoFence FOSS4G 2014, Portland 10th September 2014
  • 27. GeoFence Architecture  Geofence Stack (again…) FOSS4G 2014, Portland 10th September 2014
  • 28. GeoFence Architecture Modules and packages  GUI  core: GUI logic, implemented using GWT  webapp: produces the final web application .war file  Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance FOSS4G 2014, Portland 10th September 2014
  • 29. GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer  GeoServer instances in a cluster must share the same ClusterID (instance name)  GeoFence uses the instance name to select rules  The Probe queries GeoFence on each request* with proper info  Instance name  User  Request Details  GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2014, Portland 10th September 2014
  • 30. GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence.  The cache can be configured on different aspects:  number of entries,  expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2014, Portland 10th September 2014
  • 31. GeoFence Rule System  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request  Incoming authorization requests are transformed in a rule filter  Filtering can be performed on one or more of these fields:  Username  Group the provided user belongs to FOSS4G 2014, Portland 10th September 2014
  • 32. GeoFence Rule System  Source geoserver instance  We can control multiple GeoServer clusters  OGC Service  E.g. WMS  OGC Service Operation  E.g. GetCapabilities  Workspace  E.g. it.geosolutions  Layer name  E.g. topp:states FOSS4G 2014, Portland 10th September 2014
  • 33. GeoFence Rule System Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED. FOSS4G 2014, Portland 10th September 2014
  • 34. GeoFence Rule System  When an ALLOW rule is matched, the user will have access to the requested resource.  Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2014, Portland 10th September 2014
  • 35. GeoFence Rule System  Examples  Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requests)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2014, Portland 10th September 2014
  • 36. GeoFence Rule System FOSS4G 2014, Portland 10th September 2014
  • 37. GeoFence REST Interface  GeoFence provides a REST interface for administration  Allows automation!  It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability.  Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules.  https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
  • 38. GeoFence REST Interface  The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation!  Backup and restore operations are provided as part of the REST interface as well  REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
  • 39. GeoFence User Interface  Top Categories  Users  Groups  Instances  Rules FOSS4G 2014, Portland 10th September 2014
  • 40. GeoFence User Interface Users FOSS4G 2014, Portland 10th September 2014 Groups Instances
  • 41. GeoFence User Interface Rules FOSS4G 2014, Portland 10th September 2014 Details Details
  • 42. GeoFence and LDAP  An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy  LDAP can be configured through the datasource properties file  When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY)  LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2014, Portland 10th September 2014
  • 43. GeoFence and Existing Auth Proxies External Auth Source LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2014, Portland 10th September 2014 Users Groups GeoFence DB GeoFence
  • 44. GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 SIAN
  • 45. GeoFence Use Cases MapManager MapStore GeoFence GeoFence GeoStore GeoServer JMX Agents FOSS4G 2014, Portland 10th September 2014 GeoGraphic Building Block
  • 46. GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 Astrium GetGeo
  • 47. GeoFence Use Cases  Layers filtered (CQL filters) by user profile to constrain access to advanced functionality  Possibility of spatial filters to allow regional access only FOSS4G 2014, Portland 10th September 2014 Destination
  • 48. GeoFence Status  Project Released as Open Source  Continuous Build is in place  Dev and Users Mailing Lists are in place  Latest Improvements  IP based filter rules  Catalog Mode support  GeoServer community module for the probe  Probe Wicket Configuration Page  Further Improvements FOSS4G 2014, Portland 10th September 2014  Documentation  Official Releases  UI Refactor (based on REST APIs)
  • 49. The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2014, Portland 10th September 2014