SlideShare a Scribd company logo

Advanced GeoServer Security with GeoFence

This presentation will provide an introduction to GeoFence, an open source tool to configure and use complex authorization rules to protect data served by GeoServer OGC services.

1 of 36
Download to read offline
Advanced GeoServer Security
With GeoFence

Ing. Emanuele Tajariol, GeoSolutions
Ing. Simone Giannecchini, GeoSolutions
Ing. Alessio Fabiani, GeoSolutions

FOSS4G 2013, Nottingham
20th September 2013
GeoSolutions



Founded in Italy in late 2006
Expertise
•
•

Java, Java Enterprise, C++, Python

•


Image Processing, GeoSpatial Data Fusion

JPEG2000, JPIP, Advanced 2D visualization

Supporting/Developing FOSS4G projects





GeoServer, MapStore
GeoBatch, GeoNetwork

Clients





Public Agencies
Private Companies

http://www.geo-solutions.it
FOSS4G 2013, Nottingham
20th September 2013
Meet GeoFence

FOSS4G 2013, Nottingham
20th September 2013
GeoFence




Extended A&A for GeoServer
Authentication





Open Source





Optional
Integrated with GeoServer authorization
architecture
GPL
Code on GitHub

Authorization



Auth on data: e.g. layers, workspaces
Auth on services: e.g. WMS, WFS
FOSS4G 2013, Nottingham
20th September 2013
GeoFence


Based on GSIP 57








Role Base Access Control





Mixed Interceptor + Probe approach
Extended authorization management for GeoServer
External Rule-Based System
GeoServer Internal Probe
On-the-fly manipulation of incoming requests

Users
Groups

Rule-based database


IPTables-like
FOSS4G 2013, Nottingham
20th September 2013
GeoFence


Fine Grain Authorization Control








External Web Application





Services
Operations
Workspaces
Layers
Attributes (alphanumeric and geospatial)

REST Interface
GUI

Scalable


1 GeoFence controls N GeoServer cluster
FOSS4G 2013, Nottingham
20th September 2013

Recommended

GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools:  Achievements, issues and future devel...Raster data in GeoServer and GeoTools:  Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
공간정보거점대학 1.geo server_고급과정
공간정보거점대학 1.geo server_고급과정공간정보거점대학 1.geo server_고급과정
공간정보거점대학 1.geo server_고급과정BJ Jang
 
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoSolutions
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 

More Related Content

What's hot

GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서SANGHEE SHIN
 
What's new in Gerrit Code Review 3.0
What's new in Gerrit Code Review 3.0What's new in Gerrit Code Review 3.0
What's new in Gerrit Code Review 3.0Luca Milanesio
 
PostGIS - National Education Center for GIS: Open Source GIS
PostGIS - National Education Center for GIS: Open Source GIS PostGIS - National Education Center for GIS: Open Source GIS
PostGIS - National Education Center for GIS: Open Source GIS MinPa Lee
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
MongoDB + GeoServer
MongoDB + GeoServerMongoDB + GeoServer
MongoDB + GeoServerMongoDB
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판BJ Jang
 
Introduction to pig & pig latin
Introduction to pig & pig latinIntroduction to pig & pig latin
Introduction to pig & pig latinknowbigdata
 
OL3-Cesium: 3D for OpenLayers maps
OL3-Cesium: 3D for OpenLayers mapsOL3-Cesium: 3D for OpenLayers maps
OL3-Cesium: 3D for OpenLayers mapsAndreas Hocevar
 
오픈소스 공간통계분석 패키지 개발
오픈소스  공간통계분석 패키지 개발오픈소스  공간통계분석 패키지 개발
오픈소스 공간통계분석 패키지 개발MinPa Lee
 
오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeo오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeoSANGHEE SHIN
 
공간정보연구원 PostGIS 강의교재
공간정보연구원 PostGIS 강의교재공간정보연구원 PostGIS 강의교재
공간정보연구원 PostGIS 강의교재JungHwan Yun
 
GeoServer on steroids
GeoServer on steroidsGeoServer on steroids
GeoServer on steroidsGeoSolutions
 
오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료BJ Jang
 
Introduction to PostgreSQL
Introduction to PostgreSQLIntroduction to PostgreSQL
Introduction to PostgreSQLMark Wong
 
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
 공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습 공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습HaNJiN Lee
 
Intro To PostGIS
Intro To PostGISIntro To PostGIS
Intro To PostGISmleslie
 
오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGIS오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGISJungHwan Yun
 

What's hot (20)

GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서
 
What's new in Gerrit Code Review 3.0
What's new in Gerrit Code Review 3.0What's new in Gerrit Code Review 3.0
What's new in Gerrit Code Review 3.0
 
PostGIS - National Education Center for GIS: Open Source GIS
PostGIS - National Education Center for GIS: Open Source GIS PostGIS - National Education Center for GIS: Open Source GIS
PostGIS - National Education Center for GIS: Open Source GIS
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids
 
GeoServer 기초
GeoServer 기초GeoServer 기초
GeoServer 기초
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
 
MongoDB + GeoServer
MongoDB + GeoServerMongoDB + GeoServer
MongoDB + GeoServer
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
 
Introduction to pig & pig latin
Introduction to pig & pig latinIntroduction to pig & pig latin
Introduction to pig & pig latin
 
OL3-Cesium: 3D for OpenLayers maps
OL3-Cesium: 3D for OpenLayers mapsOL3-Cesium: 3D for OpenLayers maps
OL3-Cesium: 3D for OpenLayers maps
 
오픈소스 공간통계분석 패키지 개발
오픈소스  공간통계분석 패키지 개발오픈소스  공간통계분석 패키지 개발
오픈소스 공간통계분석 패키지 개발
 
오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeo오픈 소스 GIS와 OSGeo
오픈 소스 GIS와 OSGeo
 
공간정보연구원 PostGIS 강의교재
공간정보연구원 PostGIS 강의교재공간정보연구원 PostGIS 강의교재
공간정보연구원 PostGIS 강의교재
 
GeoServer on steroids
GeoServer on steroidsGeoServer on steroids
GeoServer on steroids
 
오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료
 
Introduction to PostgreSQL
Introduction to PostgreSQLIntroduction to PostgreSQL
Introduction to PostgreSQL
 
Hadoop technology
Hadoop technologyHadoop technology
Hadoop technology
 
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
 공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습 공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
공간정보 거점대학 - OpenLayers의 고급 기능 이해 및 실습
 
Intro To PostGIS
Intro To PostGISIntro To PostGIS
Intro To PostGIS
 
오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGIS오픈소스 GIS 교육 - PostGIS
오픈소스 GIS 교육 - PostGIS
 

Similar to Advanced GeoServer Security with GeoFence

Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServerGeoSolutions
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoSolutions
 
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution  for the interoperable management  of ge...GeoNetwork, The Open Source Solution  for the interoperable management  of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoSolutions
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution  for the interoperable management  of geos...GeoServer The Open Source Solution  for the interoperable management  of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoSolutions
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeoSolutions
 
Fossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer PresentationFossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer PresentationGeoSolutions
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework riround
 
GFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGeoSolutions
 
Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010GeoSolutions
 
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...smespire
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoSolutions
 
State of GeoServer 2015
State of GeoServer 2015State of GeoServer 2015
State of GeoServer 2015Jody Garnett
 
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)George Percivall
 
State of GeoServer
State of GeoServerState of GeoServer
State of GeoServerJody Garnett
 
Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...GeoSolutions
 
Web Applications Development
Web Applications DevelopmentWeb Applications Development
Web Applications Developmentriround
 
BlogMyData at AllHands 2010
BlogMyData at AllHands 2010BlogMyData at AllHands 2010
BlogMyData at AllHands 2010Andrew Milsted
 
OSFair2017 Workshop | EPOS: European Plate Observing System
OSFair2017 Workshop | EPOS: European Plate Observing SystemOSFair2017 Workshop | EPOS: European Plate Observing System
OSFair2017 Workshop | EPOS: European Plate Observing SystemOpen Science Fair
 

Similar to Advanced GeoServer Security with GeoFence (20)

Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServer
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginners
 
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution  for the interoperable management  of ge...GeoNetwork, The Open Source Solution  for the interoperable management  of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution  for the interoperable management  of geos...GeoServer The Open Source Solution  for the interoperable management  of geos...
GeoServer The Open Source Solution for the interoperable management of geos...
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 Redux
 
Fossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer PresentationFossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer Presentation
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
 
GFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork Presentation
 
Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010
 
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
 
State of GeoServer 2015
State of GeoServer 2015State of GeoServer 2015
State of GeoServer 2015
 
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
 
State of GeoServer
State of GeoServerState of GeoServer
State of GeoServer
 
Glasgow University Geo Metadata Workshop
Glasgow University Geo Metadata WorkshopGlasgow University Geo Metadata Workshop
Glasgow University Geo Metadata Workshop
 
Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...
 
Web Applications Development
Web Applications DevelopmentWeb Applications Development
Web Applications Development
 
BlogMyData at AllHands 2010
BlogMyData at AllHands 2010BlogMyData at AllHands 2010
BlogMyData at AllHands 2010
 
OSFair2017 Workshop | EPOS: European Plate Observing System
OSFair2017 Workshop | EPOS: European Plate Observing SystemOSFair2017 Workshop | EPOS: European Plate Observing System
OSFair2017 Workshop | EPOS: European Plate Observing System
 

More from GeoSolutions

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The StoryGeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNodeGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZYGeoSolutions
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12GeoSolutions
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactGeoSolutions
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016GeoSolutions
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015GeoSolutions
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerGeoSolutions
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingGeoSolutions
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04GeoSolutions
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015GeoSolutions
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCGeoSolutions
 

More from GeoSolutions (20)

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The Story
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodes
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNode
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZY
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and React
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServer
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGC
 

Recently uploaded

Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsEvangelia Mitsopoulou
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)François
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Product School
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIEDanBrown980551
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Product School
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Jay Zhao
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31shyamraj55
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Product School
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1Inbay UK
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...Fwdays
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotelPhilippines
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVARobert McDermott
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Ana-Maria Mihalceanu
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeJosh Gellers
 

Recently uploaded (20)

Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applications
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIE
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1
 
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions..."How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
"How we created an SRE team in Temabit as a part of FOZZY Group in conditions...
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company Profile
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVA
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight  A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human Justice
 

Advanced GeoServer Security with GeoFence

  • 1. Advanced GeoServer Security With GeoFence Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2013, Nottingham 20th September 2013
  • 2. GeoSolutions   Founded in Italy in late 2006 Expertise • • Java, Java Enterprise, C++, Python •  Image Processing, GeoSpatial Data Fusion JPEG2000, JPIP, Advanced 2D visualization Supporting/Developing FOSS4G projects    GeoServer, MapStore GeoBatch, GeoNetwork Clients    Public Agencies Private Companies http://www.geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013
  • 3. Meet GeoFence FOSS4G 2013, Nottingham 20th September 2013
  • 4. GeoFence   Extended A&A for GeoServer Authentication    Open Source    Optional Integrated with GeoServer authorization architecture GPL Code on GitHub Authorization   Auth on data: e.g. layers, workspaces Auth on services: e.g. WMS, WFS FOSS4G 2013, Nottingham 20th September 2013
  • 5. GeoFence  Based on GSIP 57       Role Base Access Control    Mixed Interceptor + Probe approach Extended authorization management for GeoServer External Rule-Based System GeoServer Internal Probe On-the-fly manipulation of incoming requests Users Groups Rule-based database  IPTables-like FOSS4G 2013, Nottingham 20th September 2013
  • 6. GeoFence  Fine Grain Authorization Control       External Web Application    Services Operations Workspaces Layers Attributes (alphanumeric and geospatial) REST Interface GUI Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2013, Nottingham 20th September 2013
  • 7. GeoFence   Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF Supports DBMS     PostgreSQL/PostGIS Oracle spatial H2 Performance ensured thanks to a fine-tunable cache FOSS4G 2013, Nottingham 20th September 2013
  • 8. GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
  • 9. GeoServer Security Model  GeoServer offers extension points for   Authentication (filtering and credential checks) Authorization (resource access managers) FOSS4G 2013, Nottingham 20th September 2013
  • 10. GeoServer Security Model   The GeoFence Authentication provider delegates credential checks to GeoFence The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2013, Nottingham 20th September 2013
  • 11. GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
  • 12. Digging GeoFence FOSS4G 2013, Nottingham 20th September 2013
  • 13. GeoFence Architecture  Geofence Stack (again…) FOSS4G 2013, Nottingham 20th September 2013
  • 14. GeoFence Architecture Modules and packages  GUI core: GUI logic, implemented using GWT  webapp: produces the final web application .war file Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance   FOSS4G 2013, Nottingham 20th September 2013
  • 15. GeoFence Architecture     The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer GeoServer instances in a cluster must share the same ClusterID (instance name) GeoFence uses the instance name to select rules The Probe queries GeoFence on each request* with proper info     Instance name User Request Details GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2013, Nottingham 20th September 2013
  • 16. GeoFence Architecture    The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence. The cache can be configured on different aspects:  number of entries,  expiration time The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2013, Nottingham 20th September 2013
  • 17. GeoFence Rule System  Authorizations are expressed as a priority-based rule set     Type of Rules are ALLOW/DENY/LIMIT The first matching rule is the one that determines the outcome of the auth request Incoming authorization requests are transformed in a rule filter Filtering can be performed on one or more of these fields:   Username Group the provided user belongs to FOSS4G 2013, Nottingham 20th September 2013
  • 18. GeoFence Rule System      Source geoserver instance  We can control multiple GeoServer clusters OGC Service  E.g. WMS OGC Service Operation  E.g. GetCapabilities Workspace  E.g. it.geosolutions Layer name  E.g. topp:states FOSS4G 2013, Nottingham 20th September 2013
  • 19. GeoFence Rule System Example  Let’s assume we have configured these rules :    These rules will grant access for user u1 to    User: u1, Service:WMS, Workspace=W1,ALLOW User: u1, DENY all the layers in worspace W1 only for WMS request All other types of request will be DENIED. FOSS4G 2013, Nottingham 20th September 2013
  • 20. GeoFence Rule System   When an ALLOW rule is matched, the user will have access to the requested resource. Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2013, Nottingham 20th September 2013
  • 21. GeoFence Rule System   Examples Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requets)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2013, Nottingham 20th September 2013
  • 22. GeoFence Rule System FOSS4G 2013, Nottingham 20th September 2013
  • 23. GeoFence REST Interface      GeoFence provides a REST interface for administration  Allows automation! It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability. Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules. https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
  • 24. GeoFence REST Interface    The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation! Backup and restore operations are provided as part of the REST interface as well REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
  • 25. GeoFence User Interface  Top Categories     Users Groups Instances Rules FOSS4G 2013, Nottingham 20th September 2013
  • 26. GeoFence User Interface Users Groups Instances FOSS4G 2013, Nottingham 20th September 2013
  • 27. GeoFence User Interface Rules Details Details FOSS4G 2013, Nottingham 20th September 2013
  • 28. GeoFence and LDAP     An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy LDAP can be configured through the datasource properties file When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY) LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2013, Nottingham 20th September 2013
  • 29. GeoFence and Existing Auth Proxies External Auth Source GeoFence DB Users Groups LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence GeoFence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2013, Nottingham 20th September 2013
  • 30. GeoFence Use Cases SIAN FOSS4G 2013, Nottingham 20th September 2013
  • 31. GeoFence Use Cases MapManager GeoGraphic Building Block MapStore GeoFence GeoFence GeoStore JMX Agents FOSS4G 2013, Nottingham 20th September 2013 GeoServer
  • 32. GeoFence Use Cases Astrium GetGeo FOSS4G 2013, Nottingham 20th September 2013
  • 33. GeoFence Use Cases Destination   Layers filtered (CQL filters) by user profile to constrain access to advanced functionality Possibility of spatial filters to allow regional access only FOSS4G 2013, Nottingham 20th September 2013
  • 34. GeoFence Status     Project Release as Open Source Continuous Build is in place Dev and Users Mailing Lists are in place Improvements     Documentation Official Releases Integrated Build for testing and demoing UI Refactor FOSS4G 2013, Nottingham 20th September 2013
  • 35. The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013