SlideShare a Scribd company logo

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017

The presentation will provide an introduction to GeoServer own authentication and authorization subsystems. We’ll cover the supported authentication protocols, such as from basic/digest authentication and CAS support, check through the various identity providers, such as local config files, database tables and LDAP servers, and how it’s possible to combine the various bits in a single comprehensive authentication tool, as well as providing examples of custom authentication plugins for GeoServer, integrating it in a home grown security architecture. We’ll then move on to authorization, describing the GeoServer pluggable authorization mechanism and comparing it with proxy based solution, and check the built in service and data security system, reviewing its benefits and limitations. Finally we’ll explore the advanced authentication provider, GeoFence, explore the levels on integration with GeoServer, from the simple and seamless direct integration to the more sophisticated external setup, and see how it can provide GeoServer with complex authorization rules over data and OGC services, taking into account the current user, OGC request and requested layers to enforce spatial filters and alphanumeric filters, attribute selection as well as cropping raster data to areas of interest.

1 of 39
Download to read offline
Mastering Security with
GeoServer and GeoFence
Ing. Mauro Bartolomeoli
Ing. Emanuele Tajariol
Ing. Simone Giannecchini
GeoSolutions
GeoSolutions
 Founded in Italy in late 2006
 Expertise
• Image Processing, GeoSpatial Data Fusion
• Java, Java Enterprise, C++, Python
• JPEG2000, JPIP, Advanced 2D visualization
 Supporting/Developing FOSS4G projects
 GeoServer, MapStore
 GeoNetwork, GeoNode, Ckan
 Clients
 Public Agencies
 Private Companies
 http://www.geo-solutions.it
Overview
 GeoServer security handles
 Authentication (filtering and credential checks)
 Authorization (resource access managers)
Authentication
The filter chains
 Different chains for different URL groups
 Each chain authenticates in a different way by
composigin different filters
 UI chain, with form, HTTP session (creation
allowed), and remember me services
 OGC one, lighter, will use session if available,
no creation
Different usage, different chain

Recommended

Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServerGeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
2.28.17 Introducing DSpace 7 Webinar Slides
2.28.17 Introducing DSpace 7 Webinar Slides2.28.17 Introducing DSpace 7 Webinar Slides
2.28.17 Introducing DSpace 7 Webinar SlidesDuraSpace
 

More Related Content

What's hot

GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools:  Achievements, issues and future devel...Raster data in GeoServer and GeoTools:  Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in ActionAlfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in ActionFrancesco Corti
 
Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...GeoSolutions
 
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
DSpace-CRIS technical level introduction
DSpace-CRIS technical level introductionDSpace-CRIS technical level introduction
DSpace-CRIS technical level introduction4Science
 
Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...
Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...
Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...Hitachi Vantara
 
Getting started with DSpace 7 REST API
Getting started with DSpace 7 REST APIGetting started with DSpace 7 REST API
Getting started with DSpace 7 REST API4Science
 
Object storage의 이해와 활용
Object storage의 이해와 활용Object storage의 이해와 활용
Object storage의 이해와 활용Seoro Kim
 
Actions rules and workflow in alfresco
Actions rules and workflow in alfrescoActions rules and workflow in alfresco
Actions rules and workflow in alfrescoAlfresco Software
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Or2019 DSpace 7 Enhanced submission & workflow
Or2019 DSpace 7 Enhanced submission & workflowOr2019 DSpace 7 Enhanced submission & workflow
Or2019 DSpace 7 Enhanced submission & workflow4Science
 
오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료BJ Jang
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018Jody Garnett
 

What's hot (20)

GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on Steroids
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodes
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools:  Achievements, issues and future devel...Raster data in GeoServer and GeoTools:  Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids
 
Setting up a data repository, what does it entail?
Setting up a data repository, what does it entail?Setting up a data repository, what does it entail?
Setting up a data repository, what does it entail?
 
Alfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in ActionAlfresco DevCon 2019 - Alfresco Identity Services in Action
Alfresco DevCon 2019 - Alfresco Identity Services in Action
 
Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...Using GeoServer for spatio-temporal data management with examples for MetOc a...
Using GeoServer for spatio-temporal data management with examples for MetOc a...
 
Geonode 2.0
Geonode 2.0Geonode 2.0
Geonode 2.0
 
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
 
DSpace-CRIS technical level introduction
DSpace-CRIS technical level introductionDSpace-CRIS technical level introduction
DSpace-CRIS technical level introduction
 
Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...
Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...
Hitachi Unified Storage and Hitachi NAS Platform Performance Optimization wit...
 
Getting started with DSpace 7 REST API
Getting started with DSpace 7 REST APIGetting started with DSpace 7 REST API
Getting started with DSpace 7 REST API
 
Object storage의 이해와 활용
Object storage의 이해와 활용Object storage의 이해와 활용
Object storage의 이해와 활용
 
Actions rules and workflow in alfresco
Actions rules and workflow in alfrescoActions rules and workflow in alfresco
Actions rules and workflow in alfresco
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Or2019 DSpace 7 Enhanced submission & workflow
Or2019 DSpace 7 Enhanced submission & workflowOr2019 DSpace 7 Enhanced submission & workflow
Or2019 DSpace 7 Enhanced submission & workflow
 
오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료오픈소스GIS 개발 일반 강의자료
오픈소스GIS 개발 일반 강의자료
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018
 
AtoM, Authenticity, and the Chain of Custody
AtoM, Authenticity, and the Chain of CustodyAtoM, Authenticity, and the Chain of Custody
AtoM, Authenticity, and the Chain of Custody
 

Similar to Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017

HTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
HTTP Session Replication with Oracle Coherence, GlassFish, WebLogicHTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
HTTP Session Replication with Oracle Coherence, GlassFish, WebLogicOracle
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing  Net And Java  The View From 2006Dev212 Comparing  Net And Java  The View From 2006
Dev212 Comparing Net And Java The View From 2006kkorovkin
 
Part6 introducing the jas forge collaborative project
Part6   introducing the jas forge collaborative projectPart6   introducing the jas forge collaborative project
Part6 introducing the jas forge collaborative projectJasmine Conseil
 
Play framework : A Walkthrough
Play framework : A WalkthroughPlay framework : A Walkthrough
Play framework : A Walkthroughmitesh_sharma
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Julie Allinson
 
SilverStripe Meetup 03/03/2011
SilverStripe Meetup 03/03/2011SilverStripe Meetup 03/03/2011
SilverStripe Meetup 03/03/2011Paul Rogers
 
SilverStripe Meetup Presentation 03/03/2011
SilverStripe Meetup Presentation 03/03/2011SilverStripe Meetup Presentation 03/03/2011
SilverStripe Meetup Presentation 03/03/2011Paul Rogers
 
Server-side OSGi with Apache Sling (OSGiDevCon 2011)
Server-side OSGi with Apache Sling (OSGiDevCon 2011)Server-side OSGi with Apache Sling (OSGiDevCon 2011)
Server-side OSGi with Apache Sling (OSGiDevCon 2011)Felix Meschberger
 
Server-side OSGi with Apache Sling
Server-side OSGi with Apache SlingServer-side OSGi with Apache Sling
Server-side OSGi with Apache SlingFelix Meschberger
 
eXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework IntroductioneXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework Introductionvstorm83
 
Facets of applied smw
Facets of applied smwFacets of applied smw
Facets of applied smwJesse Wang
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing onguest648519
 
Shopzilla On Concurrency
Shopzilla On ConcurrencyShopzilla On Concurrency
Shopzilla On ConcurrencyRodney Barlow
 
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!Puneet Kala
 
Basic Archive System overview
Basic Archive System overviewBasic Archive System overview
Basic Archive System overviewJan-Ivar Bøyum
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Abdelmonaim Remani
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 JulieallinsonJulie Allinson
 
OpenSolaris Introduction
OpenSolaris IntroductionOpenSolaris Introduction
OpenSolaris Introductionsatyajit_t
 

Similar to Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017 (20)

HTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
HTTP Session Replication with Oracle Coherence, GlassFish, WebLogicHTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
HTTP Session Replication with Oracle Coherence, GlassFish, WebLogic
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing  Net And Java  The View From 2006Dev212 Comparing  Net And Java  The View From 2006
Dev212 Comparing Net And Java The View From 2006
 
Part6 introducing the jas forge collaborative project
Part6   introducing the jas forge collaborative projectPart6   introducing the jas forge collaborative project
Part6 introducing the jas forge collaborative project
 
Play framework : A Walkthrough
Play framework : A WalkthroughPlay framework : A Walkthrough
Play framework : A Walkthrough
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
SilverStripe Meetup 03/03/2011
SilverStripe Meetup 03/03/2011SilverStripe Meetup 03/03/2011
SilverStripe Meetup 03/03/2011
 
SilverStripe Meetup Presentation 03/03/2011
SilverStripe Meetup Presentation 03/03/2011SilverStripe Meetup Presentation 03/03/2011
SilverStripe Meetup Presentation 03/03/2011
 
Server-side OSGi with Apache Sling (OSGiDevCon 2011)
Server-side OSGi with Apache Sling (OSGiDevCon 2011)Server-side OSGi with Apache Sling (OSGiDevCon 2011)
Server-side OSGi with Apache Sling (OSGiDevCon 2011)
 
Server-side OSGi with Apache Sling
Server-side OSGi with Apache SlingServer-side OSGi with Apache Sling
Server-side OSGi with Apache Sling
 
eXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework IntroductioneXo Platform SEA - Play Framework Introduction
eXo Platform SEA - Play Framework Introduction
 
Facets of applied smw
Facets of applied smwFacets of applied smw
Facets of applied smw
 
Authentication and Single Sing on
Authentication and Single Sing onAuthentication and Single Sing on
Authentication and Single Sing on
 
Shopzilla On Concurrency
Shopzilla On ConcurrencyShopzilla On Concurrency
Shopzilla On Concurrency
 
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
 
Basic Archive System overview
Basic Archive System overviewBasic Archive System overview
Basic Archive System overview
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 Julieallinson
 
OpenSolaris Introduction
OpenSolaris IntroductionOpenSolaris Introduction
OpenSolaris Introduction
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
 

More from GeoSolutions

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The StoryGeoSolutions
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNodeGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZYGeoSolutions
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12GeoSolutions
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactGeoSolutions
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016GeoSolutions
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015GeoSolutions
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoSolutions
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerGeoSolutions
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingGeoSolutions
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04GeoSolutions
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015GeoSolutions
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCGeoSolutions
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoSolutions
 

More from GeoSolutions (20)

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The Story
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNode
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZY
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and React
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServer
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment  for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGC
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginners
 

Recently uploaded

"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceVijayananda Mohire
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1Inbay UK
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura RochniakFwdays
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Umar Saif
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsEvangelia Mitsopoulou
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...ISPMAIndia
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro KozhevinFwdays
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxNeo4j
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxInfosec
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys VasylievFwdays
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...DianaGray10
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...UiPathCommunity
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Product School
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 

Recently uploaded (20)

"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial Intelligence
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
 
Battle of React State Managers in frontend applications
Battle of React State Managers in frontend applicationsBattle of React State Managers in frontend applications
Battle of React State Managers in frontend applications
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptx
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
 
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
Dev Dives: Leverage APIs and Gen AI to power automations for RPA and software...
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017

  • 1. Mastering Security with GeoServer and GeoFence Ing. Mauro Bartolomeoli Ing. Emanuele Tajariol Ing. Simone Giannecchini GeoSolutions
  • 2. GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoNetwork, GeoNode, Ckan  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it
  • 3. Overview  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers)
  • 5. The filter chains  Different chains for different URL groups  Each chain authenticates in a different way by composigin different filters
  • 6.  UI chain, with form, HTTP session (creation allowed), and remember me services  OGC one, lighter, will use session if available, no creation Different usage, different chain
  • 7. Available auth filters  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Digest  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  Session  HTTP Header  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO)
  • 8. Authentication providers  Given credentials pulled from the filters, who is the user? Search in user/group database Auth as a LDAP user Auth as a DBMS user XML DBMS tables Authentication providers User/Group service Pluggable
  • 9. Role providers  Given the user, what are her roles in GeoServer?  Fundamental, authorization is role based  Extensible, new providers can be built LDAP DBMS XMLDBMS tables
  • 10. Extensions  CAS (https://www.apereo.org/cas): Single Sign On integration  Authkey: simple UUID to user mapper  Simple key in the URL (must use HTTPS)  Allows authentication unware clients to participate  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)
  • 12. Authorization  Given the user and her roles  Can the current «action» on the current «resource» be allowed?  Action:  Generic read/write  Specific OGC service/method call  Resource  Workspace  Layer  Layer Group  Style
  • 13. ResourceAccessManager  Pluggable interface, multiple implementations  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Can access the current request (service/method/details)  Allows for fine grained limits  Attributes visible  Read filters (which features can be read)  Write filters (which features can be written)  Filters:  Alphanumeric  Temporal  Spatial
  • 14. Implementations  Default security subsystem  Simple per workspace/layer authentication  GeoFence  External application or embedded as a plugin  Full use of ResourceAccessManager abilities  Other custom implementations  Integrate with existing in-house authorization mechanism  Quite popular in large enterprise setup
  • 16. GeoFence  Extended A&A for GeoServer  Optional Authentication, Sophisticated authorization  Open Source, GPL https://github.com/geoserver/geofence
  • 18. Stand alone User interface
  • 20. GeoFence rules  Authorizations are expressed as a priority-based rule set:  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request
  • 21. GeoFence rules matching  Rules are matched based on:  Username  Group the provided user belongs to  GeoServer Instance (single GeoFence  multiple GS clusters)  OGC Service (e.g., WMS)  OGC Service Operation (e.g., GetFeatureInfo)  Workspace (E.g. it.geosolutions)  Layer name (E.g. topp:states)
  • 22. Example Example  Let’s assume we have configured these rules :  User:u1, Service:WMS, Workspace:W1, ALLOW  User:u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS requests  All other types of requests will be DENIED.
  • 23. Restrictions (LIMIT rules)  When an ALLOW rule is matched, the user will have access to the requested resource:   Restrictions on available area   Restrictions on alphanumeric conditions
  • 24. Restrictions (LIMIT rules)   Restrictions on available attributes
  • 25. Stand-alone GeoFence  Geofence Probe (ResourceAccessManager) calls stand-alone GeoFence REST services  A cache is setup to minimize network traffic  A cache can be configured on different aspects: number of entries, expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics
  • 26. GeoFence REST API  REST interface for administration  automation  Complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  Paging support  Priority ordering in rules is fundamental: different ways to insert and set a position for the new rules  Batch mode, backup and restore available  See details at: https://github.com/geosolutions-it/geofence/wiki/REST-API
  • 28. GeoFence integration  Simple setups demand simple solution  Have GeoFence run inside GeoServer  Integration similar to GWC one, runs like a plugin GeoServer GeoWebCache GeoFence Rules DB
  • 29. Baby steps  Born as a more future-proof alternative to improving the internal security subsystem  Community module, available via nightly builds  Delivers a subset of the full functionality: access/deny/limit based on mix of roles/user/layer/workspace/service/request  Integrated UI
  • 35. Example 1 – layer preview
  • 37. Example 2 – layer preview
  • 38. TODO  Allow to edit LIMIT rules  Force default style  Limit attributes  Filter contents  Control writes at the rule level  Better/Easier way to re-order rules between pages (drag and drop can be used on the same page)  Migrate old security system rules to GeoFence as possible