The document discusses advanced security features of GeoServer, focusing on authentication and authorization processes. It outlines various authentication methods, role-based authorization, and the integration of Geofence for enhanced access control. Additionally, it details the configuration and management of rules that dictate user permissions for resource access on GeoServer.

1. Advanced Security
With GeoServer
Ing. Mauro Bartolomeoli
Ing. Emanuele Tajariol
Ing. Simone Giannecchini
GeoSolutions

2. GeoSolutions
 Founded in Italy in late 2006
 Expertise
• Image Processing, GeoSpatial Data Fusion
• Java, Java Enterprise, C++, Python
• JPEG2000, JPIP, Advanced 2D visualization
 Supporting/Developing FOSS4G projects
 GeoServer, MapStore
 GeoNetwork, GeoNode, Ckan
 Clients
 Public Agencies
 Private Companies
 http://www.geo-solutions.it
FOSS4G 2015, Seoul
14th-19th September 2015

3. Overview
FOSS4G 2015, Seoul
14th-19th September 2015
 GeoServer security handles
 Authentication (filtering and credential checks)
 Authorization (resource access managers)

4. Authentication
FOSS4G 2015, Seoul
14th-19th September 2015

5. The filter chains
FOSS4G 2015, Seoul
14th-19th September 2015
 Different chains for different URL groups
 Each chain authenticates in a different way by
composigin different filters

6.  UI chain, with form, HTTP session (creation
allowed), and remember me services
 OGC one, lighter, will use session if available,
no creation
Different usage, different chain
FOSS4G 2015, Seoul
14th-19th September 2015

7. Available auth filters
FOSS4G 2015, Seoul
14th-19th September 2015
 Gathering user credentials (and eventually invoking
authentication providers chain)
 Basic
 Form
 Digest
 Anonymous (always the last)
 Preauthentication (and eventually load user details from
user/group and/or role service)
 Session
 HTTP Header
 X.509
 Remember Me
 J2EE
 Easy to implement and plug new filters
 Missing: authenticate from environment variables (e.g. Shibboleth SSO)

8. Authentication providers
FOSS4G 2015, Seoul
14th-19th September 2015
 Given credentials pulled from the filters, who
is the user?
Search in
user/group
database
Auth as a
LDAP user
Auth as a
DBMS user
XML DBMS
tables
Authentication
providers
User/Group
service
Pluggable

9. Role providers
FOSS4G 2015, Seoul
14th-19th September 2015
 Given the user, what are her roles in
GeoServer?
 Fundamental, authorization is role based
 Extensible, new providers can be built
LDAP DBMS XMLDBMS
tables

10. Extensions
FOSS4G 2015, Seoul
14th-19th September 2015
 CAS (https://www.apereo.org/cas): Single Sign On
integration
 Authkey: simple UUID to user mapper
 Simple key in the URL (must use HTTPS)
 Allows authentication unware clients to participate
 Pluggable: possibility to define custom mappers (e.g.
webservices)
 URLMangler to add authkey to OGC request transparently (via
GetCapabilities)

11. Authorization
FOSS4G 2015, Seoul
14th-19th September 2015

12. Authorization
FOSS4G 2015, Seoul
14th-19th September 2015
 Given the user and her roles
 Can the current «action» on the current «resource»
be allowed?
 Action:
 Generic read/write
 Specific OGC service/method call
 Resource
 Workspace
 Layer
 Layer Group
 Style

13. ResourceAccessManager
FOSS4G 2015, Seoul
14th-19th September 2015
 Pluggable interface, multiple implementations
 Define AccessLimits for the various Catalog
Resources (Workspace, Layer, Style, LayerGroup)
 Can access the current request
(service/method/details)
 Allows for fine grained limits
 Attributes visible
 Read filters (which features can be read)
 Write filters (which features can be written)
 Filters:
 Alphanumeric
 Temporal
 Spatial

14. Implementations
FOSS4G 2015, Seoul
14th-19th September 2015
 Default security subsystem
 Simple per workspace/layer authentication
 GeoFence
 External application (*)
 Full use of ResourceAccessManager abilities
 Other custom implementations
 Integrate with existing in-house authorization
mechanism
 Quite popular in large enterprise setup

15. GeoFence
FOSS4G 2015, Seoul
14th-19th September 2015

16. GeoFence
FOSS4G 2015, Seoul
14th-19th September 2015
 Extended A&A for GeoServer
 Optional Authentication, Sophisticated
authorization
 Open Source, GPL
https://github.com/geoserver/geofence

17. Structure
FOSS4G 2015, Seoul
14th-19th September 2015

18. Stand alone User interface
FOSS4G 2015, Seoul
14th-19th September 2015

19. User management
FOSS4G 2015, Seoul
14th-19th September 2015

20. GeoFence rules
FOSS4G 2015, Seoul
14th-19th September 2015
 Authorizations are expressed as a
priority-based rule set
 Type of Rules are ALLOW/DENY/LIMIT
 The first matching rule is the one that determines
the outcome of the auth request

21. GeoFence rules matching
FOSS4G 2015, Seoul
14th-19th September 2015
 Rules are matched based on:
 Username
 Group the provided user belongs to
 GeoServer Instance (single GeoFence 
multiple GS clusters)
 OGC Service (e.g., WMS)
 OGC Service Operation (e.g., GetFeatureInfo)
 Workspace (E.g. it.geosolutions)
 Layer name (E.g. topp:states)

22. Example
FOSS4G 2015, Seoul
14th-19th September 2015
Example
 Let’s assume we have configured these rules :
 User: u1, Service:WMS, Workspace=W1,ALLOW
 User: u1, DENY
 These rules will grant access for user u1 to
 all the layers in worspace W1
 only for WMS request
 All other types of request will be DENIED.

23. Restrictions (LIMIT rules)
FOSS4G 2015, Seoul
14th-19th September 2015
 When an ALLOW rule is matched, the user will
have access to the requested resource:
  Restrictions on available area
  Restrictions on alphanumeric
conditions

24. Restrictions (LIMIT rules)
FOSS4G 2015, Seoul
14th-19th September 2015
  Restrictions on available attributes

25. Stand-alone GeoFence
FOSS4G 2015, Seoul
14th-19th September 2015
 The GeoFence
ResourceAccessManager
(Geofence Probe) calls GeoFence
REST services.
 A cache is setup to minimize network
traffic
 A cache can be configured on
different aspects: number of entries,
expiration time
 The cache provides REST operations
(using GeoServer’s own REST
dispatcher) in order to
 Invalidate the cache
 Query the cache statistics

26. GeoFence REST API
FOSS4G 2015, Seoul
14th-19th September 2015
 REST interface for administration  automation
 Complete CRUD access to the various entities
managed by GeoFence:
 Users and groups
 GeoServer instances
 Rules
 Paging support
 Priority ordering in rules is fundamental: different ways
to insert and set a position for the new rules.
 Batch mode, backup and restore available
 See details at:
https://github.com/geosolutions-it/geofence/wiki/REST-API

27. GeoFence direct integration
FOSS4G 2015, Seoul
14th-19th September 2015

28. GeoFence integration
FOSS4G 2015, Seoul
14th-19th September 2015
 Simple setups demand simple solution
 Have GeoFence run inside GeoServer
 Integration similar to GWC one, runs like a plugin
GeoServer GeoWebCache
GeoFence
Rules DB

29. Baby steps
FOSS4G 2015, Seoul
14th-19th September 2015
 Born as a more future-proof alternative to improving
the internal security subsystem
 Community module, available via nightly builds
 Delivers a subset of the full functionality: access/deny
based on mix of user/layer/workspace/request
 Integrated UI

30. Baby steps
FOSS4G 2015, Seoul
14th-19th September 2015
 Born as a more future-proof alternative to improving
the internal security subsystem
 Community module, available via nightly builds
 Delivers a subset of the full functionality: access/deny
based on mix of user/layer/workspace/request
 Integrated UI

31. General Configuration
FOSS4G 2015, Seoul
14th-19th September 2015

32. General Configuration (continued)
FOSS4G 2015, Seoul
14th-19th September 2015

33. Creating rules
FOSS4G 2015, Seoul
14th-19th September 2015

34. Rules list
FOSS4G 2015, Seoul
14th-19th September 2015

35. Example 1
FOSS4G 2015, Seoul
14th-19th September 2015

36. Example 1 – layer preview
FOSS4G 2015, Seoul
14th-19th September 2015

37. Example 2
FOSS4G 2015, Seoul
14th-19th September 2015

38. Example 2 – layer preview
FOSS4G 2015, Seoul
14th-19th September 2015

39. TODO
FOSS4G 2015, Seoul
14th-19th September 2015
 Allow to edit LIMIT rules
 Force default style
 Limit attributes
 Filter contents
 Limit by area
 Control writes at the rule level
 Better/Easier way to re-order rules
 Configuration of external database (now using
embedded H2 in data dir, not cluster friendly)
 Migrate old security system rules to GeoFence as
possible

40. That’s all folks!
Questions?
info@geo-solutions.it
FOSS4G 2015, Seoul
14th-19th September 2015