This presentation will provide an introduction to GeoFence, an open source tool to configure and use complex authorization rules to protect data served by GeoServer OGC services.
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Advanced GeoServer Security With GeoFence
1. Advanced GeoServer Security
With GeoFence
Ing. Emanuele Tajariol, GeoSolutions
Ing. Simone Giannecchini, GeoSolutions
Ing. Alessio Fabiani, GeoSolutions
FOSS4G 2013, Nottingham
20th September 2013
2. GeoSolutions
Founded in Italy in late 2006
Expertise
•
•
Java, Java Enterprise, C++, Python
•
Image Processing, GeoSpatial Data Fusion
JPEG2000, JPIP, Advanced 2D visualization
Supporting/Developing FOSS4G projects
GeoServer, MapStore
GeoBatch, GeoNetwork
Clients
Public Agencies
Private Companies
http://www.geo-solutions.it
FOSS4G 2013, Nottingham
20th September 2013
9. GeoServer Security Model
GeoServer offers extension points for
Authentication (filtering and credential checks)
Authorization (resource access managers)
FOSS4G 2013, Nottingham
20th September 2013
10. GeoServer Security Model
The GeoFence Authentication provider delegates
credential checks to GeoFence
The GeoFence Resource Access Manager asks for
permissions to the GeoFence authorization engine
FOSS4G 2013, Nottingham
20th September 2013
14. GeoFence Architecture
Modules and
packages
GUI
core: GUI logic, implemented using GWT
webapp: produces the final web application .war file
Geoserver (GeoFence Probe)
security: the GeoServer/GeoFence bridge: implements
the ResourceAccessManager, forwarding the
authorization requests to a remote GeoFence
instance
FOSS4G 2013, Nottingham
20th September 2013
15. GeoFence Architecture
The GeoFence ResourceAccessManager
(Geofence Probe) is deployed in each GeoServer
GeoServer instances in a cluster must share the same
ClusterID (instance name)
GeoFence uses the instance name to select rules
The Probe queries GeoFence on each
request* with proper info
Instance name
User
Request Details
GeoFence provide Access Policy rules to
manipulate the request on the fly within
the Probe
FOSS4G 2013, Nottingham
20th September 2013
16. GeoFence Architecture
The GeoFence ResourceAccessManager
(Geofence Probe) uses a cache which
minimizes the requests toward
GeoFence.
The cache can be configured on
different aspects:
number of entries,
expiration time
The cache provides REST operations
(using GeoServer’s own REST
dispatcher) in order to
Invalidate the cache
Query the cache statistics
FOSS4G 2013, Nottingham
20th September 2013
17. GeoFence Rule System
Authorizations are expressed as a
priority-based rule set
Type of Rules are ALLOW/DENY/LIMIT
The first matching rule is the one that determines the
outcome of the auth request
Incoming authorization requests are transformed
in a rule filter
Filtering can be performed on one or more of
these fields:
Username
Group the provided user belongs to
FOSS4G 2013, Nottingham
20th September 2013
18. GeoFence Rule System
Source geoserver instance
We can control multiple GeoServer clusters
OGC Service
E.g. WMS
OGC Service Operation
E.g. GetCapabilities
Workspace
E.g. it.geosolutions
Layer name
E.g. topp:states
FOSS4G 2013, Nottingham
20th September 2013
19. GeoFence Rule System
Example
Let’s assume we have configured these rules :
These rules will grant access for user u1 to
User: u1, Service:WMS, Workspace=W1,ALLOW
User: u1, DENY
all the layers in worspace W1
only for WMS request
All other types of request will be DENIED.
FOSS4G 2013, Nottingham
20th September 2013
20. GeoFence Rule System
When an ALLOW rule is matched, the user will
have access to the requested resource.
Finer Grain Control on single layer rules
further restrictions may be defined
i.e only a subset of the data contained in the
layer could be made queryeable/visibile to the
requesting user
Restrictions on visible Area
Restrictions on Queryable Attributes
Restrictions on Available Styles
FOSS4G 2013, Nottingham
20th September 2013
21. GeoFence Rule System
Examples
Limiting users access to
a subset of the attributes (R/W)
a specific geographic area.
a subset of the available styles (or the default style
can be forced on all requets)
A specific view of the data via a CQL filter
For reading
For writing (delete, create, update)
FOSS4G 2013, Nottingham
20th September 2013
23. GeoFence REST Interface
GeoFence provides a REST interface for administration
Allows automation!
It allows a complete CRUD access to the various entities
managed by GeoFence:
Users and groups
GeoServer instances
Rules
The Find operation can be optionally paged
a Count operation is provided as well to take
advantage of the pagination capability.
Priority ordering in rules is fundamental
there are different ways to insert and set a position
for the new rules.
https://github.com/geosolutions-it/geofence/wiki/REST-API
FOSS4G 2013, Nottingham
20th September 2013
24. GeoFence REST Interface
The REST interface also provides a batch mode
multiple CRUD commands can be issued at once
The commands in the batch are processed in the
same transaction
Extremely important for automation!
Backup and restore operations are provided as part of the
REST interface as well
REST API documentation available at
https://github.com/geosolutions-it/geofence/wiki/REST-API
FOSS4G 2013, Nottingham
20th September 2013
25. GeoFence User Interface
Top Categories
Users
Groups
Instances
Rules
FOSS4G 2013, Nottingham
20th September 2013
28. GeoFence and LDAP
An LDAP server can be used as a repository for user and
groups, including the optional ldap module in the deploy
LDAP can be configured through the datasource
properties file
When using LDAP users and groups are not editable from
the GeoFence interface (they are READ-ONLY)
LDAP module documentation at
https://github.com/geosolutions-it/geofence/wiki/LDAP-module
FOSS4G 2013, Nottingham
20th September 2013
29. GeoFence and Existing Auth Proxies
External Auth Source
GeoFence DB
Users
Groups
LDAP UserDAO
LDAP GroupDAO
UserDAO
GroupDAO
RuleDAO
Persistence
GeoFence
When LDAP is enabled, specific DAOs are used for users
and groups instead of the default ones
FOSS4G 2013, Nottingham
20th September 2013
33. GeoFence Use Cases
Destination
Layers filtered (CQL filters) by user profile to constrain
access to advanced functionality
Possibility of spatial filters to allow regional access only
FOSS4G 2013, Nottingham
20th September 2013
34. GeoFence Status
Project Release as Open Source
Continuous Build is in place
Dev and Users Mailing Lists are in place
Improvements
Documentation
Official Releases
Integrated Build for testing and demoing
UI Refactor
FOSS4G 2013, Nottingham
20th September 2013
35. The End
Thanks for not sleeping
(loudly)
alessio.fabiani@geo-solutions.it
mauro.bartolomeoli@geo-solutions.it
FOSS4G 2013, Nottingham
20th September 2013