SlideShare a Scribd company logo

Advanced GeoServer Security With GeoFence

GeoSolutions
GeoSolutions

This presentation will provide an introduction to GeoFence, an open source tool to configure and use complex authorization rules to protect data served by GeoServer OGC services.

Technology
1 of 36
Download to read offline
Advanced GeoServer Security With GeoFence Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2013, Nottingham 20th September 2013
GeoSolutions   Founded in Italy in late 2006 Expertise • • Java, Java Enterprise, C++, Python •  Image Processing, GeoSpatial Data Fusion JPEG2000, JPIP, Advanced 2D visualization Supporting/Developing FOSS4G projects    GeoServer, MapStore GeoBatch, GeoNetwork Clients    Public Agencies Private Companies http://www.geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013
Meet GeoFence FOSS4G 2013, Nottingham 20th September 2013
GeoFence   Extended A&A for GeoServer Authentication    Open Source    Optional Integrated with GeoServer authorization architecture GPL Code on GitHub Authorization   Auth on data: e.g. layers, workspaces Auth on services: e.g. WMS, WFS FOSS4G 2013, Nottingham 20th September 2013
GeoFence  Based on GSIP 57       Role Base Access Control    Mixed Interceptor + Probe approach Extended authorization management for GeoServer External Rule-Based System GeoServer Internal Probe On-the-fly manipulation of incoming requests Users Groups Rule-based database  IPTables-like FOSS4G 2013, Nottingham 20th September 2013
GeoFence  Fine Grain Authorization Control       External Web Application    Services Operations Workspaces Layers Attributes (alphanumeric and geospatial) REST Interface GUI Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2013, Nottingham 20th September 2013
GeoFence   Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF Supports DBMS     PostgreSQL/PostGIS Oracle spatial H2 Performance ensured thanks to a fine-tunable cache FOSS4G 2013, Nottingham 20th September 2013
GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
GeoServer Security Model  GeoServer offers extension points for   Authentication (filtering and credential checks) Authorization (resource access managers) FOSS4G 2013, Nottingham 20th September 2013
GeoServer Security Model   The GeoFence Authentication provider delegates credential checks to GeoFence The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2013, Nottingham 20th September 2013
GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
Digging GeoFence FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture  Geofence Stack (again…) FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture Modules and packages  GUI core: GUI logic, implemented using GWT  webapp: produces the final web application .war file Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance   FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture     The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer GeoServer instances in a cluster must share the same ClusterID (instance name) GeoFence uses the instance name to select rules The Probe queries GeoFence on each request* with proper info     Instance name User Request Details GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture    The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence. The cache can be configured on different aspects:  number of entries,  expiration time The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System  Authorizations are expressed as a priority-based rule set     Type of Rules are ALLOW/DENY/LIMIT The first matching rule is the one that determines the outcome of the auth request Incoming authorization requests are transformed in a rule filter Filtering can be performed on one or more of these fields:   Username Group the provided user belongs to FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System      Source geoserver instance  We can control multiple GeoServer clusters OGC Service  E.g. WMS OGC Service Operation  E.g. GetCapabilities Workspace  E.g. it.geosolutions Layer name  E.g. topp:states FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System Example  Let’s assume we have configured these rules :    These rules will grant access for user u1 to    User: u1, Service:WMS, Workspace=W1,ALLOW User: u1, DENY all the layers in worspace W1 only for WMS request All other types of request will be DENIED. FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System   When an ALLOW rule is matched, the user will have access to the requested resource. Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System   Examples Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requets)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System FOSS4G 2013, Nottingham 20th September 2013
GeoFence REST Interface      GeoFence provides a REST interface for administration  Allows automation! It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability. Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules. https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
GeoFence REST Interface    The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation! Backup and restore operations are provided as part of the REST interface as well REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
GeoFence User Interface  Top Categories     Users Groups Instances Rules FOSS4G 2013, Nottingham 20th September 2013
GeoFence User Interface Users Groups Instances FOSS4G 2013, Nottingham 20th September 2013
GeoFence User Interface Rules Details Details FOSS4G 2013, Nottingham 20th September 2013
GeoFence and LDAP     An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy LDAP can be configured through the datasource properties file When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY) LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2013, Nottingham 20th September 2013
GeoFence and Existing Auth Proxies External Auth Source GeoFence DB Users Groups LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence GeoFence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2013, Nottingham 20th September 2013
GeoFence Use Cases SIAN FOSS4G 2013, Nottingham 20th September 2013
GeoFence Use Cases MapManager GeoGraphic Building Block MapStore GeoFence GeoFence GeoStore JMX Agents FOSS4G 2013, Nottingham 20th September 2013 GeoServer
GeoFence Use Cases Astrium GetGeo FOSS4G 2013, Nottingham 20th September 2013
GeoFence Use Cases Destination   Layers filtered (CQL filters) by user profile to constrain access to advanced functionality Possibility of spatial filters to allow regional access only FOSS4G 2013, Nottingham 20th September 2013
GeoFence Status     Project Release as Open Source Continuous Build is in place Dev and Users Mailing Lists are in place Improvements     Documentation Official Releases Integrated Build for testing and demoing UI Refactor FOSS4G 2013, Nottingham 20th September 2013
The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013
GeoFence GeoFence Presentazione CUSTOM, Firenze 10 Maggio 2012

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
BKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack UpdateBKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack UpdateLinaro
 
Ha nam
Ha namHa nam
Ha namrajgurupatil
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 
A tutorial on GreenCloud
A tutorial on GreenCloudA tutorial on GreenCloud
A tutorial on GreenCloudHabibur Rahman
 
Gerência de Memória em Java - Parte III (2005)
Gerência de Memória em Java - Parte III (2005)Gerência de Memória em Java - Parte III (2005)
Gerência de Memória em Java - Parte III (2005)Helder da Rocha
 
Distribution File System DFS Technologies
Distribution File System DFS TechnologiesDistribution File System DFS Technologies
Distribution File System DFS TechnologiesRaphael Ejike
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
 

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
BKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack UpdateBKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack UpdateLinaro
 
Ha nam
Ha namHa nam
Ha namrajgurupatil
 
Understanding the Android System Server
Understanding the Android System ServerUnderstanding the Android System Server
Understanding the Android System ServerOpersys inc.
 
A tutorial on GreenCloud
A tutorial on GreenCloudA tutorial on GreenCloud
A tutorial on GreenCloudHabibur Rahman
 
Gerência de Memória em Java - Parte III (2005)
Gerência de Memória em Java - Parte III (2005)Gerência de Memória em Java - Parte III (2005)
Gerência de Memória em Java - Parte III (2005)Helder da Rocha
 
Distribution File System DFS Technologies
Distribution File System DFS TechnologiesDistribution File System DFS Technologies
Distribution File System DFS TechnologiesRaphael Ejike
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITMd. Abdul Barek
 
Open Grid Service Architecture By Gargishankar Verma - RCET Bhilai
Open Grid Service Architecture By Gargishankar Verma - RCET BhilaiOpen Grid Service Architecture By Gargishankar Verma - RCET Bhilai
Open Grid Service Architecture By Gargishankar Verma - RCET Bhilaigargishankar1981
 
VMware vSphere Storage Enhancements
VMware vSphere Storage EnhancementsVMware vSphere Storage Enhancements
VMware vSphere Storage EnhancementsAnne Achleman
 
YAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmYAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmRaphaël PINSON
 
UML Profile for DDS
UML Profile for DDSUML Profile for DDS
UML Profile for DDSAngelo Corsaro
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overviewiText Group nv
 
Android Storage - StorageManager & OBB
Android Storage - StorageManager & OBBAndroid Storage - StorageManager & OBB
Android Storage - StorageManager & OBBWilliam Lee
 
Introduction to san ( storage area networks )
Introduction to san ( storage area networks )Introduction to san ( storage area networks )
Introduction to san ( storage area networks )sagaroceanic11
 
Linux: Basics OF Linux
Linux: Basics OF LinuxLinux: Basics OF Linux
Linux: Basics OF LinuxOmkar Walavalkar
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best PracticesRob Dunn
 
[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10Jo Hoon
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Implementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPImplementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPCheng Wig
 
Retour d'expérience Minio
Retour d'expérience MinioRetour d'expérience Minio
Retour d'expérience MinioSébastien BLAISOT
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 ProtocolKelum Senanayake
 
Classloader leak detection in websphere application server
Classloader leak detection in websphere application serverClassloader leak detection in websphere application server
Classloader leak detection in websphere application serverRohit Kelapure
 
NAS - Network Attached Storage
NAS - Network Attached StorageNAS - Network Attached Storage
NAS - Network Attached StorageShashank Bhatnagar
 
Network attached storage (nas)
Network attached storage (nas)Network attached storage (nas)
Network attached storage (nas)Vîvék Thørät
 
Linux command line cheatsheet
Linux command line cheatsheetLinux command line cheatsheet
Linux command line cheatsheetWe Ihaveapc
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy ConceptsRob Dunn
 
Fast DDS Features & Tools
Fast DDS Features & ToolsFast DDS Features & Tools
Fast DDS Features & ToolseProsima
 
Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServerGeoSolutions
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoSolutions
 

More Related Content

What's hot

Open Grid Service Architecture By Gargishankar Verma - RCET Bhilai
Open Grid Service Architecture By Gargishankar Verma - RCET BhilaiOpen Grid Service Architecture By Gargishankar Verma - RCET Bhilai
Open Grid Service Architecture By Gargishankar Verma - RCET Bhilaigargishankar1981
 
VMware vSphere Storage Enhancements
VMware vSphere Storage EnhancementsVMware vSphere Storage Enhancements
VMware vSphere Storage EnhancementsAnne Achleman
 
YAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmYAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmRaphaël PINSON
 
Android Storage - StorageManager & OBB
Android Storage - StorageManager & OBBAndroid Storage - StorageManager & OBB
Android Storage - StorageManager & OBBWilliam Lee
 
Introduction to san ( storage area networks )
Introduction to san ( storage area networks )Introduction to san ( storage area networks )
Introduction to san ( storage area networks )sagaroceanic11
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best PracticesRob Dunn
 
[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10Jo Hoon
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Implementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPImplementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPCheng Wig
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 ProtocolKelum Senanayake
 
Classloader leak detection in websphere application server
Classloader leak detection in websphere application serverClassloader leak detection in websphere application server
Classloader leak detection in websphere application serverRohit Kelapure
 
NAS - Network Attached Storage
NAS - Network Attached StorageNAS - Network Attached Storage
NAS - Network Attached StorageShashank Bhatnagar
 
Network attached storage (nas)
Network attached storage (nas)Network attached storage (nas)
Network attached storage (nas)Vîvék Thørät
 
Linux command line cheatsheet
Linux command line cheatsheetLinux command line cheatsheet
Linux command line cheatsheetWe Ihaveapc
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy ConceptsRob Dunn
 
Fast DDS Features & Tools
Fast DDS Features & ToolsFast DDS Features & Tools
Fast DDS Features & ToolseProsima
 

What's hot (20)

Open Grid Service Architecture By Gargishankar Verma - RCET Bhilai
Open Grid Service Architecture By Gargishankar Verma - RCET BhilaiOpen Grid Service Architecture By Gargishankar Verma - RCET Bhilai
Open Grid Service Architecture By Gargishankar Verma - RCET Bhilai
 
VMware vSphere Storage Enhancements
VMware vSphere Storage EnhancementsVMware vSphere Storage Enhancements
VMware vSphere Storage Enhancements
 
YAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigmYAML Engineering: why we need a new paradigm
YAML Engineering: why we need a new paradigm
 
UML Profile for DDS
UML Profile for DDSUML Profile for DDS
UML Profile for DDS
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
Android Storage - StorageManager & OBB
Android Storage - StorageManager & OBBAndroid Storage - StorageManager & OBB
Android Storage - StorageManager & OBB
 
Introduction to san ( storage area networks )
Introduction to san ( storage area networks )Introduction to san ( storage area networks )
Introduction to san ( storage area networks )
 
Linux: Basics OF Linux
Linux: Basics OF LinuxLinux: Basics OF Linux
Linux: Basics OF Linux
 
Group policy Best Practices
Group policy Best PracticesGroup policy Best Practices
Group policy Best Practices
 
[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10[Python] Quick book for dell switch_os10
[Python] Quick book for dell switch_os10
 
Android Security
Android SecurityAndroid Security
Android Security
 
Implementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPImplementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSP
 
Retour d'expérience Minio
Retour d'expérience MinioRetour d'expérience Minio
Retour d'expérience Minio
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 Protocol
 
Classloader leak detection in websphere application server
Classloader leak detection in websphere application serverClassloader leak detection in websphere application server
Classloader leak detection in websphere application server
 
NAS - Network Attached Storage
NAS - Network Attached StorageNAS - Network Attached Storage
NAS - Network Attached Storage
 
Network attached storage (nas)
Network attached storage (nas)Network attached storage (nas)
Network attached storage (nas)
 
Linux command line cheatsheet
Linux command line cheatsheetLinux command line cheatsheet
Linux command line cheatsheet
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
 
Fast DDS Features & Tools
Fast DDS Features & ToolsFast DDS Features & Tools
Fast DDS Features & Tools
 

Similar to Advanced GeoServer Security With GeoFence

Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServerGeoSolutions
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoSolutions
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoSolutions
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeoSolutions
 
Fossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer PresentationFossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer PresentationGeoSolutions
 
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework riround
 
GFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGeoSolutions
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoSolutions
 
Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010GeoSolutions
 
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...smespire
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoSolutions
 
State of GeoServer 2015
State of GeoServer 2015State of GeoServer 2015
State of GeoServer 2015Jody Garnett
 
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)George Percivall
 
GeoServer on steroids
GeoServer on steroidsGeoServer on steroids
GeoServer on steroidsGeoSolutions
 
State of GeoServer
State of GeoServerState of GeoServer
State of GeoServerJody Garnett
 

Similar to Advanced GeoServer Security With GeoFence (20)

Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServer
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginners
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 Redux
 
Fossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer PresentationFossgis 2013 GeoServer Presentation
Fossgis 2013 GeoServer Presentation
 
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
 
GFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork PresentationGFOSS DAY 2012 GeoNetwork Presentation
GFOSS DAY 2012 GeoNetwork Presentation
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginners
 
Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010Geosolutions Foss4g It 2010
Geosolutions Foss4g It 2010
 
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
 
State of GeoServer 2015
State of GeoServer 2015State of GeoServer 2015
State of GeoServer 2015
 
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
Geospatial Temporal Open Standards for Big Data from Space (BiDS2014)
 
GeoServer on steroids
GeoServer on steroidsGeoServer on steroids
GeoServer on steroids
 
State of GeoServer
State of GeoServerState of GeoServer
State of GeoServer
 
Glasgow University Geo Metadata Workshop
Glasgow University Geo Metadata WorkshopGlasgow University Geo Metadata Workshop
Glasgow University Geo Metadata Workshop
 

More from GeoSolutions

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The StoryGeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNodeGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZYGeoSolutions
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12GeoSolutions
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactGeoSolutions
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016GeoSolutions
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015GeoSolutions
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerGeoSolutions
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingGeoSolutions
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 

More from GeoSolutions (20)

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The Story
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodes
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNode
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZY
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and React
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServer
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

Advanced GeoServer Security With GeoFence

  • 1. Advanced GeoServer Security With GeoFence Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2013, Nottingham 20th September 2013
  • 2. GeoSolutions   Founded in Italy in late 2006 Expertise • • Java, Java Enterprise, C++, Python •  Image Processing, GeoSpatial Data Fusion JPEG2000, JPIP, Advanced 2D visualization Supporting/Developing FOSS4G projects    GeoServer, MapStore GeoBatch, GeoNetwork Clients    Public Agencies Private Companies http://www.geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013
  • 3. Meet GeoFence FOSS4G 2013, Nottingham 20th September 2013
  • 4. GeoFence   Extended A&A for GeoServer Authentication    Open Source    Optional Integrated with GeoServer authorization architecture GPL Code on GitHub Authorization   Auth on data: e.g. layers, workspaces Auth on services: e.g. WMS, WFS FOSS4G 2013, Nottingham 20th September 2013
  • 5. GeoFence  Based on GSIP 57       Role Base Access Control    Mixed Interceptor + Probe approach Extended authorization management for GeoServer External Rule-Based System GeoServer Internal Probe On-the-fly manipulation of incoming requests Users Groups Rule-based database  IPTables-like FOSS4G 2013, Nottingham 20th September 2013
  • 6. GeoFence  Fine Grain Authorization Control       External Web Application    Services Operations Workspaces Layers Attributes (alphanumeric and geospatial) REST Interface GUI Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2013, Nottingham 20th September 2013
  • 7. GeoFence   Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF Supports DBMS     PostgreSQL/PostGIS Oracle spatial H2 Performance ensured thanks to a fine-tunable cache FOSS4G 2013, Nottingham 20th September 2013
  • 8. GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
  • 9. GeoServer Security Model  GeoServer offers extension points for   Authentication (filtering and credential checks) Authorization (resource access managers) FOSS4G 2013, Nottingham 20th September 2013
  • 10. GeoServer Security Model   The GeoFence Authentication provider delegates credential checks to GeoFence The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2013, Nottingham 20th September 2013
  • 11. GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
  • 12. Digging GeoFence FOSS4G 2013, Nottingham 20th September 2013
  • 13. GeoFence Architecture  Geofence Stack (again…) FOSS4G 2013, Nottingham 20th September 2013
  • 14. GeoFence Architecture Modules and packages  GUI core: GUI logic, implemented using GWT  webapp: produces the final web application .war file Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance   FOSS4G 2013, Nottingham 20th September 2013
  • 15. GeoFence Architecture     The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer GeoServer instances in a cluster must share the same ClusterID (instance name) GeoFence uses the instance name to select rules The Probe queries GeoFence on each request* with proper info     Instance name User Request Details GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2013, Nottingham 20th September 2013
  • 16. GeoFence Architecture    The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence. The cache can be configured on different aspects:  number of entries,  expiration time The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2013, Nottingham 20th September 2013
  • 17. GeoFence Rule System  Authorizations are expressed as a priority-based rule set     Type of Rules are ALLOW/DENY/LIMIT The first matching rule is the one that determines the outcome of the auth request Incoming authorization requests are transformed in a rule filter Filtering can be performed on one or more of these fields:   Username Group the provided user belongs to FOSS4G 2013, Nottingham 20th September 2013
  • 18. GeoFence Rule System      Source geoserver instance  We can control multiple GeoServer clusters OGC Service  E.g. WMS OGC Service Operation  E.g. GetCapabilities Workspace  E.g. it.geosolutions Layer name  E.g. topp:states FOSS4G 2013, Nottingham 20th September 2013
  • 19. GeoFence Rule System Example  Let’s assume we have configured these rules :    These rules will grant access for user u1 to    User: u1, Service:WMS, Workspace=W1,ALLOW User: u1, DENY all the layers in worspace W1 only for WMS request All other types of request will be DENIED. FOSS4G 2013, Nottingham 20th September 2013
  • 20. GeoFence Rule System   When an ALLOW rule is matched, the user will have access to the requested resource. Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2013, Nottingham 20th September 2013
  • 21. GeoFence Rule System   Examples Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requets)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2013, Nottingham 20th September 2013
  • 22. GeoFence Rule System FOSS4G 2013, Nottingham 20th September 2013
  • 23. GeoFence REST Interface      GeoFence provides a REST interface for administration  Allows automation! It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability. Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules. https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
  • 24. GeoFence REST Interface    The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation! Backup and restore operations are provided as part of the REST interface as well REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
  • 25. GeoFence User Interface  Top Categories     Users Groups Instances Rules FOSS4G 2013, Nottingham 20th September 2013
  • 26. GeoFence User Interface Users Groups Instances FOSS4G 2013, Nottingham 20th September 2013
  • 27. GeoFence User Interface Rules Details Details FOSS4G 2013, Nottingham 20th September 2013
  • 28. GeoFence and LDAP     An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy LDAP can be configured through the datasource properties file When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY) LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2013, Nottingham 20th September 2013
  • 29. GeoFence and Existing Auth Proxies External Auth Source GeoFence DB Users Groups LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence GeoFence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2013, Nottingham 20th September 2013
  • 30. GeoFence Use Cases SIAN FOSS4G 2013, Nottingham 20th September 2013
  • 31. GeoFence Use Cases MapManager GeoGraphic Building Block MapStore GeoFence GeoFence GeoStore JMX Agents FOSS4G 2013, Nottingham 20th September 2013 GeoServer
  • 32. GeoFence Use Cases Astrium GetGeo FOSS4G 2013, Nottingham 20th September 2013
  • 33. GeoFence Use Cases Destination   Layers filtered (CQL filters) by user profile to constrain access to advanced functionality Possibility of spatial filters to allow regional access only FOSS4G 2013, Nottingham 20th September 2013
  • 34. GeoFence Status     Project Release as Open Source Continuous Build is in place Dev and Users Mailing Lists are in place Improvements     Documentation Official Releases Integrated Build for testing and demoing UI Refactor FOSS4G 2013, Nottingham 20th September 2013
  • 35. The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013