SlideShare a Scribd company logo

Advanced Security With GeoServer

Download as PPTX, PDF
GeoSolutions
GeoSolutions

The presentation will provide an introduction to GeoServer own authentication and authorization subsystems. We’ll cover the supported authentication protocols, such as from basic/digest authentication and CAS support, check through the various identity providers, such as local config files, database tables and LDAP servers, and how it’s possible to combine the various bits in a single comprehensive authentication tool, as well as providing examples of custom authentication plugins for GeoServer, integrating it in a home grown security architecture. We’ll then move on to authorization, describing the GeoServer pluggable authorization mechanism and comparing it with proxy based solution, and check the built in service and data security system, reviewing its benefits and limitations. Finally we’ll explore an advanced authentication tool called GeoFence, and see how it can plug into GeoServer to provide graphical configuration abilities for use complex authorization rules over data and OGC services, taking into account spatial filters, attribute filters, attribute hiding as well as cropping raster data to areas of interest. Finally we’ll show how using LDAP both GeoFence and GeoServer can use a common users database, simplifying administrators job, and provide some real world examples.

Technology
1 of 49
Advanced Security With GeoServer Ing. Mauro Bartolomeoli, GeoSolutions Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2014, Portland 10th September 2014
GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoBatch, GeoNetwork  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers) FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview  Based on Spring Security  Users / Groups / Roles  User/group services  Role services  Authentication  Chains  Filters  Providers  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS  By role FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage  User/Group service  Storage for users and groups details  Storage for user credentials (e.g. passwords)  Password encryption handling  Read/Write or Read-only  Default implementations  XML files  Database through JDBC  Easy to implement and plug new services  Used by many filters/providers as a source for authenticated users detail  Missing: Read/Write LDAP User/Group service FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage  Role service  Storage for roles  Read/Write or Read-only  Assign roles to users and or groups  Default implementations  XML files  Database through JDBC  J2EE (from the Java Web Container)  LDAP  Easy to implement and plug new services  Active (Default) Role service  Used by many filters/providers as a source for authenticated users roles FOSS4G 2014, Portland 10th September 2014
Authentication FOSS4G 2014, Portland 10th September 2014
Authentication  Filter Chains  By «request url» pattern matching  Web UI  OGC Services  REST API  …  By Method: GET, POST, …  HTTP Session handling  Each chain applies a sequence of configured Filters to matching requests  Only SSL flag FOSS4G 2014, Portland 10th September 2014
Authentication  Filters  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  HTTP Header  Digest  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO) FOSS4G 2014, Portland 10th September 2014
Authentication  Authentication Providers  Used if filters require further authentication of gathered credentials (no preauthentication can be applied)  Username Password (using user/group service)  Database through JDBC (uses credentials to connect to a database, very different from the JDBC user/group service)  LDAP  with ActiveDirectory support  Easy to implement and plug new providers  Providers chain, to allow for different authentication mechanisms (e.g intranet users from LDAP, internet users from db) FOSS4G 2014, Portland 10th September 2014
Authentication  Extensions  CAS (https://www.apereo.org/cas): example of SSO integration  Community modules  Authkey: simple UUID to user mapper  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)  Real World Use Cases  Shibboleth SSO (using Headers or CGI environment variables)  Mixing filters/providers: LDAP/AD for internal users, jdbc for external users FOSS4G 2014, Portland 10th September 2014
Authentication  Future improvements  Clean up and filling holes  Increase LDAP support (e.g. LDAP User/Group Service for LDAP read-write support)  Greater flexibility  Improve authkey community module (new webservice based mappers) and promote to extension  New authentication filters (e.g. reading credentials from CGI environment variables) FOSS4G 2014, Portland 10th September 2014
Authorization FOSS4G 2014, Portland 10th September 2014
Authorization  Simple default implementation  Permissions assigned only by user role(s)  Data Access Authorization Rules  Workspace  Single Layer  Access Mode: Read, Write, Admin  Services Authorization Rules  Service (WMS, WFS, …)  Method (GetMap, GetLegendGraphic, …)  Pluggable ResourceAccessManager  SecureCatalog  Security Wrapped Catalog Objects (e.g. ReadOnlyDataStore) FOSS4G 2014, Portland 10th September 2014
Authorization  ResourceAccessManager  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Allows for fine grained limits  Read filters  Write filters  Spatial filters  SecureCatalog  Wraps original Catalog objects with secured implementations, aware of ResourceAccessManager defined limits  Secured wrappers take care of enforcing authorization rules, transparently FOSS4G 2014, Portland 10th September 2014
Meet GeoFence FOSS4G 2014, Portland 10th September 2014
GeoFence  Extended A&A for GeoServer  Authentication  Optional  Integrated with GeoServer authorization architecture  Open Source  GPL  Code on GitHub  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS FOSS4G 2014, Portland 10th September 2014
GeoFence  Based on GSIP 57  Mixed Interceptor + Probe approach  Extended authorization management for GeoServer  External Rule-Based System  GeoServer Internal Probe  On-the-fly manipulation of incoming requests  Role Based Access Control  Users  Groups  Rule-based database  IPTables-like FOSS4G 2014, Portland 10th September 2014
GeoFence  Fine Grain Authorization Control  Services  Operations  Workspaces  Layers  Attributes (alphanumeric and geospatial)  External Web Application  REST Interface  GUI  Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2014, Portland 10th September 2014
GeoFence  Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF  Supports DBMS  PostgreSQL/PostGIS  Oracle spatial  H2  Performance ensured thanks to a fine-tunable cache FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model  The GeoFence Authentication provider delegates credential checks to GeoFence  The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
Digging GeoFence FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  Geofence Stack (again…) FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture Modules and packages  GUI  core: GUI logic, implemented using GWT  webapp: produces the final web application .war file  Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer  GeoServer instances in a cluster must share the same ClusterID (instance name)  GeoFence uses the instance name to select rules  The Probe queries GeoFence on each request* with proper info  Instance name  User  Request Details  GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence.  The cache can be configured on different aspects:  number of entries,  expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request  Incoming authorization requests are transformed in a rule filter  Filtering can be performed on one or more of these fields:  Username  Group the provided user belongs to FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Source geoserver instance  We can control multiple GeoServer clusters  OGC Service  E.g. WMS  OGC Service Operation  E.g. GetCapabilities  Workspace  E.g. it.geosolutions  Layer name  E.g. topp:states FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED. FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  When an ALLOW rule is matched, the user will have access to the requested resource.  Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Examples  Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requests)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System FOSS4G 2014, Portland 10th September 2014
GeoFence REST Interface  GeoFence provides a REST interface for administration  Allows automation!  It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability.  Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules.  https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
GeoFence REST Interface  The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation!  Backup and restore operations are provided as part of the REST interface as well  REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
GeoFence User Interface  Top Categories  Users  Groups  Instances  Rules FOSS4G 2014, Portland 10th September 2014
GeoFence User Interface Users FOSS4G 2014, Portland 10th September 2014 Groups Instances
GeoFence User Interface Rules FOSS4G 2014, Portland 10th September 2014 Details Details
GeoFence and LDAP  An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy  LDAP can be configured through the datasource properties file  When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY)  LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2014, Portland 10th September 2014
GeoFence and Existing Auth Proxies External Auth Source LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2014, Portland 10th September 2014 Users Groups GeoFence DB GeoFence
GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 SIAN
GeoFence Use Cases MapManager MapStore GeoFence GeoFence GeoStore GeoServer JMX Agents FOSS4G 2014, Portland 10th September 2014 GeoGraphic Building Block
GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 Astrium GetGeo
GeoFence Use Cases  Layers filtered (CQL filters) by user profile to constrain access to advanced functionality  Possibility of spatial filters to allow regional access only FOSS4G 2014, Portland 10th September 2014 Destination
GeoFence Status  Project Released as Open Source  Continuous Build is in place  Dev and Users Mailing Lists are in place  Latest Improvements  IP based filter rules  Catalog Mode support  GeoServer community module for the probe  Probe Wicket Configuration Page  Further Improvements FOSS4G 2014, Portland 10th September 2014  Documentation  Official Releases  UI Refactor (based on REST APIs)
The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2014, Portland 10th September 2014

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018Jody Garnett
 
Firestore: The Basics
Firestore: The BasicsFirestore: The Basics
Firestore: The BasicsJielynn Diroy
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
GeoServer Ecosystem 2018
GeoServer Ecosystem 2018GeoServer Ecosystem 2018
GeoServer Ecosystem 2018Jody Garnett
 
Firestore: The Basics
Firestore: The BasicsFirestore: The Basics
Firestore: The BasicsJielynn Diroy
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoSolutions
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.Taras Matyashovsky
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introductionRico Chen
 
IBM Integration Bus and REST APIs - Sanjay Nagchowdhury
IBM Integration Bus and REST APIs - Sanjay NagchowdhuryIBM Integration Bus and REST APIs - Sanjay Nagchowdhury
IBM Integration Bus and REST APIs - Sanjay NagchowdhuryKaren Broughton-Mabbitt
 
Geo server 성능향상을 위한 튜닝 기법 20111028
Geo server 성능향상을 위한 튜닝 기법 20111028Geo server 성능향상을 위한 튜닝 기법 20111028
Geo server 성능향상을 위한 튜닝 기법 20111028BJ Jang
 
The Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringThe Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringTimothy Spann
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersDataWorks Summit
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 
Apache Sedona: how to process petabytes of agronomic data with Spark
Apache Sedona: how to process petabytes of agronomic data with SparkApache Sedona: how to process petabytes of agronomic data with Spark
Apache Sedona: how to process petabytes of agronomic data with SparkLuiz Henrique Zambom Santana
 
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark Wu
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark WuVirtual Flink Forward 2020: A deep dive into Flink SQL - Jark Wu
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark WuFlink Forward
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Building a Streaming Microservice Architecture: with Apache Spark Structured ...
Building a Streaming Microservice Architecture: with Apache Spark Structured ...Building a Streaming Microservice Architecture: with Apache Spark Structured ...
Building a Streaming Microservice Architecture: with Apache Spark Structured ...Databricks
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoAngel Borroy López
 
A Visual Introduction to Apache Kafka
A Visual Introduction to Apache KafkaA Visual Introduction to Apache Kafka
A Visual Introduction to Apache KafkaPaul Brebner
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and ThenSATOSHI TAGOMORI
 
Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Sword Crig 2007 12 06
Sword Crig 2007 12 06Sword Crig 2007 12 06
Sword Crig 2007 12 06Julie Allinson
 

More Related Content

What's hot

Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoSolutions
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.Taras Matyashovsky
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introductionRico Chen
 
IBM Integration Bus and REST APIs - Sanjay Nagchowdhury
IBM Integration Bus and REST APIs - Sanjay NagchowdhuryIBM Integration Bus and REST APIs - Sanjay Nagchowdhury
IBM Integration Bus and REST APIs - Sanjay NagchowdhuryKaren Broughton-Mabbitt
 
Geo server 성능향상을 위한 튜닝 기법 20111028
Geo server 성능향상을 위한 튜닝 기법 20111028Geo server 성능향상을 위한 튜닝 기법 20111028
Geo server 성능향상을 위한 튜닝 기법 20111028BJ Jang
 
The Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringThe Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringTimothy Spann
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersDataWorks Summit
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellN Masahiro
 
Apache Sedona: how to process petabytes of agronomic data with Spark
Apache Sedona: how to process petabytes of agronomic data with SparkApache Sedona: how to process petabytes of agronomic data with Spark
Apache Sedona: how to process petabytes of agronomic data with SparkLuiz Henrique Zambom Santana
 
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark Wu
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark WuVirtual Flink Forward 2020: A deep dive into Flink SQL - Jark Wu
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark WuFlink Forward
 
Building a Streaming Microservice Architecture: with Apache Spark Structured ...
Building a Streaming Microservice Architecture: with Apache Spark Structured ...Building a Streaming Microservice Architecture: with Apache Spark Structured ...
Building a Streaming Microservice Architecture: with Apache Spark Structured ...Databricks
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoAngel Borroy López
 
A Visual Introduction to Apache Kafka
A Visual Introduction to Apache KafkaA Visual Introduction to Apache Kafka
A Visual Introduction to Apache KafkaPaul Brebner
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and ThenSATOSHI TAGOMORI
 

What's hot (20)

Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer And GeoTools: Achievements, Issues And Future Develo...
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
 
Grafana introduction
Grafana introductionGrafana introduction
Grafana introduction
 
IBM Integration Bus and REST APIs - Sanjay Nagchowdhury
IBM Integration Bus and REST APIs - Sanjay NagchowdhuryIBM Integration Bus and REST APIs - Sanjay Nagchowdhury
IBM Integration Bus and REST APIs - Sanjay Nagchowdhury
 
Geo server 성능향상을 위한 튜닝 기법 20111028
Geo server 성능향상을 위한 튜닝 기법 20111028Geo server 성능향상을 위한 튜닝 기법 20111028
Geo server 성능향상을 위한 튜닝 기법 20111028
 
The Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and SpringThe Dream Stream Team for Pulsar and Spring
The Dream Stream Team for Pulsar and Spring
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
 
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise UsersApache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
Apache Knox Gateway "Single Sign On" expands the reach of the Enterprise Users
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 
Apache Sedona: how to process petabytes of agronomic data with Spark
Apache Sedona: how to process petabytes of agronomic data with SparkApache Sedona: how to process petabytes of agronomic data with Spark
Apache Sedona: how to process petabytes of agronomic data with Spark
 
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark Wu
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark WuVirtual Flink Forward 2020: A deep dive into Flink SQL - Jark Wu
Virtual Flink Forward 2020: A deep dive into Flink SQL - Jark Wu
 
Logstash
LogstashLogstash
Logstash
 
Building a Streaming Microservice Architecture: with Apache Spark Structured ...
Building a Streaming Microservice Architecture: with Apache Spark Structured ...Building a Streaming Microservice Architecture: with Apache Spark Structured ...
Building a Streaming Microservice Architecture: with Apache Spark Structured ...
 
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for AlfrescoCollaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
 
A Visual Introduction to Apache Kafka
A Visual Introduction to Apache KafkaA Visual Introduction to Apache Kafka
A Visual Introduction to Apache Kafka
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and Then
 

Similar to Advanced Security With GeoServer

Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Julie Allinson
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 JulieallinsonJulie Allinson
 
Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Julie Allinson
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoSolutions
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoSolutions
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework riround
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoSolutions
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeoSolutions
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoSolutions
 
Flagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis VZW
 
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMadaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMtherealgaston
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006kkorovkin
 
Compliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing ServicesCompliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing ServicesTheodor Foerster
 

Similar to Advanced Security With GeoServer (20)

Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFence
 
Sword Crig 2007 12 06
Sword Crig 2007 12 06Sword Crig 2007 12 06
Sword Crig 2007 12 06
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 Julieallinson
 
Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginners
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
 
Sword 2007 06 22
Sword 2007 06 22Sword 2007 06 22
Sword 2007 06 22
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginners
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 Redux
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
 
Flagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertier
 
Parse par Nicolas Lauquin
Parse par Nicolas LauquinParse par Nicolas Lauquin
Parse par Nicolas Lauquin
 
Dog2 0
Dog2 0Dog2 0
Dog2 0
 
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMadaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006
 
Compliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing ServicesCompliance Testing of Open Source Software for Web Processing Services
Compliance Testing of Open Source Software for Web Processing Services
 

More from GeoSolutions

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The StoryGeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNodeGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZYGeoSolutions
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12GeoSolutions
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactGeoSolutions
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016GeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015GeoSolutions
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerGeoSolutions
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingGeoSolutions
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04GeoSolutions
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015GeoSolutions
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCGeoSolutions
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoSolutions
 

More from GeoSolutions (19)

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The Story
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodes
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNode
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZY
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and React
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServer
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGC
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Advanced Security With GeoServer

  • 1. Advanced Security With GeoServer Ing. Mauro Bartolomeoli, GeoSolutions Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2014, Portland 10th September 2014
  • 2. GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoBatch, GeoNetwork  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2014, Portland 10th September 2014
  • 3. GeoServer Security Subsystem Overview FOSS4G 2014, Portland 10th September 2014
  • 4. GeoServer Security Subsystem Overview  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers) FOSS4G 2014, Portland 10th September 2014
  • 5. GeoServer Security Subsystem Overview  Based on Spring Security  Users / Groups / Roles  User/group services  Role services  Authentication  Chains  Filters  Providers  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS  By role FOSS4G 2014, Portland 10th September 2014
  • 6. Users / Groups / Roles Storage FOSS4G 2014, Portland 10th September 2014
  • 7. Users / Groups / Roles Storage  User/Group service  Storage for users and groups details  Storage for user credentials (e.g. passwords)  Password encryption handling  Read/Write or Read-only  Default implementations  XML files  Database through JDBC  Easy to implement and plug new services  Used by many filters/providers as a source for authenticated users detail  Missing: Read/Write LDAP User/Group service FOSS4G 2014, Portland 10th September 2014
  • 8. Users / Groups / Roles Storage  Role service  Storage for roles  Read/Write or Read-only  Assign roles to users and or groups  Default implementations  XML files  Database through JDBC  J2EE (from the Java Web Container)  LDAP  Easy to implement and plug new services  Active (Default) Role service  Used by many filters/providers as a source for authenticated users roles FOSS4G 2014, Portland 10th September 2014
  • 9. Authentication FOSS4G 2014, Portland 10th September 2014
  • 10. Authentication  Filter Chains  By «request url» pattern matching  Web UI  OGC Services  REST API  …  By Method: GET, POST, …  HTTP Session handling  Each chain applies a sequence of configured Filters to matching requests  Only SSL flag FOSS4G 2014, Portland 10th September 2014
  • 11. Authentication  Filters  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  HTTP Header  Digest  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO) FOSS4G 2014, Portland 10th September 2014
  • 12. Authentication  Authentication Providers  Used if filters require further authentication of gathered credentials (no preauthentication can be applied)  Username Password (using user/group service)  Database through JDBC (uses credentials to connect to a database, very different from the JDBC user/group service)  LDAP  with ActiveDirectory support  Easy to implement and plug new providers  Providers chain, to allow for different authentication mechanisms (e.g intranet users from LDAP, internet users from db) FOSS4G 2014, Portland 10th September 2014
  • 13. Authentication  Extensions  CAS (https://www.apereo.org/cas): example of SSO integration  Community modules  Authkey: simple UUID to user mapper  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)  Real World Use Cases  Shibboleth SSO (using Headers or CGI environment variables)  Mixing filters/providers: LDAP/AD for internal users, jdbc for external users FOSS4G 2014, Portland 10th September 2014
  • 14. Authentication  Future improvements  Clean up and filling holes  Increase LDAP support (e.g. LDAP User/Group Service for LDAP read-write support)  Greater flexibility  Improve authkey community module (new webservice based mappers) and promote to extension  New authentication filters (e.g. reading credentials from CGI environment variables) FOSS4G 2014, Portland 10th September 2014
  • 15. Authorization FOSS4G 2014, Portland 10th September 2014
  • 16. Authorization  Simple default implementation  Permissions assigned only by user role(s)  Data Access Authorization Rules  Workspace  Single Layer  Access Mode: Read, Write, Admin  Services Authorization Rules  Service (WMS, WFS, …)  Method (GetMap, GetLegendGraphic, …)  Pluggable ResourceAccessManager  SecureCatalog  Security Wrapped Catalog Objects (e.g. ReadOnlyDataStore) FOSS4G 2014, Portland 10th September 2014
  • 17. Authorization  ResourceAccessManager  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Allows for fine grained limits  Read filters  Write filters  Spatial filters  SecureCatalog  Wraps original Catalog objects with secured implementations, aware of ResourceAccessManager defined limits  Secured wrappers take care of enforcing authorization rules, transparently FOSS4G 2014, Portland 10th September 2014
  • 18. Meet GeoFence FOSS4G 2014, Portland 10th September 2014
  • 19. GeoFence  Extended A&A for GeoServer  Authentication  Optional  Integrated with GeoServer authorization architecture  Open Source  GPL  Code on GitHub  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS FOSS4G 2014, Portland 10th September 2014
  • 20. GeoFence  Based on GSIP 57  Mixed Interceptor + Probe approach  Extended authorization management for GeoServer  External Rule-Based System  GeoServer Internal Probe  On-the-fly manipulation of incoming requests  Role Based Access Control  Users  Groups  Rule-based database  IPTables-like FOSS4G 2014, Portland 10th September 2014
  • 21. GeoFence  Fine Grain Authorization Control  Services  Operations  Workspaces  Layers  Attributes (alphanumeric and geospatial)  External Web Application  REST Interface  GUI  Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2014, Portland 10th September 2014
  • 22. GeoFence  Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF  Supports DBMS  PostgreSQL/PostGIS  Oracle spatial  H2  Performance ensured thanks to a fine-tunable cache FOSS4G 2014, Portland 10th September 2014
  • 23. GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
  • 24. GeoServer Security Model  The GeoFence Authentication provider delegates credential checks to GeoFence  The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2014, Portland 10th September 2014
  • 25. GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
  • 26. Digging GeoFence FOSS4G 2014, Portland 10th September 2014
  • 27. GeoFence Architecture  Geofence Stack (again…) FOSS4G 2014, Portland 10th September 2014
  • 28. GeoFence Architecture Modules and packages  GUI  core: GUI logic, implemented using GWT  webapp: produces the final web application .war file  Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance FOSS4G 2014, Portland 10th September 2014
  • 29. GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer  GeoServer instances in a cluster must share the same ClusterID (instance name)  GeoFence uses the instance name to select rules  The Probe queries GeoFence on each request* with proper info  Instance name  User  Request Details  GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2014, Portland 10th September 2014
  • 30. GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence.  The cache can be configured on different aspects:  number of entries,  expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2014, Portland 10th September 2014
  • 31. GeoFence Rule System  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request  Incoming authorization requests are transformed in a rule filter  Filtering can be performed on one or more of these fields:  Username  Group the provided user belongs to FOSS4G 2014, Portland 10th September 2014
  • 32. GeoFence Rule System  Source geoserver instance  We can control multiple GeoServer clusters  OGC Service  E.g. WMS  OGC Service Operation  E.g. GetCapabilities  Workspace  E.g. it.geosolutions  Layer name  E.g. topp:states FOSS4G 2014, Portland 10th September 2014
  • 33. GeoFence Rule System Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED. FOSS4G 2014, Portland 10th September 2014
  • 34. GeoFence Rule System  When an ALLOW rule is matched, the user will have access to the requested resource.  Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2014, Portland 10th September 2014
  • 35. GeoFence Rule System  Examples  Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requests)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2014, Portland 10th September 2014
  • 36. GeoFence Rule System FOSS4G 2014, Portland 10th September 2014
  • 37. GeoFence REST Interface  GeoFence provides a REST interface for administration  Allows automation!  It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability.  Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules.  https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
  • 38. GeoFence REST Interface  The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation!  Backup and restore operations are provided as part of the REST interface as well  REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
  • 39. GeoFence User Interface  Top Categories  Users  Groups  Instances  Rules FOSS4G 2014, Portland 10th September 2014
  • 40. GeoFence User Interface Users FOSS4G 2014, Portland 10th September 2014 Groups Instances
  • 41. GeoFence User Interface Rules FOSS4G 2014, Portland 10th September 2014 Details Details
  • 42. GeoFence and LDAP  An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy  LDAP can be configured through the datasource properties file  When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY)  LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2014, Portland 10th September 2014
  • 43. GeoFence and Existing Auth Proxies External Auth Source LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2014, Portland 10th September 2014 Users Groups GeoFence DB GeoFence
  • 44. GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 SIAN
  • 45. GeoFence Use Cases MapManager MapStore GeoFence GeoFence GeoStore GeoServer JMX Agents FOSS4G 2014, Portland 10th September 2014 GeoGraphic Building Block
  • 46. GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 Astrium GetGeo
  • 47. GeoFence Use Cases  Layers filtered (CQL filters) by user profile to constrain access to advanced functionality  Possibility of spatial filters to allow regional access only FOSS4G 2014, Portland 10th September 2014 Destination
  • 48. GeoFence Status  Project Released as Open Source  Continuous Build is in place  Dev and Users Mailing Lists are in place  Latest Improvements  IP based filter rules  Catalog Mode support  GeoServer community module for the probe  Probe Wicket Configuration Page  Further Improvements FOSS4G 2014, Portland 10th September 2014  Documentation  Official Releases  UI Refactor (based on REST APIs)
  • 49. The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2014, Portland 10th September 2014