SlideShare a Scribd company logo

Advanced Security With GeoServer

Download as PPTX, PDF
GeoSolutions
GeoSolutions

The presentation will provide an introduction to GeoServer own authentication and authorization subsystems. We’ll cover the supported authentication protocols, such as from basic/digest authentication and CAS support, check through the various identity providers, such as local config files, database tables and LDAP servers, and how it’s possible to combine the various bits in a single comprehensive authentication tool, as well as providing examples of custom authentication plugins for GeoServer, integrating it in a home grown security architecture. We’ll then move on to authorization, describing the GeoServer pluggable authorization mechanism and comparing it with proxy based solution, and check the built in service and data security system, reviewing its benefits and limitations. Finally we’ll explore an advanced authentication tool called GeoFence, and see how it can plug into GeoServer to provide graphical configuration abilities for use complex authorization rules over data and OGC services, taking into account spatial filters, attribute filters, attribute hiding as well as cropping raster data to areas of interest. Finally we’ll show how using LDAP both GeoFence and GeoServer can use a common users database, simplifying administrators job, and provide some real world examples.

Technology
1 of 49
Advanced Security With GeoServer Ing. Mauro Bartolomeoli, GeoSolutions Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2014, Portland 10th September 2014
GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoBatch, GeoNetwork  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers) FOSS4G 2014, Portland 10th September 2014
GeoServer Security Subsystem Overview  Based on Spring Security  Users / Groups / Roles  User/group services  Role services  Authentication  Chains  Filters  Providers  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS  By role FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage  User/Group service  Storage for users and groups details  Storage for user credentials (e.g. passwords)  Password encryption handling  Read/Write or Read-only  Default implementations  XML files  Database through JDBC  Easy to implement and plug new services  Used by many filters/providers as a source for authenticated users detail  Missing: Read/Write LDAP User/Group service FOSS4G 2014, Portland 10th September 2014
Users / Groups / Roles Storage  Role service  Storage for roles  Read/Write or Read-only  Assign roles to users and or groups  Default implementations  XML files  Database through JDBC  J2EE (from the Java Web Container)  LDAP  Easy to implement and plug new services  Active (Default) Role service  Used by many filters/providers as a source for authenticated users roles FOSS4G 2014, Portland 10th September 2014
Authentication FOSS4G 2014, Portland 10th September 2014
Authentication  Filter Chains  By «request url» pattern matching  Web UI  OGC Services  REST API  …  By Method: GET, POST, …  HTTP Session handling  Each chain applies a sequence of configured Filters to matching requests  Only SSL flag FOSS4G 2014, Portland 10th September 2014
Authentication  Filters  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  HTTP Header  Digest  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO) FOSS4G 2014, Portland 10th September 2014
Authentication  Authentication Providers  Used if filters require further authentication of gathered credentials (no preauthentication can be applied)  Username Password (using user/group service)  Database through JDBC (uses credentials to connect to a database, very different from the JDBC user/group service)  LDAP  with ActiveDirectory support  Easy to implement and plug new providers  Providers chain, to allow for different authentication mechanisms (e.g intranet users from LDAP, internet users from db) FOSS4G 2014, Portland 10th September 2014
Authentication  Extensions  CAS (https://www.apereo.org/cas): example of SSO integration  Community modules  Authkey: simple UUID to user mapper  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)  Real World Use Cases  Shibboleth SSO (using Headers or CGI environment variables)  Mixing filters/providers: LDAP/AD for internal users, jdbc for external users FOSS4G 2014, Portland 10th September 2014
Authentication  Future improvements  Clean up and filling holes  Increase LDAP support (e.g. LDAP User/Group Service for LDAP read-write support)  Greater flexibility  Improve authkey community module (new webservice based mappers) and promote to extension  New authentication filters (e.g. reading credentials from CGI environment variables) FOSS4G 2014, Portland 10th September 2014
Authorization FOSS4G 2014, Portland 10th September 2014
Authorization  Simple default implementation  Permissions assigned only by user role(s)  Data Access Authorization Rules  Workspace  Single Layer  Access Mode: Read, Write, Admin  Services Authorization Rules  Service (WMS, WFS, …)  Method (GetMap, GetLegendGraphic, …)  Pluggable ResourceAccessManager  SecureCatalog  Security Wrapped Catalog Objects (e.g. ReadOnlyDataStore) FOSS4G 2014, Portland 10th September 2014
Authorization  ResourceAccessManager  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Allows for fine grained limits  Read filters  Write filters  Spatial filters  SecureCatalog  Wraps original Catalog objects with secured implementations, aware of ResourceAccessManager defined limits  Secured wrappers take care of enforcing authorization rules, transparently FOSS4G 2014, Portland 10th September 2014
Meet GeoFence FOSS4G 2014, Portland 10th September 2014
GeoFence  Extended A&A for GeoServer  Authentication  Optional  Integrated with GeoServer authorization architecture  Open Source  GPL  Code on GitHub  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS FOSS4G 2014, Portland 10th September 2014
GeoFence  Based on GSIP 57  Mixed Interceptor + Probe approach  Extended authorization management for GeoServer  External Rule-Based System  GeoServer Internal Probe  On-the-fly manipulation of incoming requests  Role Based Access Control  Users  Groups  Rule-based database  IPTables-like FOSS4G 2014, Portland 10th September 2014
GeoFence  Fine Grain Authorization Control  Services  Operations  Workspaces  Layers  Attributes (alphanumeric and geospatial)  External Web Application  REST Interface  GUI  Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2014, Portland 10th September 2014
GeoFence  Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF  Supports DBMS  PostgreSQL/PostGIS  Oracle spatial  H2  Performance ensured thanks to a fine-tunable cache FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model  The GeoFence Authentication provider delegates credential checks to GeoFence  The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2014, Portland 10th September 2014
GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
Digging GeoFence FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  Geofence Stack (again…) FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture Modules and packages  GUI  core: GUI logic, implemented using GWT  webapp: produces the final web application .war file  Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer  GeoServer instances in a cluster must share the same ClusterID (instance name)  GeoFence uses the instance name to select rules  The Probe queries GeoFence on each request* with proper info  Instance name  User  Request Details  GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2014, Portland 10th September 2014
GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence.  The cache can be configured on different aspects:  number of entries,  expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request  Incoming authorization requests are transformed in a rule filter  Filtering can be performed on one or more of these fields:  Username  Group the provided user belongs to FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Source geoserver instance  We can control multiple GeoServer clusters  OGC Service  E.g. WMS  OGC Service Operation  E.g. GetCapabilities  Workspace  E.g. it.geosolutions  Layer name  E.g. topp:states FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED. FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  When an ALLOW rule is matched, the user will have access to the requested resource.  Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System  Examples  Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requests)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2014, Portland 10th September 2014
GeoFence Rule System FOSS4G 2014, Portland 10th September 2014
GeoFence REST Interface  GeoFence provides a REST interface for administration  Allows automation!  It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability.  Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules.  https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
GeoFence REST Interface  The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation!  Backup and restore operations are provided as part of the REST interface as well  REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
GeoFence User Interface  Top Categories  Users  Groups  Instances  Rules FOSS4G 2014, Portland 10th September 2014
GeoFence User Interface Users FOSS4G 2014, Portland 10th September 2014 Groups Instances
GeoFence User Interface Rules FOSS4G 2014, Portland 10th September 2014 Details Details
GeoFence and LDAP  An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy  LDAP can be configured through the datasource properties file  When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY)  LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2014, Portland 10th September 2014
GeoFence and Existing Auth Proxies External Auth Source LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2014, Portland 10th September 2014 Users Groups GeoFence DB GeoFence
GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 SIAN
GeoFence Use Cases MapManager MapStore GeoFence GeoFence GeoStore GeoServer JMX Agents FOSS4G 2014, Portland 10th September 2014 GeoGraphic Building Block
GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 Astrium GetGeo
GeoFence Use Cases  Layers filtered (CQL filters) by user profile to constrain access to advanced functionality  Possibility of spatial filters to allow regional access only FOSS4G 2014, Portland 10th September 2014 Destination
GeoFence Status  Project Released as Open Source  Continuous Build is in place  Dev and Users Mailing Lists are in place  Latest Improvements  IP based filter rules  Catalog Mode support  GeoServer community module for the probe  Probe Wicket Configuration Page  Further Improvements FOSS4G 2014, Portland 10th September 2014  Documentation  Official Releases  UI Refactor (based on REST APIs)
The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2014, Portland 10th September 2014

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
[FOSS4G Korea 2016] Workshop - Advanced GeoServer
[FOSS4G Korea 2016] Workshop - Advanced GeoServer[FOSS4G Korea 2016] Workshop - Advanced GeoServer
[FOSS4G Korea 2016] Workshop - Advanced GeoServerMinPa Lee
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...luisw19
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityBruno Henrique Rother
 
Node.js Express Framework
Node.js Express FrameworkNode.js Express Framework
Node.js Express FrameworkTheCreativedev Blog
 

Recommended

Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015Advanced Security with GeoServer - FOSS4G 2015
Advanced Security with GeoServer - FOSS4G 2015GeoSolutions
 
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
[FOSS4G Korea 2016] Workshop - Advanced GeoServer
[FOSS4G Korea 2016] Workshop - Advanced GeoServer[FOSS4G Korea 2016] Workshop - Advanced GeoServer
[FOSS4G Korea 2016] Workshop - Advanced GeoServerMinPa Lee
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...luisw19
 
Introduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityIntroduction to JWT and How to integrate with Spring Security
Introduction to JWT and How to integrate with Spring SecurityBruno Henrique Rother
 
Node.js Express Framework
Node.js Express FrameworkNode.js Express Framework
Node.js Express FrameworkTheCreativedev Blog
 
introduction about REST API
introduction about REST APIintroduction about REST API
introduction about REST APIAmilaSilva13
 
Database, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseDatabase, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseTu Pham
 
kotlinx.serialization
kotlinx.serializationkotlinx.serialization
kotlinx.serializationArawn Park
 
REST API Development with Spring
REST API Development with SpringREST API Development with Spring
REST API Development with SpringKeesun Baik
 
Spring integration을 통해_살펴본_메시징_세계
Spring integration을 통해_살펴본_메시징_세계Spring integration을 통해_살펴본_메시징_세계
Spring integration을 통해_살펴본_메시징_세계Wangeun Lee
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackRohit Sharma
 
Python/Flask Presentation
Python/Flask PresentationPython/Flask Presentation
Python/Flask PresentationParag Mujumdar
 
Introduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionIntroduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionRichard Paul
 
SpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and BeyondSpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and BeyondVMware Tanzu
 
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]MongoDB
 
hive HBase Metastore - Improving Hive with a Big Data Metadata Storage
hive HBase Metastore - Improving Hive with a Big Data Metadata Storagehive HBase Metastore - Improving Hive with a Big Data Metadata Storage
hive HBase Metastore - Improving Hive with a Big Data Metadata StorageDataWorks Summit/Hadoop Summit
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Containers for Dummies
Containers for DummiesContainers for Dummies
Containers for DummiesOneNeck
 
ExoPlayer for Application developers
ExoPlayer for Application developersExoPlayer for Application developers
ExoPlayer for Application developersHassan Abid
 
Java Persistence API (JPA) Step By Step
Java Persistence API (JPA) Step By StepJava Persistence API (JPA) Step By Step
Java Persistence API (JPA) Step By StepGuo Albert
 
Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKJosé Paumard
 
Kappazunder Testdatensatz 2020 OGD Wien
Kappazunder Testdatensatz 2020 OGD WienKappazunder Testdatensatz 2020 OGD Wien
Kappazunder Testdatensatz 2020 OGD WienStadt Wien
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootPurbarun Chakrabarti
 
Découverte de Elastic search
Découverte de Elastic searchDécouverte de Elastic search
Découverte de Elastic searchJEMLI Fathi
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introductionSagar Verma
 
Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 

More Related Content

What's hot

introduction about REST API
introduction about REST APIintroduction about REST API
introduction about REST APIAmilaSilva13
 
Database, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseDatabase, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseTu Pham
 
kotlinx.serialization
kotlinx.serializationkotlinx.serialization
kotlinx.serializationArawn Park
 
REST API Development with Spring
REST API Development with SpringREST API Development with Spring
REST API Development with SpringKeesun Baik
 
Spring integration을 통해_살펴본_메시징_세계
Spring integration을 통해_살펴본_메시징_세계Spring integration을 통해_살펴본_메시징_세계
Spring integration을 통해_살펴본_메시징_세계Wangeun Lee
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackRohit Sharma
 
Python/Flask Presentation
Python/Flask PresentationPython/Flask Presentation
Python/Flask PresentationParag Mujumdar
 
Introduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionIntroduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionRichard Paul
 
SpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and BeyondSpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and BeyondVMware Tanzu
 
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]MongoDB
 
hive HBase Metastore - Improving Hive with a Big Data Metadata Storage
hive HBase Metastore - Improving Hive with a Big Data Metadata Storagehive HBase Metastore - Improving Hive with a Big Data Metadata Storage
hive HBase Metastore - Improving Hive with a Big Data Metadata StorageDataWorks Summit/Hadoop Summit
 
Containers for Dummies
Containers for DummiesContainers for Dummies
Containers for DummiesOneNeck
 
ExoPlayer for Application developers
ExoPlayer for Application developersExoPlayer for Application developers
ExoPlayer for Application developersHassan Abid
 
Java Persistence API (JPA) Step By Step
Java Persistence API (JPA) Step By StepJava Persistence API (JPA) Step By Step
Java Persistence API (JPA) Step By StepGuo Albert
 
Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKJosé Paumard
 
Kappazunder Testdatensatz 2020 OGD Wien
Kappazunder Testdatensatz 2020 OGD WienKappazunder Testdatensatz 2020 OGD Wien
Kappazunder Testdatensatz 2020 OGD WienStadt Wien
 
Découverte de Elastic search
Découverte de Elastic searchDécouverte de Elastic search
Découverte de Elastic searchJEMLI Fathi
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introductionSagar Verma
 

What's hot (20)

introduction about REST API
introduction about REST APIintroduction about REST API
introduction about REST API
 
Database, data storage, hosting with Firebase
Database, data storage, hosting with FirebaseDatabase, data storage, hosting with Firebase
Database, data storage, hosting with Firebase
 
kotlinx.serialization
kotlinx.serializationkotlinx.serialization
kotlinx.serialization
 
REST API Development with Spring
REST API Development with SpringREST API Development with Spring
REST API Development with Spring
 
Spring integration을 통해_살펴본_메시징_세계
Spring integration을 통해_살펴본_메시징_세계Spring integration을 통해_살펴본_메시징_세계
Spring integration을 통해_살펴본_메시징_세계
 
Centralized Logging System Using ELK Stack
Centralized Logging System Using ELK StackCentralized Logging System Using ELK Stack
Centralized Logging System Using ELK Stack
 
Python/Flask Presentation
Python/Flask PresentationPython/Flask Presentation
Python/Flask Presentation
 
Introduction to Spring's Dependency Injection
Introduction to Spring's Dependency InjectionIntroduction to Spring's Dependency Injection
Introduction to Spring's Dependency Injection
 
SpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and BeyondSpringOne Tour: Spring Boot 3 and Beyond
SpringOne Tour: Spring Boot 3 and Beyond
 
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
Naver속도의, 속도에 의한, 속도를 위한 몽고DB (네이버 컨텐츠검색과 몽고DB) [Naver]
 
hive HBase Metastore - Improving Hive with a Big Data Metadata Storage
hive HBase Metastore - Improving Hive with a Big Data Metadata Storagehive HBase Metastore - Improving Hive with a Big Data Metadata Storage
hive HBase Metastore - Improving Hive with a Big Data Metadata Storage
 
Logstash
LogstashLogstash
Logstash
 
Containers for Dummies
Containers for DummiesContainers for Dummies
Containers for Dummies
 
ExoPlayer for Application developers
ExoPlayer for Application developersExoPlayer for Application developers
ExoPlayer for Application developers
 
Java Persistence API (JPA) Step By Step
Java Persistence API (JPA) Step By StepJava Persistence API (JPA) Step By Step
Java Persistence API (JPA) Step By Step
 
Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UK
 
Kappazunder Testdatensatz 2020 OGD Wien
Kappazunder Testdatensatz 2020 OGD WienKappazunder Testdatensatz 2020 OGD Wien
Kappazunder Testdatensatz 2020 OGD Wien
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
 
Découverte de Elastic search
Découverte de Elastic searchDécouverte de Elastic search
Découverte de Elastic search
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introduction
 

Similar to Advanced Security With GeoServer

Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Julie Allinson
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 JulieallinsonJulie Allinson
 
Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Julie Allinson
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoSolutions
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoSolutions
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework riround
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoSolutions
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeoSolutions
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoSolutions
 
Flagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis VZW
 
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMadaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMtherealgaston
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006kkorovkin
 

Similar to Advanced Security With GeoServer (20)

Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFence
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
 
Sword Crig 2007 12 06
Sword Crig 2007 12 06Sword Crig 2007 12 06
Sword Crig 2007 12 06
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 Julieallinson
 
Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏Simple Web service Offering Repository Deposit (SWORD)‏
Simple Web service Offering Repository Deposit (SWORD)‏
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginners
 
RESTEasy
RESTEasyRESTEasy
RESTEasy
 
Sword 2007 06 22
Sword 2007 06 22Sword 2007 06 22
Sword 2007 06 22
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginners
 
Geosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 ReduxGeosolutions FOSS4g 2009 Redux
Geosolutions FOSS4g 2009 Redux
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
 
Flagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertierFlagis linked open_data_stijn_goedertier
Flagis linked open_data_stijn_goedertier
 
Parse par Nicolas Lauquin
Parse par Nicolas LauquinParse par Nicolas Lauquin
Parse par Nicolas Lauquin
 
Dog2 0
Dog2 0Dog2 0
Dog2 0
 
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEMadaptTo() 2014 - Integrating Open Source Search with CQ/AEM
adaptTo() 2014 - Integrating Open Source Search with CQ/AEM
 
Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006Dev212 Comparing Net And Java The View From 2006
Dev212 Comparing Net And Java The View From 2006
 

More from GeoSolutions

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The StoryGeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNodeGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZYGeoSolutions
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12GeoSolutions
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactGeoSolutions
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016GeoSolutions
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015GeoSolutions
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerGeoSolutions
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingGeoSolutions
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04GeoSolutions
 

More from GeoSolutions (20)

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The Story
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodes
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNode
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZY
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and React
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServer
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Advanced Security With GeoServer

  • 1. Advanced Security With GeoServer Ing. Mauro Bartolomeoli, GeoSolutions Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2014, Portland 10th September 2014
  • 2. GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoBatch, GeoNetwork  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2014, Portland 10th September 2014
  • 3. GeoServer Security Subsystem Overview FOSS4G 2014, Portland 10th September 2014
  • 4. GeoServer Security Subsystem Overview  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers) FOSS4G 2014, Portland 10th September 2014
  • 5. GeoServer Security Subsystem Overview  Based on Spring Security  Users / Groups / Roles  User/group services  Role services  Authentication  Chains  Filters  Providers  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS  By role FOSS4G 2014, Portland 10th September 2014
  • 6. Users / Groups / Roles Storage FOSS4G 2014, Portland 10th September 2014
  • 7. Users / Groups / Roles Storage  User/Group service  Storage for users and groups details  Storage for user credentials (e.g. passwords)  Password encryption handling  Read/Write or Read-only  Default implementations  XML files  Database through JDBC  Easy to implement and plug new services  Used by many filters/providers as a source for authenticated users detail  Missing: Read/Write LDAP User/Group service FOSS4G 2014, Portland 10th September 2014
  • 8. Users / Groups / Roles Storage  Role service  Storage for roles  Read/Write or Read-only  Assign roles to users and or groups  Default implementations  XML files  Database through JDBC  J2EE (from the Java Web Container)  LDAP  Easy to implement and plug new services  Active (Default) Role service  Used by many filters/providers as a source for authenticated users roles FOSS4G 2014, Portland 10th September 2014
  • 9. Authentication FOSS4G 2014, Portland 10th September 2014
  • 10. Authentication  Filter Chains  By «request url» pattern matching  Web UI  OGC Services  REST API  …  By Method: GET, POST, …  HTTP Session handling  Each chain applies a sequence of configured Filters to matching requests  Only SSL flag FOSS4G 2014, Portland 10th September 2014
  • 11. Authentication  Filters  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  HTTP Header  Digest  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO) FOSS4G 2014, Portland 10th September 2014
  • 12. Authentication  Authentication Providers  Used if filters require further authentication of gathered credentials (no preauthentication can be applied)  Username Password (using user/group service)  Database through JDBC (uses credentials to connect to a database, very different from the JDBC user/group service)  LDAP  with ActiveDirectory support  Easy to implement and plug new providers  Providers chain, to allow for different authentication mechanisms (e.g intranet users from LDAP, internet users from db) FOSS4G 2014, Portland 10th September 2014
  • 13. Authentication  Extensions  CAS (https://www.apereo.org/cas): example of SSO integration  Community modules  Authkey: simple UUID to user mapper  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)  Real World Use Cases  Shibboleth SSO (using Headers or CGI environment variables)  Mixing filters/providers: LDAP/AD for internal users, jdbc for external users FOSS4G 2014, Portland 10th September 2014
  • 14. Authentication  Future improvements  Clean up and filling holes  Increase LDAP support (e.g. LDAP User/Group Service for LDAP read-write support)  Greater flexibility  Improve authkey community module (new webservice based mappers) and promote to extension  New authentication filters (e.g. reading credentials from CGI environment variables) FOSS4G 2014, Portland 10th September 2014
  • 15. Authorization FOSS4G 2014, Portland 10th September 2014
  • 16. Authorization  Simple default implementation  Permissions assigned only by user role(s)  Data Access Authorization Rules  Workspace  Single Layer  Access Mode: Read, Write, Admin  Services Authorization Rules  Service (WMS, WFS, …)  Method (GetMap, GetLegendGraphic, …)  Pluggable ResourceAccessManager  SecureCatalog  Security Wrapped Catalog Objects (e.g. ReadOnlyDataStore) FOSS4G 2014, Portland 10th September 2014
  • 17. Authorization  ResourceAccessManager  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Allows for fine grained limits  Read filters  Write filters  Spatial filters  SecureCatalog  Wraps original Catalog objects with secured implementations, aware of ResourceAccessManager defined limits  Secured wrappers take care of enforcing authorization rules, transparently FOSS4G 2014, Portland 10th September 2014
  • 18. Meet GeoFence FOSS4G 2014, Portland 10th September 2014
  • 19. GeoFence  Extended A&A for GeoServer  Authentication  Optional  Integrated with GeoServer authorization architecture  Open Source  GPL  Code on GitHub  Authorization  Auth on data: e.g. layers, workspaces  Auth on services: e.g. WMS, WFS FOSS4G 2014, Portland 10th September 2014
  • 20. GeoFence  Based on GSIP 57  Mixed Interceptor + Probe approach  Extended authorization management for GeoServer  External Rule-Based System  GeoServer Internal Probe  On-the-fly manipulation of incoming requests  Role Based Access Control  Users  Groups  Rule-based database  IPTables-like FOSS4G 2014, Portland 10th September 2014
  • 21. GeoFence  Fine Grain Authorization Control  Services  Operations  Workspaces  Layers  Attributes (alphanumeric and geospatial)  External Web Application  REST Interface  GUI  Scalable  1 GeoFence controls N GeoServer cluster FOSS4G 2014, Portland 10th September 2014
  • 22. GeoFence  Java Enterprise infrastructure  Spring/Spring-Remoting  Hibernate  Apache CXF  Supports DBMS  PostgreSQL/PostGIS  Oracle spatial  H2  Performance ensured thanks to a fine-tunable cache FOSS4G 2014, Portland 10th September 2014
  • 23. GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
  • 24. GeoServer Security Model  The GeoFence Authentication provider delegates credential checks to GeoFence  The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2014, Portland 10th September 2014
  • 25. GeoServer Security Model FOSS4G 2014, Portland 10th September 2014
  • 26. Digging GeoFence FOSS4G 2014, Portland 10th September 2014
  • 27. GeoFence Architecture  Geofence Stack (again…) FOSS4G 2014, Portland 10th September 2014
  • 28. GeoFence Architecture Modules and packages  GUI  core: GUI logic, implemented using GWT  webapp: produces the final web application .war file  Geoserver (GeoFence Probe)  security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance FOSS4G 2014, Portland 10th September 2014
  • 29. GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer  GeoServer instances in a cluster must share the same ClusterID (instance name)  GeoFence uses the instance name to select rules  The Probe queries GeoFence on each request* with proper info  Instance name  User  Request Details  GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2014, Portland 10th September 2014
  • 30. GeoFence Architecture  The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence.  The cache can be configured on different aspects:  number of entries,  expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics FOSS4G 2014, Portland 10th September 2014
  • 31. GeoFence Rule System  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request  Incoming authorization requests are transformed in a rule filter  Filtering can be performed on one or more of these fields:  Username  Group the provided user belongs to FOSS4G 2014, Portland 10th September 2014
  • 32. GeoFence Rule System  Source geoserver instance  We can control multiple GeoServer clusters  OGC Service  E.g. WMS  OGC Service Operation  E.g. GetCapabilities  Workspace  E.g. it.geosolutions  Layer name  E.g. topp:states FOSS4G 2014, Portland 10th September 2014
  • 33. GeoFence Rule System Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED. FOSS4G 2014, Portland 10th September 2014
  • 34. GeoFence Rule System  When an ALLOW rule is matched, the user will have access to the requested resource.  Finer Grain Control on single layer rules  further restrictions may be defined  i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user   Restrictions on visible Area   Restrictions on Queryable Attributes   Restrictions on Available Styles FOSS4G 2014, Portland 10th September 2014
  • 35. GeoFence Rule System  Examples  Limiting users access to  a subset of the attributes (R/W)  a specific geographic area.  a subset of the available styles (or the default style can be forced on all requests)  A specific view of the data via a CQL filter  For reading  For writing (delete, create, update) FOSS4G 2014, Portland 10th September 2014
  • 36. GeoFence Rule System FOSS4G 2014, Portland 10th September 2014
  • 37. GeoFence REST Interface  GeoFence provides a REST interface for administration  Allows automation!  It allows a complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  The Find operation can be optionally paged  a Count operation is provided as well to take advantage of the pagination capability.  Priority ordering in rules is fundamental   there are different ways to insert and set a position for the new rules.  https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
  • 38. GeoFence REST Interface  The REST interface also provides a batch mode  multiple CRUD commands can be issued at once  The commands in the batch are processed in the same transaction  Extremely important for automation!  Backup and restore operations are provided as part of the REST interface as well  REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2014, Portland 10th September 2014
  • 39. GeoFence User Interface  Top Categories  Users  Groups  Instances  Rules FOSS4G 2014, Portland 10th September 2014
  • 40. GeoFence User Interface Users FOSS4G 2014, Portland 10th September 2014 Groups Instances
  • 41. GeoFence User Interface Rules FOSS4G 2014, Portland 10th September 2014 Details Details
  • 42. GeoFence and LDAP  An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy  LDAP can be configured through the datasource properties file  When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY)  LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2014, Portland 10th September 2014
  • 43. GeoFence and Existing Auth Proxies External Auth Source LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence  When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2014, Portland 10th September 2014 Users Groups GeoFence DB GeoFence
  • 44. GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 SIAN
  • 45. GeoFence Use Cases MapManager MapStore GeoFence GeoFence GeoStore GeoServer JMX Agents FOSS4G 2014, Portland 10th September 2014 GeoGraphic Building Block
  • 46. GeoFence Use Cases FOSS4G 2014, Portland 10th September 2014 Astrium GetGeo
  • 47. GeoFence Use Cases  Layers filtered (CQL filters) by user profile to constrain access to advanced functionality  Possibility of spatial filters to allow regional access only FOSS4G 2014, Portland 10th September 2014 Destination
  • 48. GeoFence Status  Project Released as Open Source  Continuous Build is in place  Dev and Users Mailing Lists are in place  Latest Improvements  IP based filter rules  Catalog Mode support  GeoServer community module for the probe  Probe Wicket Configuration Page  Further Improvements FOSS4G 2014, Portland 10th September 2014  Documentation  Official Releases  UI Refactor (based on REST APIs)
  • 49. The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2014, Portland 10th September 2014