SlideShare une entreprise Scribd logo

Advanced Security with GeoServer - FOSS4G 2015

GeoSolutions
GeoSolutions

The presentation will provide an introduction to GeoServer own authentication and authorization subsystems. We’ll cover the supported authentication protocols, such as from basic/digest authentication and CAS support, check through the various identity providers, such as local config files, database tables and LDAP servers, and how it’s possible to combine the various bits in a single comprehensive authentication tool, as well as providing examples of custom authentication plugins for GeoServer, integrating it in a home grown security architecture. We’ll then move on to authorization, describing the GeoServer pluggable authorization mechanism and comparing it with proxy based solution, and check the built in service and data security system, reviewing its benefits and limitations. Finally we’ll explore the advanced authentication provider, GeoFence, explore the levels on integration with GeoSErver, from the simple and seamless direct integration to the more sophisticated external setup, and see how it can provide GeoServer with complex authorization rules over data and OGC services, taking into account the current user, OGC request and requested layers to enforce spatial filters and alphanumeric filters, attribute selection as well as cropping raster data to areas of interest.

Technologie
1  sur  40
Télécharger pour lire hors ligne
Advanced Security With GeoServer Ing. Mauro Bartolomeoli Ing. Emanuele Tajariol Ing. Simone Giannecchini GeoSolutions
GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoNetwork, GeoNode, Ckan  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2015, Seoul 14th-19th September 2015
Overview FOSS4G 2015, Seoul 14th-19th September 2015  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers)
Authentication FOSS4G 2015, Seoul 14th-19th September 2015
The filter chains FOSS4G 2015, Seoul 14th-19th September 2015  Different chains for different URL groups  Each chain authenticates in a different way by composigin different filters
 UI chain, with form, HTTP session (creation allowed), and remember me services  OGC one, lighter, will use session if available, no creation Different usage, different chain FOSS4G 2015, Seoul 14th-19th September 2015
Available auth filters FOSS4G 2015, Seoul 14th-19th September 2015  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Digest  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  Session  HTTP Header  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO)
Authentication providers FOSS4G 2015, Seoul 14th-19th September 2015  Given credentials pulled from the filters, who is the user? Search in user/group database Auth as a LDAP user Auth as a DBMS user XML DBMS tables Authentication providers User/Group service Pluggable
Role providers FOSS4G 2015, Seoul 14th-19th September 2015  Given the user, what are her roles in GeoServer?  Fundamental, authorization is role based  Extensible, new providers can be built LDAP DBMS XMLDBMS tables
Extensions FOSS4G 2015, Seoul 14th-19th September 2015  CAS (https://www.apereo.org/cas): Single Sign On integration  Authkey: simple UUID to user mapper  Simple key in the URL (must use HTTPS)  Allows authentication unware clients to participate  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)
Authorization FOSS4G 2015, Seoul 14th-19th September 2015
Authorization FOSS4G 2015, Seoul 14th-19th September 2015  Given the user and her roles  Can the current «action» on the current «resource» be allowed?  Action:  Generic read/write  Specific OGC service/method call  Resource  Workspace  Layer  Layer Group  Style
ResourceAccessManager FOSS4G 2015, Seoul 14th-19th September 2015  Pluggable interface, multiple implementations  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Can access the current request (service/method/details)  Allows for fine grained limits  Attributes visible  Read filters (which features can be read)  Write filters (which features can be written)  Filters:  Alphanumeric  Temporal  Spatial
Implementations FOSS4G 2015, Seoul 14th-19th September 2015  Default security subsystem  Simple per workspace/layer authentication  GeoFence  External application (*)  Full use of ResourceAccessManager abilities  Other custom implementations  Integrate with existing in-house authorization mechanism  Quite popular in large enterprise setup
GeoFence FOSS4G 2015, Seoul 14th-19th September 2015
GeoFence FOSS4G 2015, Seoul 14th-19th September 2015  Extended A&A for GeoServer  Optional Authentication, Sophisticated authorization  Open Source, GPL https://github.com/geoserver/geofence
Structure FOSS4G 2015, Seoul 14th-19th September 2015
Stand alone User interface FOSS4G 2015, Seoul 14th-19th September 2015
User management FOSS4G 2015, Seoul 14th-19th September 2015
GeoFence rules FOSS4G 2015, Seoul 14th-19th September 2015  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request
GeoFence rules matching FOSS4G 2015, Seoul 14th-19th September 2015  Rules are matched based on:  Username  Group the provided user belongs to  GeoServer Instance (single GeoFence  multiple GS clusters)  OGC Service (e.g., WMS)  OGC Service Operation (e.g., GetFeatureInfo)  Workspace (E.g. it.geosolutions)  Layer name (E.g. topp:states)
Example FOSS4G 2015, Seoul 14th-19th September 2015 Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED.
Restrictions (LIMIT rules) FOSS4G 2015, Seoul 14th-19th September 2015  When an ALLOW rule is matched, the user will have access to the requested resource:   Restrictions on available area   Restrictions on alphanumeric conditions
Restrictions (LIMIT rules) FOSS4G 2015, Seoul 14th-19th September 2015   Restrictions on available attributes
Stand-alone GeoFence FOSS4G 2015, Seoul 14th-19th September 2015  The GeoFence ResourceAccessManager (Geofence Probe) calls GeoFence REST services.  A cache is setup to minimize network traffic  A cache can be configured on different aspects: number of entries, expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics
GeoFence REST API FOSS4G 2015, Seoul 14th-19th September 2015  REST interface for administration  automation  Complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  Paging support  Priority ordering in rules is fundamental: different ways to insert and set a position for the new rules.  Batch mode, backup and restore available  See details at: https://github.com/geosolutions-it/geofence/wiki/REST-API
GeoFence direct integration FOSS4G 2015, Seoul 14th-19th September 2015
GeoFence integration FOSS4G 2015, Seoul 14th-19th September 2015  Simple setups demand simple solution  Have GeoFence run inside GeoServer  Integration similar to GWC one, runs like a plugin GeoServer GeoWebCache GeoFence Rules DB
Baby steps FOSS4G 2015, Seoul 14th-19th September 2015  Born as a more future-proof alternative to improving the internal security subsystem  Community module, available via nightly builds  Delivers a subset of the full functionality: access/deny based on mix of user/layer/workspace/request  Integrated UI
Baby steps FOSS4G 2015, Seoul 14th-19th September 2015  Born as a more future-proof alternative to improving the internal security subsystem  Community module, available via nightly builds  Delivers a subset of the full functionality: access/deny based on mix of user/layer/workspace/request  Integrated UI
General Configuration FOSS4G 2015, Seoul 14th-19th September 2015
General Configuration (continued) FOSS4G 2015, Seoul 14th-19th September 2015
Creating rules FOSS4G 2015, Seoul 14th-19th September 2015
Rules list FOSS4G 2015, Seoul 14th-19th September 2015
Example 1 FOSS4G 2015, Seoul 14th-19th September 2015
Example 1 – layer preview FOSS4G 2015, Seoul 14th-19th September 2015
Example 2 FOSS4G 2015, Seoul 14th-19th September 2015
Example 2 – layer preview FOSS4G 2015, Seoul 14th-19th September 2015
TODO FOSS4G 2015, Seoul 14th-19th September 2015  Allow to edit LIMIT rules  Force default style  Limit attributes  Filter contents  Limit by area  Control writes at the rule level  Better/Easier way to re-order rules  Configuration of external database (now using embedded H2 in data dir, not cluster friendly)  Migrate old security system rules to GeoFence as possible
That’s all folks! Questions? info@geo-solutions.it FOSS4G 2015, Seoul 14th-19th September 2015

Recommandé

Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
Experience using the IO-500
Experience using the IO-500Experience using the IO-500
Experience using the IO-500George Markomanolis
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 

Recommandé

Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...
Crunching Data In GeoServer: Mastering Rendering Transformations, WPS Process...GeoSolutions
 
GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoServer in Production: we do it, here is how!
GeoServer in Production: we do it, here is how!GeoSolutions
 
One GeoNode, many GeoNodes
One GeoNode, many GeoNodesOne GeoNode, many GeoNodes
One GeoNode, many GeoNodesGeoSolutions
 
GeoServer on Steroids
GeoServer on SteroidsGeoServer on Steroids
GeoServer on SteroidsGeoSolutions
 
Experience using the IO-500
Experience using the IO-500Experience using the IO-500
Experience using the IO-500George Markomanolis
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
 
GeoServer on Steroids
GeoServer on Steroids GeoServer on Steroids
GeoServer on Steroids GeoSolutions
 
Creating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesCreating Stunning Maps in GeoServer: mastering SLD and CSS styles
Creating Stunning Maps in GeoServer: mastering SLD and CSS stylesGeoSolutions
 
오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초HaNJiN Lee
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판BJ Jang
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
데이터공유 농축산식품-GS1적용(김대영)
데이터공유 농축산식품-GS1적용(김대영)데이터공유 농축산식품-GS1적용(김대영)
데이터공유 농축산식품-GS1적용(김대영)Daeyoung Kim
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101SUSE Labs Taipei
 
오픈소스 GIS의 이해 - OSgeo Projects 중심
오픈소스 GIS의 이해 - OSgeo Projects 중심오픈소스 GIS의 이해 - OSgeo Projects 중심
오픈소스 GIS의 이해 - OSgeo Projects 중심MinPa Lee
 
GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서SANGHEE SHIN
 
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기Byeong-Hyeok Yu
 
I Didn't Know You Could Do That with zOS.pdf
I Didn't Know You Could Do That with zOS.pdfI Didn't Know You Could Do That with zOS.pdf
I Didn't Know You Could Do That with zOS.pdfMarna Walle
 
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for UnrealKyu-sung Choi
 
Building Enterprise SDI with Geonode
Building Enterprise SDI with GeonodeBuilding Enterprise SDI with Geonode
Building Enterprise SDI with GeonodeRafael Soto
 
Scaling WebRTC applications with Janus
Scaling WebRTC applications with JanusScaling WebRTC applications with Janus
Scaling WebRTC applications with JanusLorenzo Miniero
 
Embeddings! embeddings everywhere!
Embeddings! embeddings everywhere!Embeddings! embeddings everywhere!
Embeddings! embeddings everywhere!Maciej Arciuch
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Ray Jenkins
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP Netronome
 
USENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsUSENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsBrendan Gregg
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 
GeoServer, The Open Source Solution for the interoperable management of geo...
GeoServer, The Open Source Solution for the interoperable management of geo...GeoServer, The Open Source Solution for the interoperable management of geo...
GeoServer, The Open Source Solution for the interoperable management of geo...GeoSolutions
 

Contenu connexe

Tendances

오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초HaNJiN Lee
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판BJ Jang
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...GeoSolutions
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardAnne Nicolas
 
데이터공유 농축산식품-GS1적용(김대영)
데이터공유 농축산식품-GS1적용(김대영)데이터공유 농축산식품-GS1적용(김대영)
데이터공유 농축산식품-GS1적용(김대영)Daeyoung Kim
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...GeoSolutions
 
오픈소스 GIS의 이해 - OSgeo Projects 중심
오픈소스 GIS의 이해 - OSgeo Projects 중심오픈소스 GIS의 이해 - OSgeo Projects 중심
오픈소스 GIS의 이해 - OSgeo Projects 중심MinPa Lee
 
GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서SANGHEE SHIN
 
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기Byeong-Hyeok Yu
 
I Didn't Know You Could Do That with zOS.pdf
I Didn't Know You Could Do That with zOS.pdfI Didn't Know You Could Do That with zOS.pdf
I Didn't Know You Could Do That with zOS.pdfMarna Walle
 
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for UnrealKyu-sung Choi
 
Building Enterprise SDI with Geonode
Building Enterprise SDI with GeonodeBuilding Enterprise SDI with Geonode
Building Enterprise SDI with GeonodeRafael Soto
 
Scaling WebRTC applications with Janus
Scaling WebRTC applications with JanusScaling WebRTC applications with Janus
Scaling WebRTC applications with JanusLorenzo Miniero
 
Embeddings! embeddings everywhere!
Embeddings! embeddings everywhere!Embeddings! embeddings everywhere!
Embeddings! embeddings everywhere!Maciej Arciuch
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Ray Jenkins
 
USENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsUSENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsBrendan Gregg
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 

Tendances (20)

오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초오픈소스GIS 개론 과정 - OpenLayers 기초
오픈소스GIS 개론 과정 - OpenLayers 기초
 
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
Open Source GIS 기초교육 4일차 - GeoServer 기초 2014년 7월판
 
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
Enterprise class deployment for GeoServer and GeoWebcache Optimizing perform...
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
 
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime RipardKernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
Kernel Recipes 2017 - An introduction to the Linux DRM subsystem - Maxime Ripard
 
데이터공유 농축산식품-GS1적용(김대영)
데이터공유 농축산식품-GS1적용(김대영)데이터공유 농축산식품-GS1적용(김대영)
데이터공유 농축산식품-GS1적용(김대영)
 
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
Raster data in GeoServer and GeoTools: Achievements, issues and future devel...
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
오픈소스 GIS의 이해 - OSgeo Projects 중심
오픈소스 GIS의 이해 - OSgeo Projects 중심오픈소스 GIS의 이해 - OSgeo Projects 중심
오픈소스 GIS의 이해 - OSgeo Projects 중심
 
GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서GeoServer 2.4.x 한국어 사용자 지침서
GeoServer 2.4.x 한국어 사용자 지침서
 
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기
지리정보체계(GIS) - [1] GIS 데이터 유형, 구조 알기
 
I Didn't Know You Could Do That with zOS.pdf
I Didn't Know You Could Do That with zOS.pdfI Didn't Know You Could Do That with zOS.pdf
I Didn't Know You Could Do That with zOS.pdf
 
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal
게임엔진과 공간정보 3D 콘텐츠 융합 : Cesium for Unreal
 
Building Enterprise SDI with Geonode
Building Enterprise SDI with GeonodeBuilding Enterprise SDI with Geonode
Building Enterprise SDI with Geonode
 
Scaling WebRTC applications with Janus
Scaling WebRTC applications with JanusScaling WebRTC applications with Janus
Scaling WebRTC applications with Janus
 
Embeddings! embeddings everywhere!
Embeddings! embeddings everywhere!Embeddings! embeddings everywhere!
Embeddings! embeddings everywhere!
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!
 
eBPF/XDP
eBPF/XDP eBPF/XDP
eBPF/XDP
 
USENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame GraphsUSENIX ATC 2017: Visualizing Performance with Flame Graphs
USENIX ATC 2017: Visualizing Performance with Flame Graphs
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLab
 

En vedette

GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoSolutions
 
GeoServer, The Open Source Solution for the interoperable management of geo...
GeoServer, The Open Source Solution for the interoperable management of geo...GeoServer, The Open Source Solution for the interoperable management of geo...
GeoServer, The Open Source Solution for the interoperable management of geo...GeoSolutions
 
GeoServer presentation @ Italian GFOSS day 2008
GeoServer presentation @ Italian GFOSS day 2008GeoServer presentation @ Italian GFOSS day 2008
GeoServer presentation @ Italian GFOSS day 2008GeoSolutions
 
SIG Libre 2013 Girona. Cuso Online de SIG y Cooperación
SIG Libre 2013 Girona. Cuso Online de SIG y CooperaciónSIG Libre 2013 Girona. Cuso Online de SIG y Cooperación
SIG Libre 2013 Girona. Cuso Online de SIG y CooperaciónFrancisco Puga
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015GeoSolutions
 
GeoServer on steroids
GeoServer on steroidsGeoServer on steroids
GeoServer on steroidsGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoSolutions
 
How to perform trouble shooting based on counters
How to perform trouble shooting based on countersHow to perform trouble shooting based on counters
How to perform trouble shooting based on countersAbdul Muin
 
State of GeoServer, GeoTools and Friends 2014
State of GeoServer, GeoTools and Friends 2014State of GeoServer, GeoTools and Friends 2014
State of GeoServer, GeoTools and Friends 2014Jody Garnett
 

En vedette (12)

GeoServer beginners gwf_2015
GeoServer beginners gwf_2015GeoServer beginners gwf_2015
GeoServer beginners gwf_2015
 
GeoServer, The Open Source Solution for the interoperable management of geo...
GeoServer, The Open Source Solution for the interoperable management of geo...GeoServer, The Open Source Solution for the interoperable management of geo...
GeoServer, The Open Source Solution for the interoperable management of geo...
 
GeoServer presentation @ Italian GFOSS day 2008
GeoServer presentation @ Italian GFOSS day 2008GeoServer presentation @ Italian GFOSS day 2008
GeoServer presentation @ Italian GFOSS day 2008
 
SIG Libre 2013 Girona. Cuso Online de SIG y Cooperación
SIG Libre 2013 Girona. Cuso Online de SIG y CooperaciónSIG Libre 2013 Girona. Cuso Online de SIG y Cooperación
SIG Libre 2013 Girona. Cuso Online de SIG y Cooperación
 
Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015Mapping the world beyond web mercator - FOSS4G 2015
Mapping the world beyond web mercator - FOSS4G 2015
 
GeoServer on steroids
GeoServer on steroidsGeoServer on steroids
GeoServer on steroids
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer an introduction for beginners
GeoServer an introduction for beginnersGeoServer an introduction for beginners
GeoServer an introduction for beginners
 
How to perform trouble shooting based on counters
How to perform trouble shooting based on countersHow to perform trouble shooting based on counters
How to perform trouble shooting based on counters
 
Umts Kpi
Umts KpiUmts Kpi
Umts Kpi
 
State of GeoServer, GeoTools and Friends 2014
State of GeoServer, GeoTools and Friends 2014State of GeoServer, GeoTools and Friends 2014
State of GeoServer, GeoTools and Friends 2014
 
Channel element
Channel elementChannel element
Channel element
 

Similaire à Advanced Security with GeoServer - FOSS4G 2015

Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServerGeoSolutions
 
Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceGeoSolutions
 
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017GeoSolutions
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoSolutions
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoSolutions
 
OSGi Overview TomTom DevDay May 2009
OSGi Overview TomTom DevDay May 2009OSGi Overview TomTom DevDay May 2009
OSGi Overview TomTom DevDay May 2009Toralf Richter
 
Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...
Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...
Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...mfrancis
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework riround
 
NextGEOSS Webinar - Cloud APIs
NextGEOSS Webinar - Cloud APIsNextGEOSS Webinar - Cloud APIs
NextGEOSS Webinar - Cloud APIsterradue
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoSolutions
 
OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...
OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...
OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...IndicThreads
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...GeoSolutions
 
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...smespire
 
OSGi DevCon 2009 Review
OSGi DevCon 2009 ReviewOSGi DevCon 2009 Review
OSGi DevCon 2009 Reviewnjbartlett
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Julie Allinson
 
Osgi Webinar
Osgi WebinarOsgi Webinar
Osgi WebinarWSO2
 

Similaire à Advanced Security with GeoServer - FOSS4G 2015 (20)

Advanced Security With GeoServer
Advanced Security With GeoServerAdvanced Security With GeoServer
Advanced Security With GeoServer
 
Advanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFenceAdvanced GeoServer Security with GeoFence
Advanced GeoServer Security with GeoFence
 
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
Mastering Security with GeoServer and GeoFence - FOSS4G EU 2017
 
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
GeoServer for Spatio-temporal Data Handling With Examples For MetOc And Remot...
 
GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...GeoNetwork, The Open Source Solution for the interoperable management of ge...
GeoNetwork, The Open Source Solution for the interoperable management of ge...
 
OSGi Overview TomTom DevDay May 2009
OSGi Overview TomTom DevDay May 2009OSGi Overview TomTom DevDay May 2009
OSGi Overview TomTom DevDay May 2009
 
Dog2 0
Dog2 0Dog2 0
Dog2 0
 
Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...
Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...
Technical Specification Overview - OSGi World Congress 2002 Workshop Intro - ...
 
Catania Science Gateway Framework
Catania Science Gateway Framework Catania Science Gateway Framework
Catania Science Gateway Framework
 
Sword Crig 2007 12 06
Sword Crig 2007 12 06Sword Crig 2007 12 06
Sword Crig 2007 12 06
 
NextGEOSS Webinar - Cloud APIs
NextGEOSS Webinar - Cloud APIsNextGEOSS Webinar - Cloud APIs
NextGEOSS Webinar - Cloud APIs
 
GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...GeoServer The Open Source Solution for the interoperable management of geos...
GeoServer The Open Source Solution for the interoperable management of geos...
 
OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...
OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...
OSGi For Java Infrastructures [5th IndicThreads Conference On Java 2010, Pune...
 
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
Raster Data In GeoServer and GeoTools: Achievements, Issues And Future Develo...
 
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
Taming OpenData and INSPIRE challenges with Open Source: lessons learned and ...
 
OSGi DevCon 2009 Review
OSGi DevCon 2009 ReviewOSGi DevCon 2009 Review
OSGi DevCon 2009 Review
 
GENIVI + OCF Cooperation
GENIVI + OCF CooperationGENIVI + OCF Cooperation
GENIVI + OCF Cooperation
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Sword Cetis 2007 06 29
Sword Cetis 2007 06 29Sword Cetis 2007 06 29
Sword Cetis 2007 06 29
 
Osgi Webinar
Osgi WebinarOsgi Webinar
Osgi Webinar
 

Plus de GeoSolutions

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The StoryGeoSolutions
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNodeGeoSolutions
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...GeoSolutions
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZYGeoSolutions
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12GeoSolutions
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactGeoSolutions
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016GeoSolutions
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerGeoSolutions
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingGeoSolutions
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04GeoSolutions
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015GeoSolutions
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCGeoSolutions
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoSolutions
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoSolutions
 

Plus de GeoSolutions (15)

MapStore 2 - The Story
MapStore 2 - The StoryMapStore 2 - The Story
MapStore 2 - The Story
 
Introduction to GeoNode
Introduction to GeoNodeIntroduction to GeoNode
Introduction to GeoNode
 
Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...Serving earth observation data with GeoServer: addressing real world requirem...
Serving earth observation data with GeoServer: addressing real world requirem...
 
GeoServer Feature FRENZY
GeoServer Feature FRENZYGeoServer Feature FRENZY
GeoServer Feature FRENZY
 
State of GeoServer 2.12
State of GeoServer 2.12State of GeoServer 2.12
State of GeoServer 2.12
 
MapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and ReactMapStore 2, modern mashups with OL3, Leaflet and React
MapStore 2, modern mashups with OL3, Leaflet and React
 
State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016State of GeoServer - FOSS4G 2016
State of GeoServer - FOSS4G 2016
 
Advanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServerAdvanced Cartographic Map Rendering in GeoServer
Advanced Cartographic Map Rendering in GeoServer
 
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote SensingSpatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
Spatio-temporal Data Handling With GeoServer for MetOc And Remote Sensing
 
GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015GeoSolutions Keynote at WebMGS 2015
GeoSolutions Keynote at WebMGS 2015
 
Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04Geosolutions gwf-2015-v01.04
Geosolutions gwf-2015-v01.04
 
Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015Geoserver introduction, GeoBusiness 2015
Geoserver introduction, GeoBusiness 2015
 
Introduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGCIntroduzione a GeoServer ed ai servizi OGC
Introduzione a GeoServer ed ai servizi OGC
 
GeoServer, an introduction for beginners
GeoServer, an introduction for beginnersGeoServer, an introduction for beginners
GeoServer, an introduction for beginners
 
GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014GeoServer on Steroids at FOSS4G Europe 2014
GeoServer on Steroids at FOSS4G Europe 2014
 

Dernier

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Advanced Security with GeoServer - FOSS4G 2015

  • 1. Advanced Security With GeoServer Ing. Mauro Bartolomeoli Ing. Emanuele Tajariol Ing. Simone Giannecchini GeoSolutions
  • 2. GeoSolutions  Founded in Italy in late 2006  Expertise • Image Processing, GeoSpatial Data Fusion • Java, Java Enterprise, C++, Python • JPEG2000, JPIP, Advanced 2D visualization  Supporting/Developing FOSS4G projects  GeoServer, MapStore  GeoNetwork, GeoNode, Ckan  Clients  Public Agencies  Private Companies  http://www.geo-solutions.it FOSS4G 2015, Seoul 14th-19th September 2015
  • 3. Overview FOSS4G 2015, Seoul 14th-19th September 2015  GeoServer security handles  Authentication (filtering and credential checks)  Authorization (resource access managers)
  • 5. The filter chains FOSS4G 2015, Seoul 14th-19th September 2015  Different chains for different URL groups  Each chain authenticates in a different way by composigin different filters
  • 6.  UI chain, with form, HTTP session (creation allowed), and remember me services  OGC one, lighter, will use session if available, no creation Different usage, different chain FOSS4G 2015, Seoul 14th-19th September 2015
  • 7. Available auth filters FOSS4G 2015, Seoul 14th-19th September 2015  Gathering user credentials (and eventually invoking authentication providers chain)  Basic  Form  Digest  Anonymous (always the last)  Preauthentication (and eventually load user details from user/group and/or role service)  Session  HTTP Header  X.509  Remember Me  J2EE  Easy to implement and plug new filters  Missing: authenticate from environment variables (e.g. Shibboleth SSO)
  • 8. Authentication providers FOSS4G 2015, Seoul 14th-19th September 2015  Given credentials pulled from the filters, who is the user? Search in user/group database Auth as a LDAP user Auth as a DBMS user XML DBMS tables Authentication providers User/Group service Pluggable
  • 9. Role providers FOSS4G 2015, Seoul 14th-19th September 2015  Given the user, what are her roles in GeoServer?  Fundamental, authorization is role based  Extensible, new providers can be built LDAP DBMS XMLDBMS tables
  • 10. Extensions FOSS4G 2015, Seoul 14th-19th September 2015  CAS (https://www.apereo.org/cas): Single Sign On integration  Authkey: simple UUID to user mapper  Simple key in the URL (must use HTTPS)  Allows authentication unware clients to participate  Pluggable: possibility to define custom mappers (e.g. webservices)  URLMangler to add authkey to OGC request transparently (via GetCapabilities)
  • 12. Authorization FOSS4G 2015, Seoul 14th-19th September 2015  Given the user and her roles  Can the current «action» on the current «resource» be allowed?  Action:  Generic read/write  Specific OGC service/method call  Resource  Workspace  Layer  Layer Group  Style
  • 13. ResourceAccessManager FOSS4G 2015, Seoul 14th-19th September 2015  Pluggable interface, multiple implementations  Define AccessLimits for the various Catalog Resources (Workspace, Layer, Style, LayerGroup)  Can access the current request (service/method/details)  Allows for fine grained limits  Attributes visible  Read filters (which features can be read)  Write filters (which features can be written)  Filters:  Alphanumeric  Temporal  Spatial
  • 14. Implementations FOSS4G 2015, Seoul 14th-19th September 2015  Default security subsystem  Simple per workspace/layer authentication  GeoFence  External application (*)  Full use of ResourceAccessManager abilities  Other custom implementations  Integrate with existing in-house authorization mechanism  Quite popular in large enterprise setup
  • 16. GeoFence FOSS4G 2015, Seoul 14th-19th September 2015  Extended A&A for GeoServer  Optional Authentication, Sophisticated authorization  Open Source, GPL https://github.com/geoserver/geofence
  • 18. Stand alone User interface FOSS4G 2015, Seoul 14th-19th September 2015
  • 19. User management FOSS4G 2015, Seoul 14th-19th September 2015
  • 20. GeoFence rules FOSS4G 2015, Seoul 14th-19th September 2015  Authorizations are expressed as a priority-based rule set  Type of Rules are ALLOW/DENY/LIMIT  The first matching rule is the one that determines the outcome of the auth request
  • 21. GeoFence rules matching FOSS4G 2015, Seoul 14th-19th September 2015  Rules are matched based on:  Username  Group the provided user belongs to  GeoServer Instance (single GeoFence  multiple GS clusters)  OGC Service (e.g., WMS)  OGC Service Operation (e.g., GetFeatureInfo)  Workspace (E.g. it.geosolutions)  Layer name (E.g. topp:states)
  • 22. Example FOSS4G 2015, Seoul 14th-19th September 2015 Example  Let’s assume we have configured these rules :  User: u1, Service:WMS, Workspace=W1,ALLOW  User: u1, DENY  These rules will grant access for user u1 to  all the layers in worspace W1  only for WMS request  All other types of request will be DENIED.
  • 23. Restrictions (LIMIT rules) FOSS4G 2015, Seoul 14th-19th September 2015  When an ALLOW rule is matched, the user will have access to the requested resource:   Restrictions on available area   Restrictions on alphanumeric conditions
  • 24. Restrictions (LIMIT rules) FOSS4G 2015, Seoul 14th-19th September 2015   Restrictions on available attributes
  • 25. Stand-alone GeoFence FOSS4G 2015, Seoul 14th-19th September 2015  The GeoFence ResourceAccessManager (Geofence Probe) calls GeoFence REST services.  A cache is setup to minimize network traffic  A cache can be configured on different aspects: number of entries, expiration time  The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to  Invalidate the cache  Query the cache statistics
  • 26. GeoFence REST API FOSS4G 2015, Seoul 14th-19th September 2015  REST interface for administration  automation  Complete CRUD access to the various entities managed by GeoFence:  Users and groups  GeoServer instances  Rules  Paging support  Priority ordering in rules is fundamental: different ways to insert and set a position for the new rules.  Batch mode, backup and restore available  See details at: https://github.com/geosolutions-it/geofence/wiki/REST-API
  • 27. GeoFence direct integration FOSS4G 2015, Seoul 14th-19th September 2015
  • 28. GeoFence integration FOSS4G 2015, Seoul 14th-19th September 2015  Simple setups demand simple solution  Have GeoFence run inside GeoServer  Integration similar to GWC one, runs like a plugin GeoServer GeoWebCache GeoFence Rules DB
  • 29. Baby steps FOSS4G 2015, Seoul 14th-19th September 2015  Born as a more future-proof alternative to improving the internal security subsystem  Community module, available via nightly builds  Delivers a subset of the full functionality: access/deny based on mix of user/layer/workspace/request  Integrated UI
  • 30. Baby steps FOSS4G 2015, Seoul 14th-19th September 2015  Born as a more future-proof alternative to improving the internal security subsystem  Community module, available via nightly builds  Delivers a subset of the full functionality: access/deny based on mix of user/layer/workspace/request  Integrated UI
  • 31. General Configuration FOSS4G 2015, Seoul 14th-19th September 2015
  • 32. General Configuration (continued) FOSS4G 2015, Seoul 14th-19th September 2015
  • 33. Creating rules FOSS4G 2015, Seoul 14th-19th September 2015
  • 34. Rules list FOSS4G 2015, Seoul 14th-19th September 2015
  • 35. Example 1 FOSS4G 2015, Seoul 14th-19th September 2015
  • 36. Example 1 – layer preview FOSS4G 2015, Seoul 14th-19th September 2015
  • 37. Example 2 FOSS4G 2015, Seoul 14th-19th September 2015
  • 38. Example 2 – layer preview FOSS4G 2015, Seoul 14th-19th September 2015
  • 39. TODO FOSS4G 2015, Seoul 14th-19th September 2015  Allow to edit LIMIT rules  Force default style  Limit attributes  Filter contents  Limit by area  Control writes at the rule level  Better/Easier way to re-order rules  Configuration of external database (now using embedded H2 in data dir, not cluster friendly)  Migrate old security system rules to GeoFence as possible
  • 40. That’s all folks! Questions? info@geo-solutions.it FOSS4G 2015, Seoul 14th-19th September 2015