Advanced GeoServer Security with GeoFence
4 likes8,559 views
The document discusses advanced security features for Geoserver using Geofence, highlighting its open-source authentication and authorization capabilities. It explains the architecture of Geofence, including its integration with Geoserver, role-based access control, and fine-grain authorization management. Additionally, it outlines the use cases, REST interface, and support for LDAP, emphasizing the project's open-source status and continuous improvement efforts.
Advanced GeoServer Security with GeoFence
- 1. Advanced GeoServer Security With GeoFence Ing. Emanuele Tajariol, GeoSolutions Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions FOSS4G 2013, Nottingham 20th September 2013
- 2. GeoSolutions Founded in Italy in late 2006 Expertise • • Java, Java Enterprise, C++, Python • Image Processing, GeoSpatial Data Fusion JPEG2000, JPIP, Advanced 2D visualization Supporting/Developing FOSS4G projects GeoServer, MapStore GeoBatch, GeoNetwork Clients Public Agencies Private Companies http://www.geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013
- 3. Meet GeoFence FOSS4G 2013, Nottingham 20th September 2013
- 4. GeoFence Extended A&A for GeoServer Authentication Open Source Optional Integrated with GeoServer authorization architecture GPL Code on GitHub Authorization Auth on data: e.g. layers, workspaces Auth on services: e.g. WMS, WFS FOSS4G 2013, Nottingham 20th September 2013
- 5. GeoFence Based on GSIP 57 Role Base Access Control Mixed Interceptor + Probe approach Extended authorization management for GeoServer External Rule-Based System GeoServer Internal Probe On-the-fly manipulation of incoming requests Users Groups Rule-based database IPTables-like FOSS4G 2013, Nottingham 20th September 2013
- 6. GeoFence Fine Grain Authorization Control External Web Application Services Operations Workspaces Layers Attributes (alphanumeric and geospatial) REST Interface GUI Scalable 1 GeoFence controls N GeoServer cluster FOSS4G 2013, Nottingham 20th September 2013
- 7. GeoFence Java Enterprise infrastructure Spring/Spring-Remoting Hibernate Apache CXF Supports DBMS PostgreSQL/PostGIS Oracle spatial H2 Performance ensured thanks to a fine-tunable cache FOSS4G 2013, Nottingham 20th September 2013
- 8. GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
- 9. GeoServer Security Model GeoServer offers extension points for Authentication (filtering and credential checks) Authorization (resource access managers) FOSS4G 2013, Nottingham 20th September 2013
- 10. GeoServer Security Model The GeoFence Authentication provider delegates credential checks to GeoFence The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine FOSS4G 2013, Nottingham 20th September 2013
- 11. GeoServer Security Model FOSS4G 2013, Nottingham 20th September 2013
- 12. Digging GeoFence FOSS4G 2013, Nottingham 20th September 2013
- 13. GeoFence Architecture Geofence Stack (again…) FOSS4G 2013, Nottingham 20th September 2013
- 14. GeoFence Architecture Modules and packages GUI core: GUI logic, implemented using GWT webapp: produces the final web application .war file Geoserver (GeoFence Probe) security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance FOSS4G 2013, Nottingham 20th September 2013
- 15. GeoFence Architecture The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer GeoServer instances in a cluster must share the same ClusterID (instance name) GeoFence uses the instance name to select rules The Probe queries GeoFence on each request* with proper info Instance name User Request Details GeoFence provide Access Policy rules to manipulate the request on the fly within the Probe FOSS4G 2013, Nottingham 20th September 2013
- 16. GeoFence Architecture The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence. The cache can be configured on different aspects: number of entries, expiration time The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to Invalidate the cache Query the cache statistics FOSS4G 2013, Nottingham 20th September 2013
- 17. GeoFence Rule System Authorizations are expressed as a priority-based rule set Type of Rules are ALLOW/DENY/LIMIT The first matching rule is the one that determines the outcome of the auth request Incoming authorization requests are transformed in a rule filter Filtering can be performed on one or more of these fields: Username Group the provided user belongs to FOSS4G 2013, Nottingham 20th September 2013
- 18. GeoFence Rule System Source geoserver instance We can control multiple GeoServer clusters OGC Service E.g. WMS OGC Service Operation E.g. GetCapabilities Workspace E.g. it.geosolutions Layer name E.g. topp:states FOSS4G 2013, Nottingham 20th September 2013
- 19. GeoFence Rule System Example Let’s assume we have configured these rules : These rules will grant access for user u1 to User: u1, Service:WMS, Workspace=W1,ALLOW User: u1, DENY all the layers in worspace W1 only for WMS request All other types of request will be DENIED. FOSS4G 2013, Nottingham 20th September 2013
- 20. GeoFence Rule System When an ALLOW rule is matched, the user will have access to the requested resource. Finer Grain Control on single layer rules further restrictions may be defined i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user Restrictions on visible Area Restrictions on Queryable Attributes Restrictions on Available Styles FOSS4G 2013, Nottingham 20th September 2013
- 21. GeoFence Rule System Examples Limiting users access to a subset of the attributes (R/W) a specific geographic area. a subset of the available styles (or the default style can be forced on all requets) A specific view of the data via a CQL filter For reading For writing (delete, create, update) FOSS4G 2013, Nottingham 20th September 2013
- 22. GeoFence Rule System FOSS4G 2013, Nottingham 20th September 2013
- 23. GeoFence REST Interface GeoFence provides a REST interface for administration Allows automation! It allows a complete CRUD access to the various entities managed by GeoFence: Users and groups GeoServer instances Rules The Find operation can be optionally paged a Count operation is provided as well to take advantage of the pagination capability. Priority ordering in rules is fundamental there are different ways to insert and set a position for the new rules. https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
- 24. GeoFence REST Interface The REST interface also provides a batch mode multiple CRUD commands can be issued at once The commands in the batch are processed in the same transaction Extremely important for automation! Backup and restore operations are provided as part of the REST interface as well REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API FOSS4G 2013, Nottingham 20th September 2013
- 25. GeoFence User Interface Top Categories Users Groups Instances Rules FOSS4G 2013, Nottingham 20th September 2013
- 26. GeoFence User Interface Users Groups Instances FOSS4G 2013, Nottingham 20th September 2013
- 27. GeoFence User Interface Rules Details Details FOSS4G 2013, Nottingham 20th September 2013
- 28. GeoFence and LDAP An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy LDAP can be configured through the datasource properties file When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY) LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module FOSS4G 2013, Nottingham 20th September 2013
- 29. GeoFence and Existing Auth Proxies External Auth Source GeoFence DB Users Groups LDAP UserDAO LDAP GroupDAO UserDAO GroupDAO RuleDAO Persistence GeoFence When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones FOSS4G 2013, Nottingham 20th September 2013
- 30. GeoFence Use Cases SIAN FOSS4G 2013, Nottingham 20th September 2013
- 31. GeoFence Use Cases MapManager GeoGraphic Building Block MapStore GeoFence GeoFence GeoStore JMX Agents FOSS4G 2013, Nottingham 20th September 2013 GeoServer
- 32. GeoFence Use Cases Astrium GetGeo FOSS4G 2013, Nottingham 20th September 2013
- 33. GeoFence Use Cases Destination Layers filtered (CQL filters) by user profile to constrain access to advanced functionality Possibility of spatial filters to allow regional access only FOSS4G 2013, Nottingham 20th September 2013
- 34. GeoFence Status Project Release as Open Source Continuous Build is in place Dev and Users Mailing Lists are in place Improvements Documentation Official Releases Integrated Build for testing and demoing UI Refactor FOSS4G 2013, Nottingham 20th September 2013
- 35. The End Thanks for not sleeping (loudly) alessio.fabiani@geo-solutions.it mauro.bartolomeoli@geo-solutions.it FOSS4G 2013, Nottingham 20th September 2013
- 36. GeoFence GeoFence Presentazione CUSTOM, Firenze 10 Maggio 2012