GeoFence REST API

Dear all,

Now that GeoFence for GeoServer no longer supports the graphical user interface, we should start using the REST API. However, the documentation on the Github page seems a bit incomplete and out of date. Does anybody know where one could find more info and examples on how to use the API? More specifically, we would need to set limits on the geographical extent of the data allowed for the user.

Thanks a lot,
Sam

I was not aware that geofence gui was removed? There is a fork called
GeoServer ACL you may consider (but I have no idea if it provides a ui).

The GeoServer user manual documents a ui;
https://docs.geoserver.org/latest/en/user/extensions/geofence/configuration.html

Is that incorrect?

For examples it may be a case of taking advantage of geofence being open
source, and checking test cases for example that work. And then sharing
what you lean by updating the github page.

The “geofence-server” plugin, that runs fully inside GeoServer, has a GUI
to edit rules,
see:

https://docs.geoserver.org/latest/en/user/extensions/geofence/configuration.html

I believe it’s true that the stand-alone version does not have a GUI any
longer, but
I don’t know about the details.

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit GeoSolutions Enterprise Support Services for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail

On Fri, Sep 6, 2024 at 9:08 AM Samuli Neuvonen via OSGeo Discourse <
noreply@discourse.osgeo.org> wrote:

asneuvon https://discourse.osgeo.org/u/asneuvon
September 6

Dear all,

Now that GeoFence for GeoServer no longer supports the graphical user
interface, we should start using the REST API. However, the documentation
on the Github page https://github.com/geoserver/geofence/wiki/REST-API
seems a bit incomplete and out of date. Does anybody know where one could
find more info and examples on how to use the API? More specifically, we
would need to set limits on the geographical extent of the data allowed for
the user.

Thanks a lot,
Sam

Visit Topic https://discourse.osgeo.org/t/geofence-rest-api/50864/1 or
reply to this email to respond.

To unsubscribe from these emails, click here
https://discourse.osgeo.org/email/unsubscribe/63aba794ade86b0f4f92bfc2c06f35b54319b11041bf7762f0d9a22b8ecf6c7d
.

Hi Sam,

yep, the wiki page is a bit old indeed, anyway the documentation about geolimits is there at REST API · geoserver/geofence Wiki · GitHub

<rule>
   ...
   <constraints>
      <restrictedAreaWkt>PUT YOUR WKT HERE</restrictedAreaWkt>
   ...

Please note anyway that that API is only related to the standalone version of GeoFence; when GeoFence is integrated within GeoServer (using the plugin geofence-server) the REST API has a different implementation (that does not follow the same structure :frowning: )
Anyway I guess you are using the standalone version, because the GUI has only been removed from there: the integrated version has a pretty good wicket interface.

Cheers,
Emanuele

Thanks a lot for the fast replies. I had completely missed the “restrictedAreaWkt”, that should do the trick.

Yes, we have been using the standalone version of GeoFence, since we have a simple cluster of GeoServers, all using the same GeoFence server for authentication/authorization. We have been wondering whether the plugin version of GeoFence would work also, if we point all of them to the same database…

AFAICS the rule editor inside GeoServer does not store the instance_id in the rule records. I guess it works this way because it assumes the running GeoServer is the only instance accessing the DB.
So the outcome will be:

  • if you just switch to embedded GeoFences using a centralized DB with your current rule set, it should work without problems because the current rules also include the instance_id, so each GeoServer instance will get its own set of rules
  • as soon as you create a new rule inside any GeoServer instance, it will be retrieved and evaluated by all the GeoServer instances (possibly/probably breaking their merged auth outcomes), since the new Rule will have a null instance id that will match any GeoServer instance name.

The changes in GeoServer to create rules completed with the instance_id should not be difficult, so if you are into the code a little you could try and provide a PR for that.

Cheers,
Emanuele