[Geoserver-devel] Developing custom datastore secured with OpenID Connect

Hello geoserver developers,

I'm writing to this list, because I need help with geoserver :wink: We have
an REST-Endpoind secured with OpenID Connect (keycloak) which is
delivering spatial data. A new requirement is to expose this data as an
WMS-Service. Since geoserver is supporting OpenID Connect I would like
to know if and how to implement a datastore for geoserver which collects
the data from our REST-Endpoint and uses an OpenID Connect bearer token
for authorization.

If, especially for the authorization part, modifications to geoserver
are needed we might be able to sponsor develop them, so they will get
part of geoserver.

Best wishes

Daniel Nordhoff-Vergien

Hi Daniel.

Here some (super reduced) steps we could follow to create our custom Geotools/Geoserver Datastore.

Naturally before proceeding we’ll need to create a jar module, its name(example gt-myrest), its dependencies(see pom.xml examples on gt-shapefile).

First thing we need is create your new DataStore main class implementing Geotools’ DataStore interface and probably extending org.geotools.data.store.ContentDataStore class.
For this we can read multiple good classes as examples:

org.geotools.data.property.PropertyDataStore
org.geotools.data.shapefile.ShapefileDataStore

Then we will need to implement some Datastore dependent interfaces as:

FeatureSource
FeatureReader
FeatureWriter

Since rest endpoint data types and schemas have a defined structure, we could need to generate its SimpleFeatureType and SimpleFeature on parsing from reading endpoint.
If rest endpoint (and data parsing) is slow or medium/big size, we could need to use some caching strategy for having better performance on navigating WMS/WFS services (and filtering).

The OpenID connect authentication propagation would need some investigation and testing, In this part some Geoserver side coding could be needed.

Finally we’ll implement DataStoreFactorySpi interface and create its entry on META-INF/services, since Geotools/Geoserver datastores are registered in this way as plugins.

Feel free to make any specific question you have here in ML, and if you are able to sponsor some Geoserver development of course it’s welcome, please see:

http://geoserver.org/support/

Regards,

Fernando Mino

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.

==

Fernando Mino

Software Engineer

GeoSolutions S.A.S.

Via di Montramito 3/A

55054 Massarosa (LU)

Italy

phone: +39 0584 962313

fax: +39 0584 1660272

http://www.geo-solutions.it

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.




From “Daniel Nordhoff-Vergien” dve@anonymised.com
To “Geoserver-devel” geoserver-devel@anonymised.come.net
Cc
Date Fri, 22 Feb 2019 20:51:41 +0100
Subject [Geoserver-devel] Developing custom datastore secured with OpenID Connect


Hello geoserver developers,

I’m writing to this list, because I need help with geoserver :wink: We have
an REST-Endpoind secured with OpenID Connect (keycloak) which is
delivering spatial data. A new requirement is to expose this data as an
WMS-Service. Since geoserver is supporting OpenID Connect I would like
to know if and how to implement a datastore for geoserver which collects
the data from our REST-Endpoint and uses an OpenID Connect bearer token
for authorization.

If, especially for the authorization part, modifications to geoserver
are needed we might be able to sponsor develop them, so they will get
part of geoserver.

Best wishes

Daniel Nordhoff-Vergien


_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel