Hi all,
not sure this is the right place to ask for GeoFence but let me try.

So I’m running multiple geserver in cluster: all having a separate replica of the data+datadir but connected to the same database via a connection pool configured in tomcat (one Database for each cluster).

The loadbalancer is rotating through the Geoserver and the session is not shared for the moment.

I’ve several of clusters like these and all are meant to be used as read only, update is performed rolling/updating the snapshot of the disks (automatically by the cloud manager with no downtime).

The clusters have an external Master Geoserver (one for each cluster) used as model for the snapshots, so ANY write operation will be performed over those instances and the cluster will be lazily updated later (pull).

Now I’m starting looking at GeoFence to manage the authentications and to grant permissions over layers for any write operation over Master instances (multiple customers) and for any read operation over the clusters…

In our scenario users can be managed across different cluster so I’ve to centralize the user management (federated identity provider) and possibly permissions.

Few initial questions about geofence:

• To simplify the infrastructure I’m wondering if it is possible to install it as embedded plugin server sharing the GeoFenceDataSource configuration over a single postgis DB (shared across one or more clusters and the relatives Masters instances)?

• Is GeoFence able to limit access to the Geoserver’s REST api to grant permissions to create resources via REST (f.e. w/ GeoCatBridge) this is something that I’m currently doing with rest.properties but I’d like to make it configurable via GUI.

• is geofence really multitenant: supporting mutiple domains and paths (not just by workspace)

• If it’s not possible to share the database, how to clusterize an embedded/standalone geofence server?

• looking here I see it’s possible to point to a database with an internal jdbc connection pool, is it possible to use an external (defined in tomcat) jdbc connection pool configuring geofence datasource via jndi? (any example is really appreciated)

Thank you so much for any hint to address this new challenge.

Regards,
C.

Dear List,
maybe it was to complex, let me simplify:

How I can administer security/rest.properties via UI?
F.e.: Is GeoFence able to limit access to the Geoserver’s REST api, granting permissions to create resources (workspaces,stores,layers) via REST ?

How did you manage that dynamically (at runtime)?

Regards,
C.

Ciao Carlo,
please, read below…

Dear List,
maybe it was to complex, let me simplify:

How I can administer security/rest.properties via UI?
F.e.: Is GeoFence able to limit access to the Geoserver’s REST api, granting permissions to create resources (workspaces,stores,layers) via REST ?

No, GeoFence is for OGC Services.

How did you manage that dynamically (at runtime)?

I think you simply cannot at the moment.

Regards,
C.

Hi all,
not sure this is the right place to ask for GeoFence but let me try.

So I’m running multiple geserver in cluster: all having a separate replica of the data+datadir but connected to the same database via a connection pool configured in tomcat (one Database for each cluster).

The loadbalancer is rotating through the Geoserver and the session is not shared for the moment.

I’ve several of clusters like these and all are meant to be used as read only, update is performed rolling/updating the snapshot of the disks (automatically by the cloud manager with no downtime).

The clusters have an external Master Geoserver (one for each cluster) used as model for the snapshots, so ANY write operation will be performed over those instances and the cluster will be lazily updated later (pull).

Now I’m starting looking at GeoFence to manage the authentications and to grant permissions over layers for any write operation over Master instances (multiple customers) and for any read operation over the clusters…

In our scenario users can be managed across different cluster so I’ve to centralize the user management (federated identity provider) and possibly permissions.

Few initial questions about geofence:

• To simplify the infrastructure I’m wondering if it is possible to install it as embedded plugin server sharing the GeoFenceDataSource configuration over a single postgis DB (shared across one or more clusters and the relatives Masters instances)?

• Is GeoFence able to limit access to the Geoserver’s REST api to grant permissions to create resources via REST (f.e. w/ GeoCatBridge) this is something that I’m currently doing with rest.properties but I’d like to make it configurable via GUI.

• is geofence really multitenant: supporting mutiple domains and paths (not just by workspace)

• If it’s not possible to share the database, how to clusterize an embedded/standalone geofence server?

• looking here I see it’s possible to point to a database with an internal jdbc connection pool, is it possible to use an external (defined in tomcat) jdbc connection pool configuring geofence datasource via jndi? (any example is really appreciated)

Thank you so much for any hint to address this new challenge.

Regards,
C.

–

Mr. Carlo Cancellieri
skype: ccancellieri
Twitter: @cancellieric
LinkedIn: http://it.linkedin.com/in/ccancellieri/

–

Mr. Carlo Cancellieri
skype: ccancellieri
Twitter: @cancellieric
LinkedIn: http://it.linkedin.com/in/ccancellieri/

---

Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:

• Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
• The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer

Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users