Using geoserver 2.7.2 and matching geofence…

We have requirements where some user groups have the ability to execute insert/update transactions and others are limited to update-only.

In the geofence GUI I can configure a rule to block WFS TRANSACTION as a whole. This would be exactly what we need if I could block insert/delete while allowing update.

Can anybody offer insight into how this might be accomplished?

On Thu, Oct 1, 2015 at 2:39 PM, Walter Stovall <walter.stovall@anonymised.com>
wrote:

Using geoserver 2.7.2 and matching geofence…

We have requirements where some user groups have the ability to execute
insert/update transactions and others are limited to update-only.

In the geofence GUI I can configure a rule to block WFS TRANSACTION as a
whole. This would be exactly what we need if I could block insert/delete
while allowing update.

Can anybody offer insight into how this might be accomplished?

There is no way to configure this as of today. The source code is there, so
if you are interested, it can be done (either extending
the security subsystem, or writing a DispatcherCallback, or a
TransactionListener). But yeah, it requires development.

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

I’m interested in studying the custom programing required for this. If anybody out there knows their way around the geofence code and might comment a bit on how to do this that would be very helpful!

This is what I have in mind functionally…

I’d like to add some methods to the Request pull-down when the user builds/edits a rule. The methods I add to the list are Insert, Update, Delete. Transaction stays in the list and behaves like it does now. But if the user picks Insert for example, the rule will Allow/Deny only if the incoming request is an Insert Transaction.

So at a minimum I would want to modify the GUI to change the picklist. Where would I go to do that?

Then the entries I make there need to be saved into the persistent store for the rules. Is there anything to do there or will that just fall into place because there’s already a place to put a method name and we’re just changing the value stored there?

Then when the rules are tested against incoming geoserver requests, I would need to customize that to recognize that Insert is a subset of Transaction and make that check. What code gets modified to do that?

It would seem that custom geofence code is all that’s required – not geoserver. Is that correct?

Thanks - Walter