[Geoserver-users] Making calls to GeoServer REST api from web app?

Hi all,

I’m building a web map that collects some simple GeoJSON from user-drawn polygons and I’m trying to devise a method to send out and store that data. Would it be a bad idea to use GeoServer’s REST api to push an entry to a database, or would this possibly expose a security vulnerability? Is there a way to configure an authentication filter to only allow a user write access to a database table (via html form), and forbid any other CRUD operations? Unfortunately, I’m forced to build everything using front-end tech, so I’m trying to find a solution using Javascript/AJAX. Thank you all very much.

Best,
Todd

Hi Todd

Saving feature data to GeoServer is exactly the sort of thing WFS-T is intended for - see here for details.
Combining this with GeoServer’s standard security model should allow you to update database records in a secure fashion.

Also note that the GoeServer REST api does not provide any way of accessing or modifying database records.

Torben

···

On Tue, Jun 5, 2018 at 12:44 PM, Todd Jacobus <tj@anonymised.com> wrote:

Hi all,

I’m building a web map that collects some simple GeoJSON from user-drawn polygons and I’m trying to devise a method to send out and store that data. Would it be a bad idea to use GeoServer’s REST api to push an entry to a database, or would this possibly expose a security vulnerability? Is there a way to configure an authentication filter to only allow a user write access to a database table (via html form), and forbid any other CRUD operations? Unfortunately, I’m forced to build everything using front-end tech, so I’m trying to find a solution using Javascript/AJAX. Thank you all very much.

Best,
Todd


Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:

If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer

Geoserver-users@anonymised.com.382…sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Hi Torben,

Thank you very much for your reply! WFS-T was not known to me, but seems exactly what I’m looking for. Much appreciated!

Todd

···

On Tue, Jun 5, 2018 at 2:48 PM, Torben Barsballe <tbarsballe@anonymised.com> wrote:

Hi Todd

Saving feature data to GeoServer is exactly the sort of thing WFS-T is intended for - see here for details.
Combining this with GeoServer’s standard security model should allow you to update database records in a secure fashion.

Also note that the GoeServer REST api does not provide any way of accessing or modifying database records.

Torben

On Tue, Jun 5, 2018 at 12:44 PM, Todd Jacobus <tj@anonymised.com814…> wrote:

Hi all,

I’m building a web map that collects some simple GeoJSON from user-drawn polygons and I’m trying to devise a method to send out and store that data. Would it be a bad idea to use GeoServer’s REST api to push an entry to a database, or would this possibly expose a security vulnerability? Is there a way to configure an authentication filter to only allow a user write access to a database table (via html form), and forbid any other CRUD operations? Unfortunately, I’m forced to build everything using front-end tech, so I’m trying to find a solution using Javascript/AJAX. Thank you all very much.

Best,
Todd


Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:

If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer

Geoserver-users@anonymised.comrge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users