[Geoserver-users] Securing geoserver access

GeoServer GeoServer User
1

Hello,

I don't know if this is the proper place to ask, if I am wrong, plese give me an idea where to go...

I am working on a project where security is requested. For what I have seen, any request sent to Geoserver will be answered. Where and how can I put a filter on a request without recompiling geoserver ?

I am testing/developping with Jetty, but the production architecture might be different according to the customer(s) configuration (IIS, apache and so on).

I believe there should be a way to filter things between Jetty/Tomcat or others and Geoserver, but have no idea about it.

Thanks for any help/pointers.
--
Cordialement

Bernard Jousse (bjousse@anonymised.com)
06 77 15 69 44

2

Hi,

I know about two solutions which are puttin a secured proxy between client and standard WMS/WFS service. One comes from deegree, another from 52 North, if I remember right. Both are open source but have also connections to commercial supporter.

Regards,

-Jukka Rahkonen-

-----Original Message-----
From: geoserver-users-bounces@lists.sourceforge.net on behalf of Bernard Jousse
Sent: Tue 8.1.2008 0:07
To: geoserver-users@lists.sourceforge.net
Subject: [Geoserver-users] Securing geoserver access

Hello,

I don't know if this is the proper place to ask, if I am wrong, plese give me an idea where to go...

I am working on a project where security is requested. For what I have seen, any request sent to
Geoserver will be answered. Where and how can I put a filter on a request without recompiling
geoserver ?

I am testing/developping with Jetty, but the production architecture might be different according to
the customer(s) configuration (IIS, apache and so on).

I believe there should be a way to filter things between Jetty/Tomcat or others and Geoserver, but
have no idea about it.

Thanks for any help/pointers.
--
Cordialement

Bernard Jousse (bjousse@anonymised.com)
06 77 15 69 44

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

3

Note that GeoServer has also incorporated a powerful security framework, that is in 1.6.x. It will give you role based control over requests, at a potentially very fine grained level, more than an external proxy can. But it is not super well developed, the two solutions suggested below will probably get you up to speed quicker. http://docs.codehaus.org/display/GEOS/GSIP+16+-+Security+subsystem has more information.

Probably not quite what you need right now, but good for custom solutions with a bit of work.

Chris

Rahkonen Jukka wrote:

Hi,

I know about two solutions which are puttin a secured proxy between client and standard WMS/WFS service. One comes from deegree, another from 52 North, if I remember right. Both are open source but have also connections to commercial supporter.

Regards,

-Jukka Rahkonen-

-----Original Message-----
From: geoserver-users-bounces@lists.sourceforge.net on behalf of Bernard Jousse
Sent: Tue 8.1.2008 0:07
To: geoserver-users@lists.sourceforge.net
Subject: [Geoserver-users] Securing geoserver access
Hello,

I don't know if this is the proper place to ask, if I am wrong, plese give me an idea where to go...

I am working on a project where security is requested. For what I have seen, any request sent to Geoserver will be answered. Where and how can I put a filter on a request without recompiling geoserver ?

I am testing/developping with Jetty, but the production architecture might be different according to the customer(s) configuration (IIS, apache and so on).

I believe there should be a way to filter things between Jetty/Tomcat or others and Geoserver, but have no idea about it.

Thanks for any help/pointers.

4

Hi,

The current release candidate (1.6.0-RC2) of Geoserver includes a security
layer based on Acegi Security (http://acegisecurity.org). This allows you to
filter by service and (optionally) request; that is, you can create
username/password combinations and assign each a subset of Geoserver
functionality to access. I don't believe there's currently a UI for this
functionality, but you can configure it by manually editing the files
$GEOSERVER_DATA_DIR/security/users.properties and
$GEOSERVER_DATA_DIR/security/services.properties . These files contain some
documentation on how to edit them; you can just open them with your favorite
text editor.

For 1.5.x and earlier, I think you would need to use a secured proxy as has
already been mentioned.

Hope this helps,
David Winslow

On Monday 07 January 2008 17:07:23 Bernard Jousse wrote:

Hello,

I don't know if this is the proper place to ask, if I am wrong, plese give
me an idea where to go...

I am working on a project where security is requested. For what I have
seen, any request sent to Geoserver will be answered. Where and how can I
put a filter on a request without recompiling geoserver ?

I am testing/developping with Jetty, but the production architecture might
be different according to the customer(s) configuration (IIS, apache and so
on).

I believe there should be a way to filter things between Jetty/Tomcat or
others and Geoserver, but have no idea about it.

Thanks for any help/pointers.

5

Could you clarify what the ability to filter by request allows you to do?
Does it enable you to secure access to particular datastore, coveragestore,
featureType, and/or coverage?

- Tyler

David Winslow-3 wrote:

Hi,

The current release candidate (1.6.0-RC2) of Geoserver includes a security
layer based on Acegi Security (http://acegisecurity.org). This allows you
to
filter by service and (optionally) request; that is, you can create
username/password combinations and assign each a subset of Geoserver
functionality to access. I don't believe there's currently a UI for this
functionality, but you can configure it by manually editing the files
$GEOSERVER_DATA_DIR/security/users.properties and
$GEOSERVER_DATA_DIR/security/services.properties . These files contain
some
documentation on how to edit them; you can just open them with your
favorite
text editor.

For 1.5.x and earlier, I think you would need to use a secured proxy as
has
already been mentioned.

Hope this helps,
David Winslow

On Monday 07 January 2008 17:07:23 Bernard Jousse wrote:

Hello,

I don't know if this is the proper place to ask, if I am wrong, plese
give
me an idea where to go...

I am working on a project where security is requested. For what I have
seen, any request sent to Geoserver will be answered. Where and how can I
put a filter on a request without recompiling geoserver ?

I am testing/developping with Jetty, but the production architecture
might
be different according to the customer(s) configuration (IIS, apache and
so
on).

I believe there should be a way to filter things between Jetty/Tomcat or
others and Geoserver, but have no idea about it.

Thanks for any help/pointers.

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

--
View this message in context: http://www.nabble.com/Securing-geoserver-access-tp14677306p14696267.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

6

Tyler Erickson ha scritto:

Could you clarify what the ability to filter by request allows you to do? Does it enable you to secure access to particular datastore, coveragestore,
featureType, and/or coverage?

Nope, only on a request type level.
Securing the data level is something we want to do, but it's just one item among many we want to tackle so... I don't really know when that will be done.

It would be interesting to know your specific needs. Would you
need a datastore/feature type wise lock (all or nothing)? Or
are you looking the ability to perform partial data serving for
low privilege users (remove attribute, filter out features).
Cheers
Andrea

7

Another possible solution would be by setting a reverse proxy in front
of Geoserver. We are using this type of setup, mostly to secure the
administrative UI, but not to limit requests. In our reverse proxy,
only request such as http://mydomain.mysite/geoserver/wms and
http://mydomain.mysite/geoserver/wfs work, due to configuration of the
reverse proxy (in our case Apache 2.0). I would assume that using the
capabilities of mod_proxy with its regex features, you should be able
to do pretty much whatever you want. Another interesting possibility
is J2EP (http://j2ep.sourceforge.net/). I have not played around with
it , but it might do what you need, if you do not want to use a
seperate Apache server.

Anyway, just some random thoughts. Good luck.

On Jan 7, 2008 11:07 PM, Bernard Jousse <bjousse@anonymised.com> wrote:

Hello,

I don't know if this is the proper place to ask, if I am wrong, plese give me an idea where to go...

I am working on a project where security is requested. For what I have seen, any request sent to
Geoserver will be answered. Where and how can I put a filter on a request without recompiling
geoserver ?

I am testing/developping with Jetty, but the production architecture might be different according to
the customer(s) configuration (IIS, apache and so on).

I believe there should be a way to filter things between Jetty/Tomcat or others and Geoserver, but
have no idea about it.

Thanks for any help/pointers.
--
Cordialement

Bernard Jousse (bjousse@anonymised.com)
06 77 15 69 44

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

8

Thanks to all,

I guess I'll go for a reverse proxy.
Right now, I think the customers who want hight security will go for hhtps.
for the others, we will just filter all the requests against cookies +
database, I'll see to modify a revese proxy if I can't find one which does
that.

Rahkonen Jukka wrote:

Hi,

I know about two solutions which are puttin a secured proxy between client
and standard WMS/WFS service. One comes from deegree, another from 52
North, if I remember right. Both are open source but have also connections
to commercial supporter.

Regards,

-Jukka Rahkonen-

-----Original Message-----
From: geoserver-users-bounces@lists.sourceforge.net on behalf of Bernard
Jousse
Sent: Tue 8.1.2008 0:07
To: geoserver-users@lists.sourceforge.net
Subject: [Geoserver-users] Securing geoserver access

Hello,

I don't know if this is the proper place to ask, if I am wrong, plese give
me an idea where to go...

I am working on a project where security is requested. For what I have
seen, any request sent to
Geoserver will be answered. Where and how can I put a filter on a request
without recompiling
geoserver ?

I am testing/developping with Jetty, but the production architecture might
be different according to
the customer(s) configuration (IIS, apache and so on).

I believe there should be a way to filter things between Jetty/Tomcat or
others and Geoserver, but
have no idea about it.

Thanks for any help/pointers.
--
Cordialement

Bernard Jousse (bjousse@anonymised.com)
06 77 15 69 44

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

--
View this message in context: http://www.nabble.com/Securing-geoserver-access-tp14677306p14697816.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

9

Our current need is for an all-or-nothing lock, so protected featureTypes and
coverages are only accessible to authorized users. We would want even the
names of the protected featureTypes and coverages to be invisible to
non-authorized users.

- Tyler

aaime wrote:

Tyler Erickson ha scritto:

Could you clarify what the ability to filter by request allows you to do?
Does it enable you to secure access to particular datastore,
coveragestore,
featureType, and/or coverage?

Nope, only on a request type level.
Securing the data level is something we want to do, but it's just one
item among many we want to tackle so... I don't really know when that
will be done.

It would be interesting to know your specific needs. Would you
need a datastore/feature type wise lock (all or nothing)? Or
are you looking the ability to perform partial data serving for
low privilege users (remove attribute, filter out features).
Cheers
Andrea

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

--
View this message in context: http://www.nabble.com/Securing-geoserver-access-tp14677306p14697818.html
Sent from the GeoServer - User mailing list archive at Nabble.com.

10

Tyler Erickson ha scritto:

Our current need is for an all-or-nothing lock, so protected featureTypes and
coverages are only accessible to authorized users. We would want even the
names of the protected featureTypes and coverages to be invisible to
non-authorized users.

Hum, that could be achieved by adding another property file and
wrapping the GeoServer internal catalog so that only what a user
is allowed to see is reported to the upper levels (so that if you
ask for something that you're not supposed to see, geoserver
will really think it's not there).

The property file could be something like a list of:
<namespace>.<featureType>.<mode>=<role1>,<role2>

where role could be r, w or rw (read, write, read/write). Or even
simpler for your case:
<namespace>.<featureType>=<role1>,<role2>

(i.e., if you dont' have one of the specified role, you don't
even see the feature type).

Do you have any java experience, can you code it yourself using some
assistance from us? Or else, if you're in a hurry, I guess you
could contract someone to do it for you? As I said, we have some
data security in our plans, but not in our immediate plans (it
may take months before we do anything on that side).

Cheers
Andrea

11

Unfortunately, I don't have java coding experience, so I can't help out in that way.
But I'm not in a great hurry, either, so I'll be patient...
Thanks,
Tyler

Andrea Aime wrote:

Tyler Erickson ha scritto:

Our current need is for an all-or-nothing lock, so protected featureTypes and
coverages are only accessible to authorized users. We would want even the
names of the protected featureTypes and coverages to be invisible to
non-authorized users.

Hum, that could be achieved by adding another property file and
wrapping the GeoServer internal catalog so that only what a user
is allowed to see is reported to the upper levels (so that if you
ask for something that you're not supposed to see, geoserver
will really think it's not there).

The property file could be something like a list of:
<namespace>.<featureType>.<mode>=<role1>,<role2>

where role could be r, w or rw (read, write, read/write). Or even
simpler for your case:
<namespace>.<featureType>=<role1>,<role2>

(i.e., if you dont' have one of the specified role, you don't
even see the feature type).

Do you have any java experience, can you code it yourself using some
assistance from us? Or else, if you're in a hurry, I guess you
could contract someone to do it for you? As I said, we have some
data security in our plans, but not in our immediate plans (it
may take months before we do anything on that side).

Cheers
Andrea

--
Tyler A. Erickson, Ph.D.
Research Scientist
Michigan Tech Research Institute
3600 Green Court, Suite 100
Ann Arbor, MI 48105
tyler.erickson@anonymised.com
www.mtri.org
www.michiganview.org