"Fossies" - the Fresh Open Source Software Archive

Member "user/extensions/geofence-server/tutorial.html" (22 Nov 2019, 16039 Bytes) of package /linux/www/geoserver-2.16.1-htmldoc.zip:


The requested HTML page contains a <FORM> tag that is unusable on "Fossies" in "automatic" (rendered) mode so that page is shown as HTML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    2   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    3 <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
    4 <head>
    5   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    6   
    7   <title>Using the Internal GeoFence server (Tutorial) &mdash; GeoServer 2.16.1 User Manual</title>
    8   <link rel="stylesheet" href="../../_static/blueprint/screen.css" type="text/css" media="screen, projection" />
    9   <link rel="stylesheet" href="../../_static/blueprint/print.css" type="text/css" media="print" /> 
   10   <!--[if IE]>
   11   <link rel="stylesheet" href="../../_static/blueprint/ie.css" type="text/css" media="screen, projection" />
   12   <![endif]-->
   13   <link rel="stylesheet" href="../../_static/default.css" type="text/css" />
   14   <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
   15   <script type="text/javascript">
   16     var DOCUMENTATION_OPTIONS = {
   17         URL_ROOT:    '../../',
   18         VERSION:     '2.16.1',
   19         COLLAPSE_MODINDEX: false,
   20         FILE_SUFFIX: '.html'
   21     };
   22   </script>
   23   <script type="text/javascript" src="../../_static/jquery.js"></script>
   24   <script type="text/javascript" src="../../_static/doctools.js"></script>
   25   <script type="text/javascript" src="../../_static/searchtools.js"></script>
   26   <script type="text/javascript" src="../../searchindex.js"></script>
   27   <link rel="shortcut icon" href="../../_static/geoserver.ico"/>
   28       <link rel="search" title="Search" href="../../search.html" />
   29       <link rel="top" title="GeoServer 2.16.1 User Manual" href="../../index.html" />
   30       <link rel="up" title="Geofence Internal Server" href="index.html" />
   31       <link rel="next" title="Migrating old GeoFence configuration to GeoServer 2.12 and following" href="migration.html" />
   32       <link rel="prev" title="AdminRules Rest API" href="rest-adminrule.html" />
   33 </head>
   34 <body class="extensions/geofence-server/tutorial">
   35   <div id="header" class="selfclear">
   36     <div class="wrap selfclear">
   37       <div id="logo"><a href="../../index.html">GeoServer 2.16.1 User Manual</a></div>
   38       <ul id="top-nav">
   39         <li class="first"><a href="http://geoserver.org/about">About</a></li>
   40         <li><a href="http://blog.geoserver.org/">Blog</a></li>
   41         <li><a href="http://geoserver.org/download">Download</a></li>
   42         <!--<li><a href="../../index.html">Documentation</a></li>-->
   43       </ul>
   44         <form id="quick-search" action="../../search.html" method="get">
   45           <fieldset>
   46             <input type="hidden" name="check_keywords" value="yes" />
   47             <input type="hidden" name="area" value="default" />
   48             <input id="quick-search-query" type="text" name="q" accessKey="q" name="searchQuery.queryString" size="25" value="Search Documentation&hellip;" size="20" tabindex="3" onblur="if(this.value=='') this.value='Search Documentation&hellip;';" onfocus="if(this.value=='Search Documentation&hellip;') this.value='';" />
   49             <input id="quick-search-submit" type="image" value="Search" src="../../_static/chrome/search_icon_green.png" />
   50           </fieldset>
   51         </form>
   52     </div><!-- /.wrap -->
   53   </div><!-- /#header -->
   54   <div id="main">
   55     <div class="wrap selfclear">
   56       <div id="content-left" class="content-border"></div>
   57       <div id="content">
   58 <ul id="breadcrumbs">
   59   
   60   <li><a href="../../index.html">GeoServer 2.16.1 User Manual</a> &raquo;</li>
   61   <li><a href="../index.html" accesskey="U">Extensions</a> &raquo;</li>
   62   <li><a href="index.html" accesskey="U">Geofence Internal Server</a> &raquo;</li>
   63   <li>Using the Internal GeoFence server (Tutorial)</li>
   64 </ul>
   65 <ul id="relatedlinks" class="selfclear">
   66   <li class="first">
   67     <a href="../../py-modindex.html" title="Python Module Index"
   68        accesskey="">modules</a></li>
   69   <li>
   70     <a href="migration.html" title="Migrating old GeoFence configuration to GeoServer 2.12 and following"
   71        accesskey="N">next</a>|</li>
   72   <li>
   73     <a href="rest-adminrule.html" title="AdminRules Rest API"
   74        accesskey="P">previous</a>|</li>
   75 </ul>
   76         
   77   <div class="section" id="using-the-internal-geofence-server-tutorial">
   78 <h1>Using the Internal GeoFence server (Tutorial)<a class="headerlink" href="#using-the-internal-geofence-server-tutorial" title="Permalink to this headline"></a></h1>
   79 <div class="section" id="introduction">
   80 <h2>Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline"></a></h2>
   81 <p>This tutorial shows how to install and configure the <a class="reference internal" href="index.html#community-geofence-server"><span class="std std-ref">Geofence Internal Server</span></a> plug-in. It shows how to create rules in two ways: using the GUI and REST methods.</p>
   82 <p>The tutorial assumes:</p>
   83 <ul>
   84 <li><p class="first">GeoServer is running on <a class="reference external" href="http://localhost:8080/geoserver">http://localhost:8080/geoserver</a></p>
   85 </li>
   86 <li><p class="first">You have a user/group service called “default” that allows the creation of new users. If your primary user/group service is not called “default”, you must start geoserver with the following java system property present:</p>
   87 <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">org</span><span class="o">.</span><span class="n">geoserver</span><span class="o">.</span><span class="n">rest</span><span class="o">.</span><span class="n">DefaultUserGroupServiceName</span><span class="o">=&lt;</span><span class="n">name_of_usergroupservice</span><span class="o">&gt;</span>
   88 </pre></div>
   89 </div>
   90 </li>
   91 </ul>
   92 <p>with &lt;name_of_usergroupservice&gt; a user/group service that allows the creation of new users.</p>
   93 </div>
   94 <div class="section" id="getting-started">
   95 <h2>Getting Started<a class="headerlink" href="#getting-started" title="Permalink to this headline"></a></h2>
   96 <p>Install the plugin-in, see <a class="reference internal" href="installing.html#geofence-server-install"><span class="std std-ref">GeoFence promoted to extension since version 2.15</span></a>. Configure the user/group service as described above if necessary.</p>
   97 <p>Restart GeoServer.</p>
   98 <blockquote>
   99 <div><div class="admonition note">
  100 <p class="first admonition-title">Note</p>
  101 <p class="last">Since we defined no rules yet, the default behavior of GeoFence is to deny access to all resources.</p>
  102 </div>
  103 </div></blockquote>
  104 <p>There should now be a <span class="guilabel">GeoFence Server</span> link on the left side of the screen after logging in. Click on it.
  105 This is the configuration page of your internal GeoFence.</p>
  106 <div class="figure align-center">
  107 <img alt="../../_images/tutorial_rulespage1.png" src="../../_images/tutorial_rulespage1.png" />
  108 </div>
  109 </div>
  110 <div class="section" id="creating-new-rules-with-the-gui">
  111 <h2>Creating new Rules with the GUI<a class="headerlink" href="#creating-new-rules-with-the-gui" title="Permalink to this headline"></a></h2>
  112 <ol class="arabic simple">
  113 <li>Click on the “Add new rule” link. Change only “Access” to “DENY”.</li>
  114 </ol>
  115 <div class="figure align-center">
  116 <img alt="../../_images/tutorial_rulepage1.png" src="../../_images/tutorial_rulepage1.png" />
  117 </div>
  118 <p>Click on “Save”.</p>
  119 <div class="figure align-center">
  120 <img alt="../../_images/tutorial_rulespage2.png" src="../../_images/tutorial_rulespage2.png" />
  121 </div>
  122 <p>We have now expressed that the first rule (with lowest priority) disallows everyone from everything. The following more specific rules we make will provide the exceptions to that general rule. It is also possible to do it the other way (allow everyone to anything as most general rule and specify exceptions to that.)</p>
  123 <ol class="arabic simple" start="2">
  124 <li>As a next step, we will grant the administrator access to everything. Click on “Add new rule” again. Change “Role” to “ADMIN” and click “Save”.</li>
  125 </ol>
  126 <div class="figure align-center">
  127 <img alt="../../_images/tutorial_rulepage2.png" src="../../_images/tutorial_rulepage2.png" />
  128 </div>
  129 <div class="figure align-center">
  130 <img alt="../../_images/tutorial_rulespage3.png" src="../../_images/tutorial_rulespage3.png" />
  131 </div>
  132 <p>You now have a working, basic security configuration.</p>
  133 </div>
  134 <div class="section" id="creating-rules-with-the-rest-api">
  135 <h2>Creating rules with the REST API<a class="headerlink" href="#creating-rules-with-the-rest-api" title="Permalink to this headline"></a></h2>
  136 <p>1. Open a new tab with your browser and go to the following URL: <a class="reference external" href="http://localhost:8080/geoserver/geofence/rest/rules">http://localhost:8080/geoserver/geofence/rest/rules</a>.
  137 You should get an XML representation of your rules:</p>
  138 <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;yes&quot;?&gt;
  139 &lt;Rules count=&quot;2&quot;&gt;
  140       &lt;Rule id=&quot;2&quot;&gt;
  141               &lt;access&gt;ALLOW&lt;/access&gt;
  142               &lt;priority&gt;0&lt;/priority&gt;
  143               &lt;roleName&gt;ADMIN&lt;/roleName&gt;
  144       &lt;/Rule&gt;
  145       &lt;Rule id=&quot;1&quot;&gt;
  146               &lt;access&gt;DENY&lt;/access&gt;
  147               &lt;priority&gt;1&lt;/priority&gt;
  148       &lt;/Rule&gt;
  149 &lt;/Rules&gt;
  150 </pre></div>
  151 </div>
  152 <p>2. Let us first create a new user.
  153 Do this by sending a POST request to the following URL <a class="reference external" href="http://localhost:8080/geoserver/rest/security/usergroup/users">http://localhost:8080/geoserver/rest/security/usergroup/users</a> with the following content:</p>
  154 <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>&lt;user&gt;
  155       &lt;userName&gt;michaeljfox&lt;/userName&gt;
  156       &lt;password&gt;back2$future&lt;/password&gt;
  157       &lt;enabled&gt;true&lt;/enabled&gt;
  158 &lt;/user&gt;
  159 </pre></div>
  160 </div>
  161 <p>You should receive a <code class="docutils literal notranslate"><span class="pre">201</span> <span class="pre">Created</span></code> HTTP Response.</p>
  162 <p>3. Now we will create an access rule for this user.
  163 Do this by sending a POST request to the following URL: <a class="reference external" href="http://localhost:8080/geoserver/geofence/rest/rules">http://localhost:8080/geoserver/geofence/rest/rules</a> with the following content:</p>
  164 <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">Rule</span><span class="o">&gt;</span>
  165       <span class="o">&lt;</span><span class="n">userName</span><span class="o">&gt;</span><span class="n">michaeljfox</span><span class="o">&lt;/</span><span class="n">userName</span><span class="o">&gt;</span>
  166       <span class="o">&lt;</span><span class="n">workspace</span><span class="o">&gt;</span><span class="n">topp</span><span class="o">&lt;/</span><span class="n">workspace</span><span class="o">&gt;</span>
  167       <span class="o">&lt;</span><span class="n">layer</span><span class="o">&gt;</span><span class="n">states</span><span class="o">&lt;/</span><span class="n">layer</span><span class="o">&gt;</span>
  168       <span class="o">&lt;</span><span class="n">service</span><span class="o">&gt;</span><span class="n">WMS</span><span class="o">&lt;/</span><span class="n">service</span><span class="o">&gt;</span>
  169       <span class="o">&lt;</span><span class="n">request</span><span class="o">&gt;</span><span class="n">GetMap</span><span class="o">&lt;/</span><span class="n">request</span><span class="o">&gt;</span>
  170       <span class="o">&lt;</span><span class="n">access</span><span class="o">&gt;</span><span class="n">ALLOW</span><span class="o">&lt;/</span><span class="n">access</span><span class="o">&gt;</span>
  171 <span class="o">&lt;/</span><span class="n">Rule</span><span class="o">&gt;</span>
  172 </pre></div>
  173 </div>
  174 <p>Again, you should receive a <code class="docutils literal notranslate"><span class="pre">201</span> <span class="pre">Created</span></code> HTTP Response.
  175 When browsing to the URL <a class="reference external" href="http://localhost:8080/geoserver/geofence/rest/rules">http://localhost:8080/geoserver/geofence/rest/rules</a> we should now see the following information:</p>
  176 <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;yes&quot;?&gt;
  177 &lt;Rules count=&quot;2&quot;&gt;
  178       &lt;Rule id=&quot;3&quot;&gt;
  179               &lt;access&gt;ALLOW&lt;/access&gt;
  180               &lt;layer&gt;states&lt;/layer
  181               &lt;priority&gt;0&lt;/priority&gt;
  182               &lt;request&gt;GETMAP&lt;/request&gt;
  183               &lt;service&gt;WMS&lt;/service&gt;
  184               &lt;userName&gt;michaeljfox&lt;/userName&gt;
  185               &lt;workspace&gt;topp&lt;/workspace&gt;
  186       &lt;/Rule&gt;
  187       &lt;Rule id=&quot;2&quot;&gt;
  188               &lt;access&gt;ALLOW&lt;/access&gt;
  189               &lt;priority&gt;0&lt;/priority&gt;
  190               &lt;roleName&gt;ADMIN&lt;/roleName&gt;
  191       &lt;/Rule&gt;
  192       &lt;Rule id=&quot;1&quot;&gt;
  193               &lt;access&gt;DENY&lt;/access&gt;
  194               &lt;priority&gt;1&lt;/priority&gt;
  195       &lt;/Rule&gt;
  196 &lt;/Rules&gt;
  197 </pre></div>
  198 </div>
  199 <ol class="arabic simple" start="4">
  200 <li>It should now be possible to log on with username <code class="docutils literal notranslate"><span class="pre">michaeljfox</span></code> and password <code class="docutils literal notranslate"><span class="pre">back2$future</span></code> and perform a <code class="docutils literal notranslate"><span class="pre">GetMap</span></code> on the layer <code class="docutils literal notranslate"><span class="pre">topp:states</span></code>, but nothing else.</li>
  201 </ol>
  202 </div>
  203 </div>
  204 
  205 
  206       <div class="selfclear pagination-nav">
  207           <div class="leftwise"><strong>Previous</strong>: <a href="rest-adminrule.html" title="previous chapter">AdminRules Rest API</a></div>
  208           <div class="rightwise"><strong>Next</strong>: <a href="migration.html" title="next chapter">Migrating old GeoFence configuration to GeoServer 2.12 and following</a></div>
  209       </div>
  210       </div><!-- /#content> -->
  211       <div id="content-right" class="content-border"></div>
  212   <div id="sidebar" class="contrast">
  213       <div id="toc" class="section">
  214         <h3 class="pngfix">Table Of Contents</h3>
  215         <ul>
  216 <li><a class="reference internal" href="#">Using the Internal GeoFence server (Tutorial)</a><ul>
  217 <li><a class="reference internal" href="#introduction">Introduction</a></li>
  218 <li><a class="reference internal" href="#getting-started">Getting Started</a></li>
  219 <li><a class="reference internal" href="#creating-new-rules-with-the-gui">Creating new Rules with the GUI</a></li>
  220 <li><a class="reference internal" href="#creating-rules-with-the-rest-api">Creating rules with the REST API</a></li>
  221 </ul>
  222 </li>
  223 </ul>
  224 
  225         <div class="section-footer"></div>
  226       </div>
  227         <div class="section">
  228           <h3>Continue Reading</h3>
  229           <ul>
  230             <li>Previous: <a href="rest-adminrule.html" title="previous chapter">AdminRules Rest API</a></li>
  231             <li>Next: <a href="migration.html" title="next chapter">Migrating old GeoFence configuration to GeoServer 2.12 and following</a></li>
  232           </ul>
  233         </div>
  234         <div class="section">
  235         <h3>This Page</h3>
  236         <ul class="this-page-menu">
  237                 
  238         <li><a href="https://github.com/geoserver/geoserver/tree/master/doc/en/user/source/extensions/geofence-server/tutorial.rst">Edit</a></li>
  239         </ul>
  240         </div>
  241   </div><!-- /#sidebar -->
  242   </div><!-- /.wrap> -->
  243 </div><!-- /#main -->
  244 <div id="footer">
  245   <div class="wrap">
  246     &copy; Copyright 2019, Open Source Geospatial Foundation. License <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution</a>.
  247     Last updated on Nov 22, 2019.
  248     Created using <a href="http://sphinx.pocoo.org/">Sphinx</a>.
  249   </div><!-- /.wrap> -->
  250 </div><!-- /#footer -->
  251   </body>
  252 </html>