Upload
geosolutions
View
4.480
Download
5
Tags:
Embed Size (px)
DESCRIPTION
This presentation will provide an introduction to GeoFence, an open source tool to configure and use complex authorization rules to protect data served by GeoServer OGC services.
Citation preview
Advanced GeoServer Security With GeoFence
Ing. Emanuele Tajariol, GeoSolutions
Ing. Simone Giannecchini, GeoSolutions Ing. Alessio Fabiani, GeoSolutions
FOSS4G 2013, Nottingham 20th September 2013
GeoSolutions
Founded in Italy in late 2006
Expertise
• Image Processing, GeoSpatial Data Fusion
• Java, Java Enterprise, C++, Python
• JPEG2000, JPIP, Advanced 2D visualization
Supporting/Developing FOSS4G projects
GeoServer, MapStore
GeoBatch, GeoNetwork
Clients
Public Agencies
Private Companies
http://www.geo-solutions.it
FOSS4G 2013, Nottingham 20th September 2013
GeoFence
Extended A&A for GeoServer
Authentication Optional
Integrated with GeoServer authorization
architecture
Open Source GPL
Code on GitHub
Authorization Auth on data: e.g. layers, workspaces
Auth on services: e.g. WMS, WFS
FOSS4G 2013, Nottingham 20th September 2013
GeoFence
Based on GSIP 57 Mixed Interceptor + Probe approach
Extended authorization management for GeoServer
External Rule-Based System
GeoServer Internal Probe
On-the-fly manipulation of incoming requests
Role Base Access Control Users
Groups
Rule-based database IPTables-like
FOSS4G 2013, Nottingham
20th September 2013
GeoFence
Fine Grain Authorization Control Services
Operations
Workspaces
Layers
Attributes (alphanumeric and geospatial)
External Web Application REST Interface
GUI
Scalable 1 GeoFence controls N GeoServer cluster
FOSS4G 2013, Nottingham 20th September 2013
GeoFence
Java Enterprise infrastructure
Spring/Spring-Remoting
Hibernate
Apache CXF
Supports DBMS
PostgreSQL/PostGIS
Oracle spatial
H2
Performance ensured thanks to a fine-tunable cache
FOSS4G 2013, Nottingham 20th September 2013
GeoServer Security Model
GeoServer offers extension points for
Authentication (filtering and credential checks)
Authorization (resource access managers)
FOSS4G 2013, Nottingham 20th September 2013
GeoServer Security Model
The GeoFence Authentication provider delegates credential checks to GeoFence
The GeoFence Resource Access Manager asks for permissions to the GeoFence authorization engine
FOSS4G 2013, Nottingham 20th September 2013
GeoServer Security Model
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture
Geofence Stack (again…)
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture
Modules and
packages
GUI
core: GUI logic, implemented using GWT
webapp: produces the final web application .war file
Geoserver (GeoFence Probe)
security: the GeoServer/GeoFence bridge: implements the ResourceAccessManager, forwarding the authorization requests to a remote GeoFence instance
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture
The GeoFence ResourceAccessManager (Geofence Probe) is deployed in each GeoServer
GeoServer instances in a cluster must share the same ClusterID (instance name)
GeoFence uses the instance name to select rules
The Probe queries GeoFence on each
request* with proper info
Instance name
User
Request Details
GeoFence provide Access Policy rules to
manipulate the request on the fly within
the Probe
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Architecture
The GeoFence ResourceAccessManager (Geofence Probe) uses a cache which minimizes the requests toward GeoFence.
The cache can be configured on different aspects:
number of entries,
expiration time
The cache provides REST operations (using GeoServer’s own REST dispatcher) in order to
Invalidate the cache
Query the cache statistics
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System
Authorizations are expressed as a priority-based rule set
Type of Rules are ALLOW/DENY/LIMIT
The first matching rule is the one that determines the outcome of the auth request
Incoming authorization requests are transformed in a rule filter
Filtering can be performed on one or more of these fields:
Username
Group the provided user belongs to
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System
Source geoserver instance
We can control multiple GeoServer clusters
OGC Service
E.g. WMS
OGC Service Operation
E.g. GetCapabilities
Workspace
E.g. it.geosolutions
Layer name
E.g. topp:states
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System
Example
Let’s assume we have configured these rules :
User: u1, Service:WMS, Workspace=W1,ALLOW
User: u1, DENY
These rules will grant access for user u1 to
all the layers in worspace W1
only for WMS request
All other types of request will be DENIED.
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System
When an ALLOW rule is matched, the user will have access to the requested resource.
Finer Grain Control on single layer rules
further restrictions may be defined
i.e only a subset of the data contained in the layer could be made queryeable/visibile to the requesting user
Restrictions on visible Area
Restrictions on Queryable Attributes
Restrictions on Available Styles
FOSS4G 2013, Nottingham
20th September 2013
GeoFence Rule System
Examples
Limiting users access to
a subset of the attributes (R/W)
a specific geographic area.
a subset of the available styles (or the default style can be forced on all requets)
A specific view of the data via a CQL filter
For reading
For writing (delete, create, update)
FOSS4G 2013, Nottingham 20th September 2013
GeoFence Rule System
FOSS4G 2013, Nottingham 20th September 2013
GeoFence REST Interface
GeoFence provides a REST interface for administration
Allows automation!
It allows a complete CRUD access to the various entities managed by GeoFence:
Users and groups
GeoServer instances
Rules
The Find operation can be optionally paged
a Count operation is provided as well to take advantage of the pagination capability.
Priority ordering in rules is fundamental
there are different ways to insert and set a position for the new rules.
https://github.com/geosolutions-it/geofence/wiki/REST-API
FOSS4G 2013, Nottingham
20th September 2013
GeoFence REST Interface
The REST interface also provides a batch mode
multiple CRUD commands can be issued at once
The commands in the batch are processed in the same transaction
Extremely important for automation!
Backup and restore operations are provided as part of the REST interface as well
REST API documentation available at https://github.com/geosolutions-it/geofence/wiki/REST-API
FOSS4G 2013, Nottingham 20th September 2013
GeoFence User Interface
FOSS4G 2013, Nottingham 20th September 2013
Top Categories Users
Groups
Instances
Rules
GeoFence User Interface
FOSS4G 2013, Nottingham 20th September 2013
Users
Groups
Instances
GeoFence User Interface
FOSS4G 2013, Nottingham 20th September 2013
Rules
Details
Details
GeoFence and LDAP
An LDAP server can be used as a repository for user and groups, including the optional ldap module in the deploy
LDAP can be configured through the datasource properties file
When using LDAP users and groups are not editable from the GeoFence interface (they are READ-ONLY)
LDAP module documentation at https://github.com/geosolutions-it/geofence/wiki/LDAP-module
FOSS4G 2013, Nottingham 20th September 2013
When LDAP is enabled, specific DAOs are used for users and groups instead of the default ones
GeoFence and Existing Auth Proxies
FOSS4G 2013, Nottingham 20th September 2013
External Auth Source
Users
Groups
GeoFence DB
GeoFence
Persistence
UserDAO LDAP UserDAO GroupDAO LDAP GroupDAO RuleDAO
GeoFence Use Cases
FOSS4G 2013, Nottingham 20th September 2013
SIAN
GeoFence Use Cases
FOSS4G 2013, Nottingham 20th September 2013
GeoFence
MapManager
GeoStore GeoServer GeoFence
MapStore
JMX Agents
GeoGraphic Building Block
GeoFence Use Cases
FOSS4G 2013, Nottingham 20th September 2013
Astrium GetGeo
GeoFence Use Cases
Layers filtered (CQL filters) by user profile to constrain access to advanced functionality
Possibility of spatial filters to allow regional access only
FOSS4G 2013, Nottingham 20th September 2013
Destination
GeoFence Status
FOSS4G 2013, Nottingham 20th September 2013
Project Release as Open Source
Continuous Build is in place
Dev and Users Mailing Lists are in place
Improvements
Documentation
Official Releases
Integrated Build for testing and demoing
UI Refactor
The End
Thanks for not sleeping
(loudly)
FOSS4G 2013, Nottingham 20th September 2013
GeoFence
GeoFence
Presentazione CUSTOM, Firenze 10 Maggio 2012