Skip to content

geoserver/geofence

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GeoFence

GeoFence is an advanced authentication/authorization engine for GeoServer

Features

GeoFence allows you to create authorization rules on GeoServer resources based on multiple parameters, such as the user requesting the data, its role, the source IP address of the web request, the used OGC service/request, the requested layer or its workspace.

You can setup authorization rules with the granularity you need: this means that you can allow or deny access to a given layer at a whole, or simply hide some attributes, restrict the output to only a given area, or only allow access to a subset of the features by filtering them using a CQL expression.

You can find more details on this page.

Architecture

GeoFence can be run either as a standalone Java web application, or embedded into GeoServer.

The GeoFence standalone application run as a java service, and can be queried for auth by one or more GeoServer instances.
It provides a complete REST API for the programmatic administration of the rules and their ancillary data; a GUI is no longer provided since version 3.7.
In this configuration GeoServer needs a module (the GeoFence client plugin) that will send authorization queries to GeoFence using a configurable protocol (by default it uses Spring remoting over HTTP).

The embedded configuration will make the GeoFence engine run within GeoServer itself. The administration GUI will be seamlessly embedded into GeoServer. The embedded GeoFence should be installed as a GeoServer plugin as well.

GeoFence provides the authorization services using the interface described in GSIP 57.

License

GeoFence core modules and GUI, as well as the GeoFence plugins in GeoServer, are free and Open Source software, released under the GPL license (which is GPL v2.0), as it implements a GeoServer Java API.

Getting GeoFence

Since there are two different ways to run GeoFence, you'll need different set of files according to your configuration.

Standalone
You'll need the GeoFence .war file, and the geofence plugin to be deployed into GeoServer.
Embedded
You'll only need to deploy the geofence-server plugin into GeoServer.

Since GeoFence and GeoServer run side to side, every change of the API in either side requires a change on the other one.

Here's a compatibility table for the most recent versions of both applications (you may also want to refer to the comprehensive compatibility matrix):

GeoFence GeoServer Main changes
3.7.x (main) 2.25
3.7.1 2.24.x Fix log4j libs
3.7-RC 2.24.0 GeoTools 30: opengis packages renaming
JDK11 compatibility
GUI removed
3.6.1 2.23.x Fix log4j libs
3.6.0 2.23.0 - 2.23.3 DTO changes (#226 - subfield)
3.5.1 2.22.0 - 2.22.x (client) (embedded)
2.21.2 - 2.21.x
2.20.6 - 2.20.x
#222: Improve filtering by role
#87: Exclude JPA1 dep
3.5.0 2.21.0 - 2.21.1
2.20.0 - 2.20.5
2.19.0 - 2.19.6
DTO changes (#163 - restricted area, clip)
3.4.6.1 2.18.x
2.17.x
#166: JTS Version update
Minor DTO changes

Once you have downloaded the resources you need, please follow the instructions on the GeoFence installation wiki page.

Documentation

Community

The GeoFence project is part of GeoServer, so any question can be directed to the GeoServer user mailing list, and developer collaboration discussed in the GeoServer developer mailng list.