GeoFence Security Rules Management Proposal
GeoFence allow users to define security rules that will control the access to GeoServer resources.
GeoFence can run as a standalone application or embedded in GeoServer. The standalone version supports more advanced rules that the embedded one.
GeoServer community module GeoFence Server is the one responsible to embed GeoFence in GeoServer.
The idea behind this proposal is to allow users to define and manage security rules of the embedded version using MapStore2 UI.
From now on when talking about security rules we will be referring to the security rules available in the embedded version.
When GeoFence is active a requests will be denied unless a rule allow it.
The structure of a security rule is self explanatory:
<Rule id="0">
<priority>0</priority>
<role>*</role>
<userName>john</userName>
<service>WMS</service>
<request>*</request>
<workspace>tiger</workspace>
<layer>*</layer>
<access>ALLOW</access>
</Rule>The wildcard * can be used to match anything (which is the propose of an wildcard). When submitting a new rule if an attribute is omitted the wildcard will be used as that attribute value. Consider the following rule:
<Rule id="0">
<priority>0</priority>
<service>WMS</service>
<access>ALLOW</access>
</Rule>The rule above means that everyone will be able to perform requests against the WMS service.
When GeoFence is evaluating a request it will use the first rule that match that request. Security rules will be tested by their priority order. Consider the following rules:
<Rule id="0">
<priority>0</priority>
<user>john</user>
<service>WFS</service>
<request>TRANSACTION</request>
<access>DENY</access>
</Rule>
<Rule id="1">
<priority>1</priority>
<role>employee</role>
<service>WFS</service>
<request>TRANSACTION</request>
<access>DENY</access>
</Rule>
<Rule id="2">
<priority>2</priority>
<role>employee</role>
<service>WFS</service>
<access>ALLOW</access>
</Rule>Every employee will be able to perform requests against the WFS service but they will not be able to use the TRANSACTION operation, only John will be able to perform that operation.
A REST interface is available to manage GeoFence security rules.
The UI to manage security rules will integrate in the administration UI:
The security rules will always be listed by their priority. The user can change the priority of a rule in a page using drag and drop and can move several rules between pages using the arrows buttons available on the top of the table.
The filters can be used to filter the rules that are show to the user. GeoFence REST API only allows us to filter rules by attributes, we cannot apply a filter to all attributes. When filtering using a certain attribute only the rules which that attribute match's the provided value or use an an wildcard for that attribute will be taken in consideration.
Buttons ADD, EDIT and DELETE will be a simple icons without text. This buttons will allow the user to add, edit or remove any select rules, if no rules are selected edit and delete buttons will be disabled.
The arrows buttons will respectively allow the user to move any selected rules to the first page, previous page, next page and last page. If no rules are selected those buttons will be disabled. It will also take in account the current page, for example if we are in the first page the button to move rules to the first page will be disabled.
Moving a set of rules to another page means assigning to the moved rules a lower priority than the first rule of that page. If a filter is active it will be taken in account to find the rule with the highest priority of the targeted page.
When clicking on the add rule button a modal will open and allow the user to configure the new rule:
When one or more rules are selected and the user click on the edit button a modal will open allowing the user to edit the selected rules:
GeoFence REST interface will need to be extended to support moving several rules between pages. The new REST entry point will receive the current filter (similar to list rules entry point), the rules that need to be moved and the targeted page.