Security in GeoServer

Krishna G. Lodha

Introduction to GeoServer

What is GeoServer?

Open-source server for sharing geospatial data.
Supports OGC standards (WMS, WFS, WCS, WMTS, WPS).

GeoServer

Key features and benefits.

Cross-platform compatibility.
- Tomcat .war file
- Platform independent binary .zip is available
- Docker Image available
High scalability and flexibility for enterprise GIS applications.
- Cloud first approach ( https://geoserver.org/geoserver-cloud/ )

Security Settings

Users,Groups,Roles,Rules
Data Security
Services Security
Authentication Filter
GeoFence Security
WPS Security

Users,Groups,Roles

GeoServer hierarchy

Rules

Rules are created either to control Data or to control Service GeoServer Rules

Users

GeoServer Users

Roles

Roles allows us to create a dummy profile which can be attached to multiple rules as well as it might contain key=value pairs of metadata

Groups

Groups allows us create a dummy profile which can contain multiple roles and thus multiple rules

Data Access

Data Access allows connections of roles to select all or single workspace, and then all or single layer and give either

read
write
admin

GeoServer Data access

Services Access

Services Access allows connections of roles to select all or single OGC Service, and then all or single method to allow execution access.

GeoServer Services access

Authentication Settings

Brute force attack prevention settings
Authentication Filters
Filter Chains
Authentication Providers

Brute force attack prevention settings

A brute force attack in GeoServer is an unauthorized attempt to gain access by systematically trying multiple username-password combinations.

Brute Force

Authentication Filters

Authentication filters in GeoServer are configurable components that handle user authentication by processing incoming requests and verifying credentials. You can configure existing filters as well as add new