Dear List, maybe it was to complex, let me simplify: How I can administer security/rest.properties via UI? F.e.: Is GeoFence able to limit access to the Geoserver's REST api, granting permissions to create resources (workspaces,stores,layers) via REST ?
How did you manage that *dynamically* (at runtime)? Regards, C. Il giorno gio 10 set 2020 alle ore 19:01 carlo cancellieri < geo.ccancelli...@gmail.com> ha scritto: > Hi all, > not sure this is the right place to ask for GeoFence but let me try. > > So I'm running multiple geserver in cluster: all having a separate replica > of the data+datadir but connected to the same database via a connection > pool configured in tomcat (one Database for each cluster). > > The loadbalancer is rotating through the Geoserver and the session is not > shared for the moment. > > I've several of clusters like these and all are meant to be used as read > only, update is performed rolling/updating the snapshot of the disks > (automatically by the cloud manager with no downtime). > > The clusters have an external Master Geoserver (one for each cluster) used > as model for the snapshots, so ANY write operation will be performed over > those instances and the cluster will be lazily updated later (pull). > > Now I'm starting looking at GeoFence to manage the authentications and to > grant permissions over layers for any write operation over Master instances > (multiple customers) and for any read operation over the clusters... > > In our scenario users can be managed across different cluster so I've to > centralize the user management (federated identity provider) and possibly > permissions. > > Few initial questions about geofence: > > - To simplify the infrastructure I'm wondering if it is possible to > install it as embedded plugin server sharing the GeoFenceDataSource > configuration over a single postgis DB (shared across one or more clusters > and the relatives Masters instances)? > > - Is GeoFence able to limit access to the Geoserver's REST api to grant > permissions to create resources via REST (f.e. w/ GeoCatBridge) this is > something that I'm currently doing with rest.properties but I'd like to > make it configurable via GUI. > > - is geofence really multitenant: supporting mutiple domains and paths > (not just by workspace) > > - If it's not possible to share the database, how to clusterize an > embedded/standalone geofence server? > > - looking here > <https://github.com/geoserver/geofence/wiki/GeoFence-configuration#database-configuration-1> > I > see it's possible to point to a database with an internal jdbc connection > pool, is it possible to use an external (defined in tomcat) jdbc connection > pool configuring geofence datasource via jndi? (any example is really > appreciated) > > Thank you so much for any hint to address this new challenge. > > Regards, > C. > > -- > Mr. Carlo Cancellieri > *skype*: ccancellieri > *Twitter*: @cancellieric > *LinkedIn*: http://it.linkedin.com/in/ccancellieri/ > -- Mr. Carlo Cancellieri *skype*: ccancellieri *Twitter*: @cancellieric *LinkedIn*: http://it.linkedin.com/in/ccancellieri/
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users