subject:"\[Geoserver\-users\] Geoserver \+ GeoFence in multiple cluster environment"

Re: [Geoserver-users] Geoserver + GeoFence in multiple cluster environment

2020-09-15 Thread Simone Giannecchini

Ciao Carlo,
please, read below...

Regards,
Simone Giannecchini
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services

for more information.
==
Ing. Simone Giannecchini
@simogeo
Founder/Director

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob:   +39  333 8128928

http://www.geo-solutions.it

http://twitter.com/geosolutions_it


---
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.


On Tue, Sep 15, 2020 at 6:02 PM carlo cancellieri <
geo.ccancelli...@gmail.com> wrote:

> Dear List,
>  maybe it was to complex, let me simplify:
>
> How I can administer security/rest.properties via UI?
> F.e.: Is GeoFence able to limit access to the Geoserver's REST api,
> granting permissions to create resources (workspaces,stores,layers) via
> REST ?
>

No, GeoFence is for OGC Services.


>
> How did you manage that *dynamically* (at runtime)?
>

I think you simply cannot at the moment.


>
> Regards,
> C.
>
>
> Il giorno gio 10 set 2020 alle ore 19:01 carlo cancellieri <
> geo.ccancelli...@gmail.com> ha scritto:
>
>> Hi all,
>>  not sure this is the right place to ask for GeoFence but let me try.
>>
>> So I'm running multiple geserver in cluster: all having a separate
>> replica of the data+datadir but connected to the same database via a
>> connection pool configured in tomcat (one Database for each cluster).
>>
>> The loadbalancer is rotating through the Geoserver and the session is not
>> shared for the moment.
>>
>> I've several of clusters like these and all are meant to be used as read
>> only, update is performed rolling/updating the snapshot of the disks
>> (automatically by the cloud manager with no downtime).
>>
>> The clusters have an external Master Geoserver (one for each cluster)
>> used as model for the snapshots, so ANY write operation will be performed
>> over those instances and the cluster will be lazily updated later (pull).
>>
>> Now I'm starting looking at GeoFence to manage the authentications and to
>> grant permissions over layers for any write operation over Master instances
>> (multiple customers) and for any read operation over the clusters...
>>
>> In our scenario users can be managed across different cluster so I've to
>> centralize the user management (federated identity provider) and possibly
>> permissions.
>>
>> Few initial questions about geofence:
>>
>> - To simplify the infrastructure I'm wondering if it is possible to
>> install it as embedded plugin server sharing the GeoFenceDataSource
>> configuration over a single postgis DB (shared across one or more clusters
>> and the relatives Masters instances)?
>>
>> - Is GeoFence able to limit access to the Geoserver's REST api to grant
>> permissions to create resources via REST (f.e. w/ GeoCatBridge) this is
>> something that I'm currently doing with rest.properties
>> 
>> but I'd like to make it configurable via GUI.
>>
>> - is geofence really multitenant: supporting mutiple domains and paths
>> (not just by workspace)
>>
>> - If it's not possible to share the database, how to clusterize an
>> embedded/standalone geofence server?
>>
>> - looking here
>> 
>>  I
>> see it's possible to point to a database with an internal jdbc connection
>> pool, is it possible to use an external (defined in tomcat) jdbc connection
>> pool configuring geofence datasource via jndi? (any example is

Re: [Geoserver-users] Geoserver + GeoFence in multiple cluster environment

2020-09-15 Thread carlo cancellieri

Dear List,
 maybe it was to complex, let me simplify:

How I can administer security/rest.properties via UI?
F.e.: Is GeoFence able to limit access to the Geoserver's REST api,
granting permissions to create resources (workspaces,stores,layers) via
REST ?

How did you manage that *dynamically* (at runtime)?

Regards,
C.


Il giorno gio 10 set 2020 alle ore 19:01 carlo cancellieri <
geo.ccancelli...@gmail.com> ha scritto:

> Hi all,
>  not sure this is the right place to ask for GeoFence but let me try.
>
> So I'm running multiple geserver in cluster: all having a separate replica
> of the data+datadir but connected to the same database via a connection
> pool configured in tomcat (one Database for each cluster).
>
> The loadbalancer is rotating through the Geoserver and the session is not
> shared for the moment.
>
> I've several of clusters like these and all are meant to be used as read
> only, update is performed rolling/updating the snapshot of the disks
> (automatically by the cloud manager with no downtime).
>
> The clusters have an external Master Geoserver (one for each cluster) used
> as model for the snapshots, so ANY write operation will be performed over
> those instances and the cluster will be lazily updated later (pull).
>
> Now I'm starting looking at GeoFence to manage the authentications and to
> grant permissions over layers for any write operation over Master instances
> (multiple customers) and for any read operation over the clusters...
>
> In our scenario users can be managed across different cluster so I've to
> centralize the user management (federated identity provider) and possibly
> permissions.
>
> Few initial questions about geofence:
>
> - To simplify the infrastructure I'm wondering if it is possible to
> install it as embedded plugin server sharing the GeoFenceDataSource
> configuration over a single postgis DB (shared across one or more clusters
> and the relatives Masters instances)?
>
> - Is GeoFence able to limit access to the Geoserver's REST api to grant
> permissions to create resources via REST (f.e. w/ GeoCatBridge) this is
> something that I'm currently doing with rest.properties but I'd like to
> make it configurable via GUI.
>
> - is geofence really multitenant: supporting mutiple domains and paths
> (not just by workspace)
>
> - If it's not possible to share the database, how to clusterize an
> embedded/standalone geofence server?
>
> - looking here
> 
>  I
> see it's possible to point to a database with an internal jdbc connection
> pool, is it possible to use an external (defined in tomcat) jdbc connection
> pool configuring geofence datasource via jndi? (any example is really
> appreciated)
>
> Thank you so much for any hint to address this new challenge.
>
> Regards,
> C.
>
> --
> Mr. Carlo Cancellieri
> *skype*: ccancellieri
> *Twitter*: @cancellieric
> *LinkedIn*: http://it.linkedin.com/in/ccancellieri/
>


-- 
Mr. Carlo Cancellieri
*skype*: ccancellieri
*Twitter*: @cancellieric
*LinkedIn*: http://it.linkedin.com/in/ccancellieri/
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] Geoserver + GeoFence in multiple cluster environment

2020-09-10 Thread carlo cancellieri

Hi all,
 not sure this is the right place to ask for GeoFence but let me try.

So I'm running multiple geserver in cluster: all having a separate replica
of the data+datadir but connected to the same database via a connection
pool configured in tomcat (one Database for each cluster).

The loadbalancer is rotating through the Geoserver and the session is not
shared for the moment.

I've several of clusters like these and all are meant to be used as read
only, update is performed rolling/updating the snapshot of the disks
(automatically by the cloud manager with no downtime).

The clusters have an external Master Geoserver (one for each cluster) used
as model for the snapshots, so ANY write operation will be performed over
those instances and the cluster will be lazily updated later (pull).

Now I'm starting looking at GeoFence to manage the authentications and to
grant permissions over layers for any write operation over Master instances
(multiple customers) and for any read operation over the clusters...

In our scenario users can be managed across different cluster so I've to
centralize the user management (federated identity provider) and possibly
permissions.

Few initial questions about geofence:

- To simplify the infrastructure I'm wondering if it is possible to install
it as embedded plugin server sharing the GeoFenceDataSource configuration
over a single postgis DB (shared across one or more clusters and the
relatives Masters instances)?

- Is GeoFence able to limit access to the Geoserver's REST api to grant
permissions to create resources via REST (f.e. w/ GeoCatBridge) this is
something that I'm currently doing with rest.properties but I'd like to
make it configurable via GUI.

- is geofence really multitenant: supporting mutiple domains and paths (not
just by workspace)

- If it's not possible to share the database, how to clusterize an
embedded/standalone geofence server?

- looking here

I
see it's possible to point to a database with an internal jdbc connection
pool, is it possible to use an external (defined in tomcat) jdbc connection
pool configuring geofence datasource via jndi? (any example is really
appreciated)

Thank you so much for any hint to address this new challenge.

Regards,
C.

-- 
Mr. Carlo Cancellieri
*skype*: ccancellieri
*Twitter*: @cancellieric
*LinkedIn*: http://it.linkedin.com/in/ccancellieri/
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Geoserver + GeoFence in multiple cluster environment

Re: [Geoserver-users] Geoserver + GeoFence in multiple cluster environment

[Geoserver-users] Geoserver + GeoFence in multiple cluster environment

3 matches

Site Navigation

Mail list logo

Footer information