Server configuration
With the server configuration you define which services of a host security.manager for OGC should protect. Additionally, you assign policy files to the services.
The server configuration has the following structure:
{
"server": {
"host": "https://gisserver.example.com", (1)
"serverAuthn": {}, (2)
"services": [] (3)
}
}| 1 | host name of the target server that provides the services to be protected |
| 2 | optional: authentication information for the target server |
| 3 | describes the services on the target server that should be protected |
You can reference any property from the application.properties or any environment variable in the server-config.json by using ${key} expressions, e.g. "host": "${secured.server.url}".
|
|
Auto-complete and syntax validation
The JSON format for server configuration definition as described here is also defined as JSON Schema. With this schema you can verify that the JSON file you write is valid. Furthermore, editors like Visual Studio Code can use that schema to provide examples, descriptions, and auto-completion when editing elements. In the JSON file add the property A copy of the JSON Schema is included in the security.manager for OGC distribution and available under Replace |
serverAuthn
Authentication information for accessing the target server by security.manager for OGC.
This property is optional. If defined, security.manager for OGC will authenticate when connecting to the target server.
"serverAuthn": {
"type": "basic", (1)
"username": "<username>", (2)
"password": "<password>" (2)
}| 1 | type of authentication |
| 2 | HTTP Basic authentication only: username and password, preferably as a reference to environment variables |
type-
Type of authentication. Accepted values are:
basic(HTTP Basic authentication),none(no authentication). username-
Username used to authenticate against the target server in plain text.
password-
Password used to authenticate against the target server in plain text.
services
List of services that should be secured by security.manager for OGC.
"services": [{
"path": "/path/to/service", (1)
"type": "WMS", (2)
"policy-ref": "my-policy" (3)
}]| 1 | path to service at the target server |
| 2 | type of service |
| 3 | reference to a policy file in the policies-folder without file ending |
path
Path to the service at the target server.
The path must start with a / and must not contain any URI fragments or query parameters.
Detailed information about how incoming requests are mapped to the target service is provided in Mapping incoming request to a protected services.
type
Type of service that determines which authorization logic is applied.
Allowed values:
-
WMS: The protected service is a Web Map Service. security.manager for OGC enforces policies on layers in WMS requests and responses. -
WFS: The protected service is a Web Feature Service. security.manager for OGC enforces policies on feature types in WFS requests and responses. -
FORWARD: The protected service describes a path. security.manager for OGC forwards requests to this path without applying OGC-specific logic. This is useful, for example, to allow access to resource paths provided by an OGC service (see Allow access to arbitrary paths on the target server).
policy-ref
File name of a policy file in the policies folder.
The file extension .json is omitted.
The policies specified in this policy file apply when users access this service.
The policy-ref property is optional if type has the value FORWARD.
Example: For a file my-policy.json in the policies folder, the value "my-policy" has to be specified as policy-ref.