Control access to FeatureTypes
In this tutorial, you will learn how to use security.manager for OGC to control access to the WFS https://services.conterra.de/arcgis/services/common/grenzen/MapServer/WFSServer to the FeatureTypes World and Bundeslaender.
Prerequisite
This tutorial builds on the files created in the tutorial Allow access to WFS.
Find the names of the FeatureTypes
To restrict access to the FeatureTypes World and Bundeslaender, call the capabilities of the service:
https://services.conterra.de/arcgis/services/common/grenzen/MapServer/WFSServer?request=GetCapabilities&service=WFS
Here you will find a <wfs:FeatureTypeList> section listing the FeatureTypes of the service along with their names:
<wfs:FeatureTypeList>
<wfs:FeatureType>
<wfs:Name>common_grenzen:Gemeinden</wfs:Name>
<wfs:Title>Gemeinden</wfs:Title>
<wfs:DefaultCRS>urn:ogc:def:crs:EPSG::3857</wfs:DefaultCRS>
<ows:WGS84BoundingBox>
<ows:LowerCorner>5.76580643 47.27107400</ows:LowerCorner>
<ows:UpperCorner>15.56938015 55.05846100</ows:UpperCorner>
</ows:WGS84BoundingBox>
</wfs:FeatureType>
<wfs:FeatureType>
<wfs:Name>common_grenzen:Kreise</wfs:Name>
<wfs:Title>Kreise</wfs:Title>
<wfs:DefaultCRS>urn:ogc:def:crs:EPSG::4326</wfs:DefaultCRS>
<ows:WGS84BoundingBox>
<ows:LowerCorner>5.86701047 47.27025572</ows:LowerCorner>
<ows:UpperCorner>15.04152306 55.06528975</ows:UpperCorner>
</ows:WGS84BoundingBox>
</wfs:FeatureType>
<wfs:FeatureType>
<wfs:Name>common_grenzen:Bundeslaender</wfs:Name>
<wfs:Title>Bundeslaender</wfs:Title>
<wfs:DefaultCRS>urn:ogc:def:crs:EPSG::4326</wfs:DefaultCRS>
<ows:WGS84BoundingBox>
<ows:LowerCorner>-1.13910080 38.59802250</ows:LowerCorner>
<ows:UpperCorner>21.78282162 55.06168200</ows:UpperCorner>
</ows:WGS84BoundingBox>
</wfs:FeatureType>
<wfs:FeatureType>
<wfs:Name>common_grenzen:World</wfs:Name>
<wfs:Title>World</wfs:Title>
<wfs:DefaultCRS>urn:ogc:def:crs:EPSG::4326</wfs:DefaultCRS>
<ows:WGS84BoundingBox>
<ows:LowerCorner>-180.00000000 -90.00000000</ows:LowerCorner>
<ows:UpperCorner>180.00000000 83.62359619</ows:UpperCorner>
</ows:WGS84BoundingBox>
</wfs:FeatureType>
</wfs:FeatureTypeList>You need the names of the FeatureTypes without the namespace.
In this case, the names are World and Bundeslaender without the namespace common_grenzen.
Adjust the policy
Now open the policies-grenzen-wfs.json from the tutorial Allow access to WFS.
Modify the layer entry of the policy to restrict access to the FeatureTypes World and Bundeslaender:
{
"policies": [{
"layers": ["World", "Bundeslaender"],
"roles": ["enhancedSecurity_any"]
}]
}Verify the configuration
To verify the configuration, call the capabilities of the protected service:
http://localhost:8080/secman-ogc/arcgis/services/common/grenzen/MapServer/WFSServer?request=GetCapabilities&service=WFS
<wfs:FeatureTypeList>
<wfs:FeatureType>
<wfs:Name>common_grenzen:Bundeslaender</wfs:Name>
<wfs:Title>Bundeslaender</wfs:Title>
<wfs:DefaultCRS>urn:ogc:def:crs:EPSG::4326</wfs:DefaultCRS>
<ows:WGS84BoundingBox>
<ows:LowerCorner>-1.13910080 38.59802250</ows:LowerCorner>
<ows:UpperCorner>21.78282162 55.06168200</ows:UpperCorner>
</ows:WGS84BoundingBox>
</wfs:FeatureType>
<wfs:FeatureType>
<wfs:Name>common_grenzen:World</wfs:Name>
<wfs:Title>World</wfs:Title>
<wfs:DefaultCRS>urn:ogc:def:crs:EPSG::4326</wfs:DefaultCRS>
<ows:WGS84BoundingBox>
<ows:LowerCorner>-180.00000000 -90.00000000</ows:LowerCorner>
<ows:UpperCorner>180.00000000 83.62359619</ows:UpperCorner>
</ows:WGS84BoundingBox>
</wfs:FeatureType>
</wfs:FeatureTypeList>You will see only the allowed FeatureTypes World and Bundeslaender under <wfs:FeatureTypeList>.
Access to the FeatureTypes Kreise and Gemeinden is no longer possible.