Security¶
The REST API allows you to adjust GeoServer security settings.
Note:
You can find the official example at https://docs.geoserver.org/2.25.x/en/user/rest/security.html
In [1]:
Copied!
from geoserver import GeoServer
from geoserver import GeoServer
GeoServer Connection¶
Connect to the running GeoServer instance and create a workspace and a store.
In [2]:
Copied!
# Setup the geoserver instance
geoserver = GeoServer(
service_url="http://localhost:8080/geoserver",
username="admin",
password="geoserver",
)
# Setup the geoserver instance
geoserver = GeoServer(
service_url="http://localhost:8080/geoserver",
username="admin",
password="geoserver",
)
Let's clean up the security rules before we start.
In [3]:
Copied!
if geoserver.security_layer_exists(rule="topp.*.r"):
geoserver.delete_security_layer()
if geoserver.security_layer_exists(rule="topp.*.r"):
geoserver.delete_security_layer(rule="topp.mylayer.w")
if geoserver.security_layer_exists(rule="topp.*.r"):
geoserver.delete_security_layer()
if geoserver.security_layer_exists(rule="topp.*.r"):
geoserver.delete_security_layer(rule="topp.mylayer.w")
Listing the keystore password¶
Retrieve the keystore password for the ârootâ account.
In [4]:
Copied!
geoserver.get_master_password()
geoserver.get_master_password()
Out[4]:
{'oldMasterPassword': 'geoserver'}
Changing the keystore password¶
Change to a new keystore password.
Note:
Requires knowledge of the current keystore password.
In [5]:
Copied!
# Using JSON format
body = {
"masterPassword": {
"oldMasterPassword": "geoserver",
"newMasterPassword": "geoserver2",
}
}
# Using XML format
body = """
<masterPassword>
<oldMasterPassword>geoserver</oldMasterPassword>
<newMasterPassword>geoserver2</newMasterPassword>
</masterPassword>
"""
geoserver.update_master_password(body=body)
# Using JSON format
body = {
"masterPassword": {
"oldMasterPassword": "geoserver",
"newMasterPassword": "geoserver2",
}
}
# Using XML format
body = """
geoserver
geoserver2
"""
geoserver.update_master_password(body=body)
Out[5]:
'Updated'
In [6]:
Copied!
# Revert back to the original password
body = """
<masterPassword>
<oldMasterPassword>geoserver2</oldMasterPassword>
<newMasterPassword>geoserver</newMasterPassword>
</masterPassword>
"""
geoserver.update_master_password(body=body)
# Revert back to the original password
body = """
geoserver2
geoserver
"""
geoserver.update_master_password(body=body)
Out[6]:
'Updated'
Listing the catalog mode¶
Fetch the current catalog mode.
In [7]:
Copied!
geoserver.get_catalog_mode()
geoserver.get_catalog_mode()
Out[7]:
{'mode': 'MIXED'}
Changing the catalog mode¶
Set a new catalog mode.
In [8]:
Copied!
# Using JSON format
body = {
"catalog": {
"mode": "HIDE"
}
}
# Using XML format
body = """
<catalog>
<mode>HIDE</mode>
</catalog>
"""
geoserver.update_catalog_mode(body=body)
# Using JSON format
body = {
"catalog": {
"mode": "HIDE"
}
}
# Using XML format
body = """
HIDE
"""
geoserver.update_catalog_mode(body=body)
Out[8]:
'Updated'
Listing access control rules¶
Retrieve current list of access control rules.
In [9]:
Copied!
geoserver.get_security_layers()
geoserver.get_security_layers()
Out[9]:
{'*.*.r': '*', '*.*.w': 'GROUP_ADMIN,ADMIN'}
Changing access control rules¶
Set a new list of access control rules.
In [10]:
Copied!
# Using JSON format
body = {
"rules": [
{"resource": "topp.*.r", "auth": "ROLE_AUTHORIZED"},
{"resource": "topp.mylayer.w", "auth": "ROLE_1,ROLE_2"},
]
}
# Using XML format
body = """
<rules>
<rule resource="topp.*.r">ROLE_AUTHORIZED</rule>
<rule resource="topp.mylayer.w">ROLE_1,ROLE_2</rule>
</rules>
"""
geoserver.create_security_layers(body=body)
# Using JSON format
body = {
"rules": [
{"resource": "topp.*.r", "auth": "ROLE_AUTHORIZED"},
{"resource": "topp.mylayer.w", "auth": "ROLE_1,ROLE_2"},
]
}
# Using XML format
body = """
ROLE_AUTHORIZED
ROLE_1,ROLE_2
"""
geoserver.create_security_layers(body=body)
Out[10]:
'Created'
Deleting access control rules¶
Delete individual access control rule.
In [11]:
Copied!
geoserver.delete_security_layer(rule="topp.*.r")
geoserver.delete_security_layer(rule="topp.mylayer.w")
geoserver.delete_security_layer(rule="topp.*.r")
geoserver.delete_security_layer(rule="topp.mylayer.w")
Out[11]:
'Deleted'