# Security

The REST API allows you to adjust GeoServer security settings.

> **Note:** <br> 
> You can find the official example at [https://docs.geoserver.org/2.25.x/en/user/rest/security.html](https://docs.geoserver.org/2.25.x/en/user/rest/security.html)

## Setup

### Imports

First, we need to import the necessary modules and classes.

In [1]:
from geoserver import GeoServer

### GeoServer Connection

Connect to the running GeoServer instance and create a workspace and a store.

In [2]:
# Setup the geoserver instance
geoserver = GeoServer(
    service_url="http://localhost:8080/geoserver",
    username="admin",
    password="geoserver",
)

Let's clean up the security rules before we start.

In [3]:
if geoserver.security_layer_exists(rule="topp.*.r"):
    geoserver.delete_security_layer()
    
if geoserver.security_layer_exists(rule="topp.*.r"):
    geoserver.delete_security_layer(rule="topp.mylayer.w")

## Listing the keystore password

Retrieve the keystore password for the “root” account.

In [4]:
geoserver.get_master_password()

{'oldMasterPassword': 'geoserver'}

## Changing the keystore password

Change to a new keystore password.

> **Note:** <br>
> Requires knowledge of the current keystore password.

In [5]:
# Using JSON format
body = {
    "masterPassword": {
        "oldMasterPassword": "geoserver",
        "newMasterPassword": "geoserver2",
    }
}

# Using XML format
body = """
<masterPassword>
    <oldMasterPassword>geoserver</oldMasterPassword>
    <newMasterPassword>geoserver2</newMasterPassword>
</masterPassword>
"""

geoserver.update_master_password(body=body)

'Updated'

In [6]:
# Revert back to the original password
body = """
<masterPassword>
    <oldMasterPassword>geoserver2</oldMasterPassword>
    <newMasterPassword>geoserver</newMasterPassword>
</masterPassword>
"""

geoserver.update_master_password(body=body)

'Updated'

## Listing the catalog mode

Fetch the current catalog mode.

In [7]:
geoserver.get_catalog_mode()

{'mode': 'MIXED'}

## Changing the catalog mode

Set a new catalog mode.

In [8]:
# Using JSON format
body = {
    "catalog": {
        "mode": "HIDE"
    }
}

# Using XML format
body = """
<catalog>
    <mode>HIDE</mode>
</catalog>
"""

geoserver.update_catalog_mode(body=body)

'Updated'

## Listing access control rules

Retrieve current list of access control rules.

In [9]:
geoserver.get_security_layers()

{'*.*.r': '*', '*.*.w': 'GROUP_ADMIN,ADMIN'}

## Changing access control rules

Set a new list of access control rules.

In [10]:
# Using JSON format
body = {
    "rules": [
        {"resource": "topp.*.r", "auth": "ROLE_AUTHORIZED"},
        {"resource": "topp.mylayer.w", "auth": "ROLE_1,ROLE_2"},
    ]
}

# Using XML format
body = """
<rules>
   <rule resource="topp.*.r">ROLE_AUTHORIZED</rule>
   <rule resource="topp.mylayer.w">ROLE_1,ROLE_2</rule>
</rules>
"""

geoserver.create_security_layers(body=body)

'Created'

## Deleting access control rules

Delete individual access control rule.

In [11]:
geoserver.delete_security_layer(rule="topp.*.r")
geoserver.delete_security_layer(rule="topp.mylayer.w")

'Deleted'