Skip to content

First steps

Andrea Aime edited this page Oct 6, 2014 · 1 revision

Basic GeoFence configuration

  • Point your browser on GeoFence webapp; if you installed it locally it may be at http://localhost:8081/geofence

  • Log into the application. The default admin credentials are admin / geofence

  • Switch to the User Management tab.
    You'll find no entries in it. We want to create a couple of users so that it will show like this:

    • create an admin user for geoserver (e.g. admin / admin)
    • create a user without admin privileges (e.g. tiger / tiger)
  • Switch to the instance tab:

    • create an entry like this:

      Your GeoServer is not yet configured to use GeoFence as authentication provider, so you'll have to set the existing admin password here (the default password for the GeoServer admin user is "geoserver").
      You will now have a grid like this:

      You may now press the button "Test". A popup dialog will tell you if your GeoServer is properly configured to "talk to" this GeoFence instance:

Basic GeoServer configuration

  • Login with the default administrative credentials admin / geoserver (or whatever you have configured before).
  • In the security panel you'll find the GeoFence link to the GeoFence security admin page
  • Open the GeoFence admin page; you'll get to this page:

    You can notice here the information that allow the GeoFence probe inside GeoServer to communicate with the GeoFence engine:
    • the URL that the probe shall use to communicate with GeoFence;
    • the name (default is default-gs) this instance will use to identify itself to GeoFence. This instance name should be equal to the one we set into GeoFence.
  • Testing connection to GeoFence.
    We altready performed a connection test from GeoFence to GeoServer. Using the button "Test connection" we can also test that GeoServer can communicate to GeoFence. If everything is ok, you'll get this message:
  • Open the Authentication page under the Security settings:
  • Add the GeoFence authenticator and put it as the first in the list otherwise you will not be able to login as admin/admin:
  • Now that we added GeoFence as authentication provider, we'll be able to log into GeoServer using the credentials we added in GeoFence (user admin and user tiger). Try and log in using user tiger.

Testing authorization

  • Logging into GeoServer as admin you will be able to see all the defined layers:
  • Logging into GeoServer as a non-admin user, the defined rules will be examined; since we defined no rules yet, the default behaviour is to deny access to all resources:
  • Get back to GeoFence, and add a rule which allows all layers in workspace tiger for user tiger: create a rule defining:
    • user tiger
    • instance default-gs
    • workspace tiger (you will get a dropdown menu containing all the workspaces available in the selected instance)
    • grant type: allow You'll get a line like this one:
  • Verify the new authorizations.
    Since the probe caches the GeoFence responses, you may need to login again as administrator (or you may keep an admin session open in another browser) and clear the probe cache. You can do it by pressing the "Invalidate" button in the bottom of the GeoFence admin page:

    Login again in GeoServer as user tiger and you will see in "layer preview" all the layers in the tiger workspace: