Access Control¶
/security/acl/catalog.<format>
¶
Fetches the catalog mode and allows to change the catalog mode. The mode must be one of
- HIDE
- MIXED
- CHALLENGE
Method | Action | Status code | Formats | Default Format |
---|---|---|---|---|
GET | Fetch the catalog mode | 200,403 | XML, JSON | |
PUT | Set the catalog mode | 200,403,404,422 | XML, JSON |
Formats:
XML
<catalog>
<mode>HIDE</mode>
</catalog>
JSON
{"mode":"HIDE" }
Exceptions¶
Exception | Status code |
---|---|
No administrative privileges | 403 |
Malformed request | 404 |
Invalid catalog mode | 422 |
/security/acl/layers.<format>
¶
/security/acl/services.<format>
¶
/security/acl/rest.<format>
¶
API for administering access control for
- Layers
- Services
- The REST API
Method | Action | Status code | Formats | Default Format |
---|---|---|---|---|
GET | Fetch all rules | 200,403 | XML, JSON | |
POST | Add a set of rules | 200,403,409 | XML, JSON | |
PUT | Modify a set of rules | 200,403,409 | XML, JSON | |
DELETE | Delete a specific rule | 200,404,409 | XML, JSON |
Format for DELETE:
The specified rule has to be the last part in the URI:
/security/acl/layers/*.*.r
Note
Slashes (“/”) in a rule name must be encoded with %2F. The REST rule /**;GET must be encoded to /security/acl/rest/%2F**;GET
Formats for GET,POST and PUT:
XML
<?xml version="1.0" encoding="UTF-8"?>
<rules>
<rule resource="*.*.r">*</rule>
<rule resource="myworkspace.*.w">ROLE_1,ROLE_2</rule>
</rules>
JSON
{
"*.*.r": "*",
"myworkspace".*.w": "ROLE_1,ROLE_2"
}
The resource attribute specifies a rule. There are three different formats.
- For layers: <workspace>.<layer>.<access>. The asterisk is a wild card for <workspace> and <layer>. <access> is one of r (read), w (write) or a (administer).
- For services: <service>.<method>. The asterisk is a wild card wild card for <service> and <method>. Examples:
- wfs.GetFeature
- wfs.GetTransaction
- wfs.*
- For REST: <URL Ant pattern>;<comma separated list of HTTP methods>. Examples:
- /**;GET
- /**;POST,DELETE,PUT
The content of a rule element is a comma separated list of roles or the asterisk.
Exceptions¶
Exception | Status code |
---|---|
No administrative privileges | 403 |
POST, adding an already existing rule | 409 |
PUT, modifying a non existing rule | 409 |
DELETE, Deleting a non existing rule | 409 |
Invalid rule specification | 422 |
Note
When adding a set of rules and only one role does already exist, the whole request is aborted. When modifying a set of rules and only one role does not exist, the whole request is aborted too.