Skip to content

GeoFence Rest API

Security

The Geofence Rest API is only accessible to users with the role ROLE_ADMIN.

Input/Output

Data Object Transfer

Both XML and JSON are supported for transfer of data objects. The default is XML. Alternatively, JSON may be used by setting the 'content-type' (POST) and 'accept' (GET) http headers to 'application/json' in your requests.

Encoding of a rule in XML:

<Rule>
   <id>..</id>
   <priority>..</priority>
   <userName>..</userName>
   <roleName>..</roleName>
   <addressRange>..</addressRange>
   <validAfter>..</validAfter>
   <validBefore>..</validBefore>
   <service>..</service>
   <request>..</request>
   <workspace>..</workspace>
   <layer>..</layer>
   <subfield>..</subfield>
   <access>..</access>

   <limits> 
      <allowedArea>..</allowedArea>
      <catalogMode>..</catalogMode>
   </limits>

   <layerDetails>
      <layerType> VECTOR | RASTER | LAYERGROUP </layerType>
      <defaultStyle>..</defaultStyle>
      <cqlFilterRead>..</cqlFilterRead>
      <cqlFilterWrite>..</cqlFilterWrite>
      <allowedArea>..</allowedArea>
      <catalogMode>..</catalogMode>

      <allowedStyle>..</allowedStyle>
      ..

      <attribute>
         <name>..</name>
         <datatype>..</datatype>
         <accessType> NONE | READONLY | READWRITE </accessType>
      </attribute>
      ..

   </layerDetails>
</Rule>

Encoding of a rule in JSON:

{
  "Rule": {
    "id":..,
    "priority":..,
    "userName":"..",
    "roleName":"..",
    "addressRange",
    "validAfter",
    "validBefore",
    "service":"..",
    "request":"..",
    "subfield":"..",
    "workspace":"..",
    "layer":"..",
    "access":".."
  }
}

In case a rule that has "any" ("*") for a particular field the field is either not included (default), left empty or specified with a single asterisk (the latter two may be used for updates to distinguish from "do not change this field").

Encoding of a list of rules in XML:

<Rules count="n">
  <Rule> ... </Rule>
  <Rule> ... </Rule>
  ...     
</Rules>

The result of a count would not include the actual tags.

Encoding of a list of rules in JSON:

{
  "count":n,
  "rules":[
    {..},
    ..
  ]
}

Rule content
    • Name
    • Type
    • M/O/C
    • Description
    • priority
    • integer
    • M
    • Rule priority
    • userName
    • string
    • O
    • The user this rule should be applied to
    • roleName
    • string
    • O
    • The group this rule should be applied to
    • addressRange
    • IPv4 CIDR notation
    • O
    • The range of calling IP addresses this rule should be applied to. Example: 192.168.0.0/16
    • validAfter
    • string
    • O
    • Date after which the rule is applied. Format is yyyy-MM-dd, example: 2025-02-27. If validBefore is also given, the rule will be valid in the date range between validAfter and validBefore.
    • validBefore
    • string
    • O
    • Date before which the rule is applied. See also validAfter. Format is yyyy-MM-dd, example: 2025-02-27.
    • service
    • string
    • O
    • The OGC service this rule should be applied to
    • request
    • string
    • O
    • The OGC request this rule should be applied to
    • subfield
    • string
    • O
    • An additional generic field for filtering rules. At the moment only used to specify WPS processes in WPS calls.
    • workspace
    • string
    • O
    • The workspace this rule should be applied to
    • layer
    • string
    • O
    • The layer this rule should be applied to
    • access
    • string
    • M
    • The type of access granted. May be ALLOW | DENY | LIMIT. When LIMIT the limits element should be declared.
    • limits
    • complex
    • C
    • Mandatory when access=LIMIT. Allowed when access=ALLOW. Tells how the access should be limited.
    • allowedArea
    • EWKT
    • O
    • Limit the geographic area that will be returned.
    • catalogMode
    • String
    • O
    • GeoServer cataog mode to be applied. May be HIDE | CHALLENGE | MIXED.
    • layerDetails
    • complex
    • C
    • Only allowed when layer is specified. Set further limitations to the data access when the rule is matched.
    • defaultStyle
    • String
    • O
    • If not null, forces a different style
    • cqlFilterRead
    • CQL
    • O
    • Apply the CQL filter to the returned data.
    • cqlFilterWrite
    • CQL
    • O
    • Limits the features that can be modified.
    • allowedArea
    • EWKT
    • O
    • Limit the geographic area that will be returned.
    • catalogMode
    • String
    • O
    • GeoServer cataog mode to be applied. May be HIDE | CHALLENGE | MIXED.
    • attributes
    • complex
    • O
    • Set R/W privileges to the single attributes

Filter Parameters

All filter parameters are optional.
    • Name
    • Type
    • Description
    • page
    • number
    • Used for paging a list of rules. Specifies the number of the page. Leave out for no paging. If specified, entries should also be specified.
    • entries
    • number
    • Used for paging a list of rules. Specifies the number of entries per page. Leave out for no paging. If specified, page should also be specified.
    • userName
    • string
    • Filter rules on username (excludes all other specific usernames).
    • userAny
    • 0 or 1.
    • Specify whether rules matching any username are included or not.
    • roleName
    • string
    • Filter rules on rolename (excludes all other specific rolenames).
    • roleAny
    • 0 or 1.
    • Specify whether rules matching any rolename are included or not.
    • ipAddress
    • string
    • Filter rules on IP address range (only select rules with an address range that includes the passed IP address).
    • ipAddressAny
    • 0 or 1.
    • Specify whether rules matching any IP address are included or not.
    • date
    • string
    • Filter rules by date. Only returns rules where date is between validAfter and validBefore. Format is yyyy-MM-dd.
    • dateAny
    • 0 or 1.
    • Specify whether rules with no data range defined are included or not
    • service
    • string
    • Filter rules on service (excludes all other specific services).
    • serviceAny
    • 0 or 1.
    • Specify whether rules matching any service are included or not.
    • request
    • string
    • Filter rules on request (excludes all other specific requests).
    • requestAny
    • 0 or 1.
    • Specify whether rules matching any request are included or not.
    • workspace
    • string
    • Filter rules on workspace (excludes all other specific workspaces).
    • workspaceAny
    • 0 or 1.
    • Specify whether rules matching any workspace are included or not.
    • layer
    • string
    • Filter rules on layer (excludes all other specific layers).
    • layerAny
    • 0 or 1.
    • Specify whether rules matching any layer are included or not.

Requests

/rest/geofence/rules/

Query all rules or add a new rule.
    • Method
    • Action
    • Supported parameters
    • Response
    • GET
    • List all rules, with respect to any added filters
    • page, entries, userName, userAny, roleName, roleAny, service, serviceAny, request, requestAny, workspace, workspaceAny, layer, layerAny
    • 200 OK. List of rules in XML.
    • POST
    • Add a new rule
    • None
    • 201 Inserted. Created ID header.

/rest/geofence/rules/count

Counts (filtered) rules.
    • Method
    • Action
    • Supported parameters
    • Response
    • GET
    • Count all rules, with respect to any added filters
    • userName, userAny, roleName, roleAny, service, serviceAny, request, requestAny, workspace, workspaceAny, layer, layerAny
    • 200 OK. Rule list count in XML.

/rest/geofence/rules/id/<id>

Query, modify or delete a specific rule.
    • Method
    • Action
    • Supported parameters
    • Response
    • GET
    • Read rule information
    • None
    • 200 OK. Rule in XML.
    • POST
    • Modify the rule, unspecified fields remain unchanged.
    • None
    • 200 OK.
    • DELETE
    • Delete the rule
    • None
    • 200 OK.