Skip to content

Access Control

/security/acl/catalog.<format>

Fetches the catalog mode and allows to change the catalog mode. The mode must be one of

  • HIDE
  • MIXED
  • CHALLENGE
    • Method
    • Action
    • Status code
    • Formats
    • Default Format
    • GET
    • Fetch the catalog mode
    • 200,403
    • XML, JSON
    • PUT
    • Set the catalog mode
    • 200,403,404,422
    • XML, JSON

Formats:

XML

<catalog>
  <mode>HIDE</mode>
</catalog>

JSON

{"mode":"HIDE" }

Exceptions
    • Exception
    • Status code
    • No administrative privileges
    • 403
    • Malformed request
    • 404
    • Invalid catalog mode
    • 422

/security/acl/layers.<format>

/security/acl/services.<format>

/security/acl/rest.<format>

API for administering access control for

  • Layers
  • Services
  • The REST API
    • Method
    • Action
    • Status code
    • Formats
    • Default Format
    • GET
    • Fetch all rules
    • 200,403
    • XML, JSON
    • POST
    • Add a set of rules
    • 200,403,409
    • XML, JSON
    • PUT
    • Modify a set of rules
    • 200,403,409
    • XML, JSON
    • DELETE
    • Delete a specific rule
    • 200,404,409
    • XML, JSON

Format for DELETE:

The specified rule has to be the last part in the URI:

/security/acl/layers/*.*.r

Note

Slashes ("/") in a rule name must be encoded with %2F. The REST rule /;GET must be encoded to /security/acl/rest/%2F;GET

Formats for GET,POST and PUT:

XML

<?xml version="1.0" encoding="UTF-8"?>
<rules>
   <rule resource="*.*.r">*</rule>
   <rule resource="myworkspace.*.w">ROLE_1,ROLE_2</rule>
</rules>

JSON :

{
"*.*.r": "*",
"myworkspace".*.w": "ROLE_1,ROLE_2"
}

The resource attribute specifies a rule. There are three different formats.

  • For layers: ... The asterisk is a wild card for and . is one of r (read), w (write) or a (administer).
  • For services: .. The asterisk is a wild card wild card for and . Examples:
    • wfs.GetFeature
    • wfs.GetTransaction
    • wfs.*
  • For REST: ;. Examples:
    • /**;GET
    • /**;POST,DELETE,PUT

The content of a rule element is a comma separated list of roles or the asterisk.

Exceptions
    • Exception
    • Status code
    • No administrative privileges
    • 403
    • POST, adding an already existing rule
    • 409
    • PUT, modifying a non existing rule
    • 409
    • DELETE, Deleting a non existing rule
    • 409
    • Invalid rule specification
    • 422

Note

When adding a set of rules and only one role does already exist, the whole request is aborted. When modifying a set of rules and only one role does not exist, the whole request is aborted too.