GeoServer Blog
GeoServer at FOSS4G 2017 Boston
The annual “Free and Open Source Software for Geospatial” conference is coming to Boston on August 14-19.
This is the global meeting-of-the-tribes event for the spatial community, held by the Open Source Geospatial Foundation. Going well beyond just an event, FOSS4G features hands-on workshops, exciting presentation, technical presentations, exciting technical presentations … along with informal bird-of-a-feather gatherings, a code sprint, and social events.
The GeoServer project is proudly represented at FOSS4G with presentations from the core GeoServer team and success stories from happy users worldwide.
Workshops
The conference opens with two days of workshops. FOSS4G workshops are a great way to access hands-on training with GeoServer, provided by core members of the development team. You are sure to learn something new.
GeoServer workshops:
-
OGC Services in Action: an introduction with GeoServer: Join Andrea Aime from GeoSolutions for this popular course. Covering OGC services, setting up vector and raster data, along with viewing and styling data.
-
GeoServer & PostGIS in Containers and On Kubernetes: Steve Pousty from Red Hat provides an introduction to Docker containers and Kubernetes using the popular combo of PostGIS and GeoServer.
-
Enterprise class deployment for GeoServer and GeoWebcache: optimizing performances and availability: Simone Giannecchini and Andrea Aime from GeoSolutions are back with hands on experience guiding you through the performance, availability and optimization of GeoServer and GeoWebCache.
GeoTools workshops:
-
**Introduction to GeoTools: **Ian and Jody offer an introduction for Java developers.
-
GeoTools DataStore Workshop: Teach GeoServer a new format with this java development workshop.
Presentations
The conference features three days of presentations (with some great keynotes to look forward to from Dr. Richard Stallman, Paul Ramsey and others). GeoServer is well represented with a great selection of talks to choose from.
Core contributors to GeoServer have the following talks:
-
State of GeoServer: Update of everything new and improved for 2017 brought to you by the project team.
-
GeoServer Feature Frenzy: A feature based tour of what GeoServer has to offer, brought to you by the project team.
-
GeoServer in Production: we do it, here is how! Simone and Andrea share battle hardened advice for production installations.
-
**MapBox Styles for GeoServer and OpenLayers: **Torben and David introduce native MapBox styles support, allowing shared client and server styling for a consistent visual presentation.
-
Mapping the world: going beyond web mercator with GeoServer: Andrea provides insight into the creativity available with GeoServer.
-
State of GeoWebCache: Kevin Smith explores tile protocols and the advantages they bring to your GeoServer deployment.
-
Creating Stunning Maps in GeoServer : mastering SLD and CSS styles: GeoServer is host to a powerful rendering engine, unlock your creativity with this introduction to the human-readable cascading style sheet cartography.
The wider GeoServer community is will represented in the rest of the program.
-
Development of an extension of GeoServer to provide handling three-dimensional spatial data: Pusan National Univeristy is back with an research and development area for GeoServer, use of 3D data for indoor mapping.
-
GeoServer Clustering Revisited: Getting Your Docker On
-
Monsanto & Boundless contribution to the open source community; enabling fine grain entitlement for open source geospatial cloud systems (GeoServer) and desktop applications (QGIS)
Many more talks feature GeoServer as part of a successful open source solution. During the abstract submission process GeoServer was the most cited software component.
Bird of a Feather Session
A highlight of FOSS4G is the community aspect of meeting with GeoServer enthusiasts from all backgrounds. We will schedule an evening bird-of-a-feather session for GeoServer Q&A.
Bring your questions, your stories and perhaps a map to share!
Code Sprint
An OSGeo code-sprint is held after the conference offering volunteers a chance to work on the codebase. If you are new to our community please consider attending, we will have a selection of activities ready to go for all skill levels.
Sign up on the OSGeo Wiki, and add your ideas and suggestions.
This is a great opportunity to contribute to the project, please be advised that it is a work party (so bring your own laptop, caffeine will be provided).
See you at FOSS4G Boston
If you would like to join GeoServer in Boston registration is open, $800 for the 3 day conference. Workshops are $125-$350 depending on how many you attend. There is also a great volunteer program (2 hours of training, and 12 work for a $50 registration).
Attending FOSS4G is strongly recommended. While there are friendly regional foss4g conferences nothing compares to the momentum and enthusiasm of the global event.
Thanks to all the presenters and instructors for the GeoServer advocacy, this will be a great event.
GeoServer 2.11.1 Released
We are happy to announce the release of GeoServer 2.11.1. Downloads are available (zip, war, dmg and exe) along with documentation and extensions.
GeoServer 2.11.1 is the latest stable release of GeoSever recommended for production system. This release is made in conjunction with GeoTools 17.1.
Highlights of this release are featured below, for more information please see the release notes (2.11.1 | 2.11.0 | 2.11-RC1 | 2.11-beta ). |
Security Considerations
This release addresses three security vulnerabilities:
-
Added a configurable delay during login, to mitigate a brute force attack.
-
Added a configurable parameter to control clickjacking attacks against the GeoServer UI.
-
Added an additional parameter for locking down password autocomplete in the GeoServer UI
Thanks to Andrea Aime and Devon Tucker for providing fixes to these issues.
These fixes are also included in the 2.10.3 release.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
New Features and Improvements
-
There is a new Mapbox Style community module available, which adds support for an interoperable json styling language. For more details, refer to the documentation.
-
GSIP 158 - NetCDF output support for variable attributes and extra variables. This improvement adds the ability to set attributes on output NetCDF variables, copy attributes from source NetCDF/GRIB variables, and copy scalar variables from NetCDF/GRIB sources including ImageMosaics. See the documentation for details.
-
Allow disabling usage of SLD and SLD_BODY in WMS requests (also for virtual services).
Bug Fixes
-
Various improvements to virtual services, including lookup and GML 3 encoding handling
-
Namespace filtering on capabilities returns all layer groups (including the ones in other workspaces)
-
Not possible to PUT workspace using REST
-
GeoServer Home Page missing information messages
-
Style Editor Preview Legend Fails on non-SLD Styles
-
Integrated GWC does not work with layer and layer group specific services
-
Generating a raster SLD style from template produces a functionally invalid style
-
GeoServer generates invalid GeoPackage raster mosaics
-
Metatiling may throw a ClassCastException: Raster cannot be cast to WritableRaster
About GeoServer 2.11
Articles, docs, blog posts and presentations:
-
OAuth2 for GeoServer (GeoSolutions)
-
YSLD has graduated and is now available for download as a supported extension
-
Vector tiles has graduate and is now available for download as an extension
-
The rendering engine continues to improve with underlying labels now available as a vendor option
-
A new “opaque container” layer group mode can be used to publish a basemap while completely restricting access to the individual layers.
-
Layer group security restrictions are now available
-
Latest in performance optimizations in GeoServer (GeoSolutions)
-
Improved lookup of EPSG codes allows GeoServer to automatically match EPSG codes making shapefiles easier to import into a database (or publish individually).
GeoServer monthly bug stomp
Our monthly GeoServer bug stomps are moving to the last Friday of each month.
Previously these events were scheduled when people were available, making planning difficult. By choosing a set date each month it is easier to schedule a time to participate for all involved.
Tips for Participating
Thanks to Matt Kruszewski for the following notes on how to take part.
Before you start
Get ready:
-
Join the gitter.im channel geoserver/geoserver, you can sign in with your github id.
-
Sign up for Jira, so you can review and add to bugs.
-
Join the geoserver-devel@lists.sourceforge.net and introduce yourself! In your email, you can be asked to be added to the Jira development team (so you can volunteer to work on a bug during the sprint).
-
Double check the contributing guidelines (you may need to sign a code license agreement prior to starting work.)
Git ready:
> > _# GeoServer uses Fork & Branch GitFlow_ _ # Fork the geoserver/geoserver project on github, then clone it locally and add the main_ _ # project as an upstream._ > > _git clone https://github.com/{you}/geotools.git_ _git remote add upstream https://github.com/geoserver/geoserver.git_ _git pull --rebase upstream_ _git checkout -b myBugfixBranch_ _# Before making a pull request, make sure you are up-to-date with upstream._ _git pull --rebase upstream master_ _# (or, rebase)_
For the bug stomp you should work on a branch from master.
-
When your branch is finished, publish it to your fork, and then create a pull request to geoserver/geoserver.
-
For more details, see Geoserver Developer Guide on using Git.
Eclipse or InteliJ recommended:
- If you are setting up GeoServer for the first time as developer Quickstart in the developers guide.
Stomping
If you get stuck or are unsure of how to proceed, ask on gitter!
To find an issue to work on:
-
Ask on Gitter, and use the Jira triage list of good candidates (triage=sprint).
-
At the start of the sprint we review new bugs.
Style:
-
Make sure to follow the contribution guidelines
-
Format your code using the eclipse formatter profile here. The same formatter is used for GeoTools and GeoServer.
-
Make sure to add the license boilerplate
-
Consult the GeoTools code conventions for common habits
-
Documentation is required for a UI fix, javadocs for public classes appreciated.
Testing:
-
Test your fix!
-
See Testing in the GeoServer Developers Guide
-
Since this is a bug stomp, look at how the code around yours is tested and build on that.
Pull Request
-
Make a pull request from your branch on your fork to geoserver/geoserver master.
-
Ask for a review on gitter
-
Make revisions based on feedback and comments. Additional commits to the branch in your fork are automatically reflected in the PR.
Tips and Tricks
-
We work closely with the GeoTools library for data access, rendering and processing - you may need a checkout of the GeoTools library to be effective.
-
For the bug stomp, pick a bug you can fix, not one you need to fix.
-
Many older issues are already fixed, start by trying to reproduce the problem.
-
Many worth while bugs cannot be fixed in a day
-
-
Don’t get stuck. Timebox yourself and don’t be afraid to discuss the problem on gitter.
-
Use the code formatter!
-
Don’t worry about making mistakes! You can run findbugs, or ask for a shared screen code review before submitting your pull request (or “relax and realize the internet is full of fail”.)
Follow-up
- After the bug stomp, reply to the geoserver-devel email thread with a summary of your progress
Most of all welcome to GeoServer and thanks for taking part.
GeoServer 2.10.3 Released
We are happy to announce the release of GeoServer 2.10.3. Downloads are available (zip, war, dmg and exe) along with docs and extensions.
This is the release of GeoServer of the 2.10 branch is now going into maintenance and is no longer recommended for new production system. This release is made in conjunction with GeoTools 16.3.
This release is made by Ian Turton from the Astun Technology team. We would like to thank these volunteers and everyone who contributed features, fixes and time during the release process.
Security Considerations
This release addresses three security vulnerabilities:
-
Added a configurable delay during login, to mitigate a brute force attack.
-
Added a configurable parameter to control clickjacking attacks against the GeoServer UI.
-
Added an additional parameter for locking down password autocomplete in the GeoServer UI
Thanks to Andrea Aime and Devon Tucker for providing fixes to these issues.
These fixes are also included in the 2.11.1 release.
If you wish to report a security vulnerability, please visit our website for instructions on responsible reporting.
New Features and Improvements
-
[GEOS-7684] - Add rest endpoint for geofence admin rules
-
[GEOS-7763] - Add REST endpoint for a user to change their password
-
[GEOS-7957] - GeoFence: REST Rule DTO does not handle addressrange
-
[GEOS-8022] - Allow disabling usage of SLD and SLD_BODY in WMS requests (also for virtual services)
Bug Fixes
A large number of bugs were fixed for this release including several that affected JMS clustering, WFS with 3D data and using the Style Editor with non-SLD styles. See the release notes for more details of all the fixes.
REST API Code Sprint Results
After an epic week of work on the REST-API as a team we are happy to report back with both a pull request and this status update on the work performed.
Thanks again to the code sprint sponsors, we really appreciated the strong response - it was great going into the event knowing it was not going to lose money. We would also like to thank our in-kind sponsors including our hosts GeoSolutions.
Previously posts in this series are REST API Code Sprint Prep and GeoServer Code Sprint 2017.
Migration to Spring-MVC
Everyone worked hard:
-
310 commits
-
487 files changed
-
33,896 lines of code modified
-
More than 500 person-hours over the course of one week.
We have a post on rest api code sprint prep - here is what that work looks like visually.
When reading the above graphics pay attention to the number of lines changed, rather than the number of commits, since some developers commit more frequently than others. A big thanks to Devon Tucker for doing the initial legwork, porting over the /rest/styles end-point sorting out the initial base-controllers, converters and configuration for the spring-mvc approach. Torben Barsballe joined to tinker on html output, javadocs and path fixes so everyone could have a consistent example.
During the sprint itself we carried on this work, splitting up according to end-point. Here is what that looks like visually.
The base /rest end-point provides an HTML and JSON list of all the other endpoints. Torben was able to implement using by looking up path mapping at runtime, allowing us to list new rest-api end-points that are added by optional modules such as the backup-restore community module.
The/rest/workspaces and/rest/namespaces were ported by Ian Turton who joined us from the United Kingdom. These two end-points work in tandem, and are responsible for partitioning GeoServer’s configuration for ease of management, with each workspace being assigned an XML namespace (so their output will not conflict).
Next we have David Vick working on the /rest/{workspace}/datastores end-point. This end-point is responsible for managing vector data sources, this was especially challenging to document since the connection parameters are different for each kind of connection.
Andrea Aime drove down to the coast from to joint the sprint. Initially working on the the /rest/{workspace}/coveragestores end-points, responsible for managing raster data sources, including file upload. Andrea was the first to finish migration and move on to documentation with Mike Pumphrey. This was an especially comlicated end-point as it also covers index and granules management for structured coverages (such as image mosaic).
From Canada Jody Garnett helped with documentation builds, and porting the /rest/layers end-points. The layers end-point captures the WFS options and WMS styling required when publishing.
Nuno, joining us Portugal, worked on the /rest/{workspace}/coverages end-points. Each coverage represents a resource published as a layer. This makes it a tricky to work as both the coverages and layers end-point needs to be used together to effect change.
Matt Kruszewski, joining from St. Louis, provided technical experience to guide the documentation effort. For migration Matt worked on the /rest/{workspace}/featuretypes end-point. Each featuretype represents vector data that is published as a layer, once again requiring use of both the featuretypes and layers end-points together.
Kevin Smith, over from Canada, worked on the /rest/{workspaces}/wmsstores and /rest/{workspaces}/wmslayers end-points. These endpoints are responsible for managing cascaded WMS services, and shared many of the same challenges as the datastores and coverages endpoints.
Quinn Scriptor flew in from Washington District of Columbia, helping with the documentation publication and porting the /rest/layergroups end-points. This work was made more challenging due to an inital lack of test coverage, requiring Quinn to write tests prior to migration.
Several developers were able to go back for a second helping, porting the remaining end-points:
-
/rest/fonts was ported by Ian
-
/rest/about was ported by Matt
-
/rest (index) was ported by Torben
-
/rest/settings were ported by Quinn and Torben. Quinn had to dig into the settings for each of the OWS Services.
-
/rest/templates were ported by Jody
-
/rest/security was ported, at some cost to personal sanity, by Andrea.
-
**/rest/resources **was ported by Torben. This proved tricky as the end-point is willing to work with a wide range of mimetypes (as it is used to manage configuration files, icons and fonts).
After the core application was migrated we had a chance to work on the extensions.
-
The /rest/imports extension was a team effort with Ian David, Matt and Torben on task. Torben especially worked on the airplane ride home and far into the next week migrating the tasks section of this api (responsible for monitoring long running import activities).
-
The /rest/monitor extension was the work of Andrea. This proved difficult to migrate unchanged, as the original notification model was tied into the restlet life-cycle. This work was extensive requiring re-implementing all the dispatcher callbacks in core.
-
Finally Nuno migrated the /rest/services/wfs/transforms end-point used to define XSLT transformations on WFS output.
Documentation
One thing everyone we talked to was looking forward to was reference documentation for the rest api. We have mixed success to report.
We were unable to “auto generate” swagger documentation starting from our existing java codebase. The XStream library we use for XML/JSON output cannot be automatically scanned to produce a swagger file.
What we were able to do was form a documentation train, as each developer completed the migration of a rest-api endpoint they would visit Mike Pumphrey and get started on producing a swagger document by hand. These text files explicitly document each end point, the path, the queries, and most importantly the data that can be edited.
Once the swagger document had been produced we then had a chance to look into publishing options.
From each rest api in the user documentation we link to the generated reference docs.
Static documentation for the user guide
Generation of static html files for the user guide was straight forward using the swagger-codegen-maven-plugin, but only used about 70% of the information we had so carefully written!
Our first issue with this approach is the generated documentation has a bad habit of sorting alphabetically each end point. So all the DELETE methods would be grouped, followed by GET, and then POST, and then PUT methods.
To address this we have broken up each end-point into a seperate file (rather than have a single reference for everything).
Looking at an individual reference we can start to see everything we have written, but the XML and JSON examples have been reduced to a single line.
These results were disappointing after so much work. I expect we will need to improve this plugin if we continue to use it as is.
Generating dynamic documentation for the website
The swagger documentation that most people are familiar with is JavaScript based, showing a YAML or JSON api definition as an interactive dynamic reference. What is great about this approach is that the JavaScript documentation viewer can construct valid sample requests and run them against a reference GeoServer.
Opening up one of the operations we can see that it is much more readable.
For a GET method the response code are clearly listed, with an opportunity to provide an example value. There are still some glitches (the XML and JSON are not pretty printed).
Changing from example value to model we can start to reference information that has been written during the sprint. Since this model is common to both XML and JSON we have tried to strike a good compromise using link to document an atom:link in XML, and a href in JSON.
For PUT and POST methods attribute values (including path variables) are documented, along with the request body.
The model for the request body, drills down into the content expected. One nice feature is the ability to reuse definitions - as seen in the result of style for default and alternate elements below.
To share this with you today we have added docs.geoserver.org/api to the website, the documentation viewer is able to access the individual YAML files on that website.
For the GeoServer 2.12 release we would like to try repurposing this viewer for static html use, it will involve generating out a web page that includes each YAML file inline in addition to the documentation viewer.
Delivery
While the above work was accomplished during the sprint at GeoSolutions, the work was not in a fit state for a delivery. Over the next week (and weekend for Andrea):
-
Integration testing (for geoserver-manager java library and part of gsconfig) from Andrea found a large number of issues. The bulk of these were regressions caused by not quite following the previous example. While this would not normally be a problem when creating a new API, we wanted to be sure to produce the same workflow and response codes so that downstream applications would continue to work unchanged.
-
Kevin Smith and Jody worked to double check the css and ysld extensions correctly worked with the migrated styles end-point. This resulted in some small improvements - css and ysld content can now be validated on upload.
-
Integration testing (for gsconfig and gsimporter python libraries) took up much of the next week as Torben first implemented the remaining “import tasks” and continued quality assurance work Andrea started.
-
Jody and Torben had the final consistency run, making sure converters were were being used consistently to handle mime types, and checking that path variables were named consistently across all endpoint controllers.
-
Torben had the honor of producing the final pull request on Friday (a full week after the sprint completed). These final checks for headers, code formatting, consistent use of path annotations provide us a firm codebase to work from in the future.
Thanks
We would like to thank our employers for a chance to work on this activity, the sponsors who made it possible to work together in person, and our hosts at GeoSolutions for their hospitality.
Vulnerability
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release
- GeoServer 2.24.2 Release
- GeoServer 2.23.4 Release
- GeoServer 2.24.1 Release