GeoServer Blog
GeoServer continuous map wrapping!
GeoServer is now able to output maps that look like continuous wrapped maps from Google!
Let’s have a look at an example. Below is a map drawn by GeoServer that is reprojected to a projection that happens to sit across the dateline, the usual “edge” of the map. As you can see the reprojection is not doing a good job where the dateline is crossed:
However, GeoServer now has what is called advanced projection handling. With this enabled, the dateline wrapping is properly handled and, in addition, the map repeats in a continuous fashion:
For more information, including how to turn on this (optional) feature, please see this post from GeoSolutions.
GeoServer hidden treasures: filter functions
Ever had the need to format some text in SLD, or to perform complex filter in WFS, and noticed that the basic elements of the OGC Filter specification left you wanting for more?
If so, welcome to the club. One thing few people know is that both SLD and WFS filtering capabilities can be extended by using filter functions. A filter function is just like a programming language function, it’s something that takes arguments and returns some result. For example, “sin(toRadians(45))” will compute the mathematical sin of 45 degrees, and “strSubstring(“hippopotamus”, 0, 5)” will return “hippo”.
The concept of filter function is standardized, but functions themselves are not, so once you start using them you’re tied to a specific server. However they often provide the level of flexibility that you just need in order to get some work done. The good news is that GeoServer already contains tens of them, from number and date formatting, to geometry manipulation, math, string wrangling. So far we just never found the time to document them, but things have changed and we have now quite a complete reference along with some examples.
Let me show you a simple example of using functions. Say we have a contour map, each isoline has an elevation, and we want to show it on the map. Unfortunately the elevation is stored as a floating point, resulting in a less than pleasing output of “150.0” or sometimes “149.999999” when we know the elevation accuracy does not go beyond the meter. To get nice labelling we can use the “numberFormat” filter function to force an integer representation instead (along with some VendorOptions):
<TextSymbolizer>
<Label>
<ogc:Function name="numberFormat">
<ogc:Literal>#</ogc:Literal>
<ogc:PropertyName>ELEVATION</ogc:PropertyName>
</ogc:Function>
</Label>
....
<VendorOption name="followLine">true</VendorOption>
<VendorOption name="repeat">250</VendorOption>
<VendorOption name="maxDisplacement">150</VendorOption>
<VendorOption name="maxAngleDelta">30</VendorOption>
</TextSymbolizer>
Notice how the the ELEVATION field is formatted as an integer number following the simple formatting pattern provided (for a full reference see the the Java DecimalFormat documentation):
I hope you’ll find interesting and clever uses of the existing filter functions to improve the way you work with GeoServer. Next time I’ll show you my favourite one, which is also a new feature in GeoServer 2.0.1, called “geometry transformations”. Stay tuned to learn more about it.
REST Security Update for 1.7.x
A recent post describes a security issue with RESTful services in GeoServer that was fixed for GeoServer 2.0.1. A patch has been created for 1.7.x and is now available. Any users using the restconfig plugin with GeoServer 1.7 are urged to apply the patch.
Note that by applying the patch the same rules as described here apply. Users will have to either update systems that rely on anonymous access via GET operations or alternatively configure the security subsystem to allow them.
Securing RESTful Services with GeoServer 2.0.1
A feature that has become quite popular in GeoServer over the last year has been the RESTful configuration plug-in (“restconfig”), that allows one to configure a GeoServer instance programmatically via simple HTTP operations.
Recently the issue of security has come up with regards to the restconfig plug-in. Essentially it boils down to the fact that GeoServer allows anonymous access to any resource or service when the HTTP request method is GET. In the case of restconfig this can make sensitive information available anonymously such as database connection parameters which can contain passwords and the like.
To remedy this situation in 2.0.1 the GeoServer security subsystem has been extended to allow for configuring access to RESTful services. This is documented in the user guide.
The major caveat for users upgrading to 2.0.1 is that any systems that depended on the previous behavior of allowing GET access to resources without authentication will undoubtedly break. In this case users have two options:
-
Start supplying administrator credentials with all requests
-
Reconfigure GeoServer to allow for anonymous access for GET operations
A patch has been created for 1.7.x users as well.
Try it out. Please report any issues to the GeoServer users list. Thanks for using GeoServer!
GeoServer 2.0.1 Released
With a large number of users upgrading to GeoServer 2.0, it’s no wonder we’ve had so many fixes and improvements make it into GeoServer 2.0.1, now available for download.
Possibly the most significant change since 2.0.0 has been the addition of the RESTful API to the security sub system. Previously, users were able to connect in a read-only capacity to otherwise secure services through RESTful GET requests. While this is a good fix for GeoServer, it does mean that users who were previously relying on anonymous read access to secure services must now authenticate before they can access them. More details are available for those who are interested.
Other changes include usability changes to the administration UI, an updated Windows installer that now contains service and console installation options, and over 100 other issues fixed.
We encourage you to download the latest version and take it for a spin and report any issues you encounter to the mailing list or bug tracker.
As always, we owe a debt of gratitude to all those that have contributed bug reports, fixes, patches and features. A special thanks goes out to LISAsoft for managing this release.
Vulnerability
- GeoServer 2.26.1 Release
- GeoServer 2.25.4 Release
- GeoServer 2.26.0 Release
- CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
- GeoServer 2.25.2 Release
- GeoServer 2.24.4 Release
- GeoServer 2.23.6 Release
- GeoServer 2.25.1 Release
- GeoServer 2.25.0 Release
- GeoServer 2.23.5 Release