A feature that has become quite popular in GeoServer over the last year has been the RESTful configuration plug-in (“restconfig”), that allows one to configure a GeoServer instance programmatically via simple HTTP operations.

Recently the issue of security has come up with regards to the restconfig plug-in. Essentially it boils down to the fact that GeoServer allows anonymous access to any resource or service when the HTTP request method is GET. In the case of restconfig this can make sensitive information available anonymously such as database connection parameters which can contain passwords and the like.

To remedy this situation in 2.0.1 the GeoServer security subsystem has been extended to allow for configuring access to RESTful services. This is documented in the user guide.

The major caveat for users upgrading to 2.0.1 is that any systems that depended on the previous behavior of allowing GET access to resources without authentication will undoubtedly break. In this case users have two options:

1. Start supplying administrator credentials with all requests

2. Reconfigure GeoServer to allow for anonymous access for GET operations

A patch has been created for 1.7.x users as well.

Try it out. Please report any issues to the GeoServer users list. Thanks for using GeoServer!

With a large number of users upgrading to GeoServer 2.0, it’s no wonder we’ve had so many fixes and improvements make it into GeoServer 2.0.1, now available for download.

Possibly the most significant change since 2.0.0 has been the addition of the RESTful API to the security sub system. Previously, users were able to connect in a read-only capacity to otherwise secure services through RESTful GET requests. While this is a good fix for GeoServer, it does mean that users who were previously relying on anonymous read access to secure services must now authenticate before they can access them. More details are available for those who are interested.

Other changes include usability changes to the administration UI, an updated Windows installer that now contains service and console installation options, and over 100 other issues fixed.

We encourage you to download the latest version and take it for a spin and report any issues you encounter to the mailing list or bug tracker.

As always, we owe a debt of gratitude to all those that have contributed bug reports, fixes, patches and features. A special thanks goes out to LISAsoft for managing this release.

CSIRO is now hiring seven software developers “to join an established team within CSIRO Earth Science and Resource Engineering (CESRE). As part of the Australian Spatial Research Data Commons (ASRDC) Project, this team is responsible for investigating and implementing open source and open standards based software for geospatial information exchange using Open Geospatial Consortium (OGC) web services.”

CSIRO is Australia’s national science agency.

As advertised on seek.com.au:

Senior Software Engineer - Leading Role http://www.seek.com.au/users/apply/index.ascx?Sequence=39&PageNumber=1&jobid=16484299

Software Engineers - 5 Positions http://www.seek.com.au/users/apply/index.ascx?Sequence=72&PageNumber=1&jobid=16484529

Software Engineer - Administrator http://www.seek.com.au/users/apply/index.ascx?Sequence=56&PageNumber=1&jobid=16484057

The same positions on the CSIRO recruitment website:

Positions Details - 2009/995 - Senior Software Engineer - Leading Role https://recruitment.csiro.au/asp/job_details.asp?RefNo=2009%2F995

Positions Details - 2009/996 - Software Engineers - 5 Positions https://recruitment.csiro.au/asp/job_details.asp?RefNo=2009%2F996

Positions Details - 2009/994 - Software Engineer - Administrator https://recruitment.csiro.au/asp/job_details.asp?RefNo=2009%2F994

Applications close on 10 January 2010. These are fixed-term positions of approximately 18 months (term end 30 June, 2011).

The positions will be based at the Australian Resources Research Centre, 26 Dick Perry Ave, Kensington WA, Australia. This is in an inner suburb of Perth, Western Australia. http://maps.google.com.au/maps?f=q&source=s_q&hl=en&geocode=&q=26+Dick+Perry+Ave+Kensington+WA&sll=-31.993227,115.885849&sspn=0.969029,2.073669&ie=UTF8&hq=&hnear=26+Dick+Perry+Ave,+Kensington+Western+Australia+6151&ll=-31.994847,115.884718&spn=0.242253,0.518417&z=12

Street view: http://maps.google.com.au/maps?f=q&source=s_q&hl=en&geocode=&q=26+Dick+Perry+Ave+Kensington+WA&sll=-31.993227,115.885849&sspn=0.969029,2.073669&ie=UTF8&hq=&hnear=26+Dick+Perry+Ave,+Kensington+Western+Australia+6151&ll=-31.995238,115.885892&spn=0.001893,0.00405&t=h&z=19&layer=c&cbll=-31.995244,115.8861&panoid=-fbF3xYlc6_RMyuiOUPYMQ&cbp=12,356.75,,0,5.95

Lately, I have been working on adding support for the **TIME **attribute for GeoServer in WMS GetMap requests via an improvement of the ImageMosaic raster store:

`http://yourserver/geoserver/wms?REQUEST=GetMap&...&TIME=2009-12-12,2009-12-13&...`

You can get some more details on the GeoSolutions blog.

Ciao a tutti,

Supporting a project such as GeoServer requires a great investment of time and resources. Organizations that support it are faced with the problem of finding funding. As founder of my own company, I often find myself in the position to seek funding for supporting GeoServer and I obviously tend to prefer large contracts to small ones. This seems perfectly reasonable, however I do recognize that in the long run this approach may cause some missed opportunities. Large funding usually focuses on large developments, but they leave aside common glitches and bugs, i.e. isolated features that are not working properly or could be improved relatively easily. To counter this, supporting organizations must invest surplus money and resources from other contracts into tackling these problems, since it is difficult or inefficient to chase money to address each small issue separately.

As a specific example, I have lately seen people struggling to get the ImagePyramid extension working, and I know it would be relatively easy to improve things (in that it would not need a lot of funding) but none of our current clients needs this functionality, so the work never gets done.

With this in mind, I have come up with the following idea: once someone, be it a user or a support organization, recognizes an issue/missing feature that no one else wants or has funding to fix, we should try to describe the problem/feature somewhere (such as on this blog), provide a Point of Contact (POC) for the work and then ask the community for an Expression of Interest (EOI) to check whether there is enough momentum/desire to fix/implement. Perhaps the POC should write the proposal having already scoped out the work or maybe the scope should wait until we know that there is enough interest. Another topic where I would see some interest is in whether the process should be completely transparent or not regarding who gives the funding as well as who spends the funding gathered. I would be interested in feedback on all of these suggestions.

To test his idea, I would like to invite anyone who might be interested in providing a bit of funding to improve the support for the ImagePyramid extension in GeoServer to express your interest to me. Specifically, I am talking about automagic import from GDAL retile, improved stability and performance, and/or automagic pyramiding as a GeoServer/GeoTools utility.

If you are interested you can drop me an email at simone.giannecchiniATgeo-solutions.it.

Ciao, Simone.