Security¶

This section details the security subsystem in GeoServer, which is based on Spring Security. For web-based configuration, please see the section on Security in the Web Administration Interface.

As of GeoServer 2.2.0, the security subsystem has been completely re-engineered, providing a more secure and flexible authentication framework. This rework is largely based on a Christian Müeller’s masters thesis entitled Flexible Authentication for Stateless Web Services. It is good reading to help understanding many of the new concepts introduced.