GeoFence Rest API¶

Security¶

The Geofence Rest API is only accessible to users with the role ROLE_ADMIN.

Input/Output¶

Data Object Transfer¶

Both XML and JSON are supported for transfer of data objects. The default is XML. Alternatively, JSON may be used by setting the ‘content-type’ (POST) and ‘accept’ (GET) http headers to ‘application/json’ in your requests.

Encoding of a rule in XML:

<Rule>
   <id>..</id>
   <priority>..</priority>
   <userName>..</userName>
   <roleName>..</roleName>
   <addressRange>..</addressRange>
   <validAfter>..</validAfter>
   <validBefore>..</validBefore>
   <service>..</service>
   <request>..</request>
   <workspace>..</workspace>
   <layer>..</layer>
   <subfield>..</subfield>
   <access>..</access>

   <limits>
      <allowedArea>..</allowedArea>
      <catalogMode>..</catalogMode>
   </limits>

   <layerDetails>
      <layerType> VECTOR | RASTER | LAYERGROUP </layerType>
      <defaultStyle>..</defaultStyle>
      <cqlFilterRead>..</cqlFilterRead>
      <cqlFilterWrite>..</cqlFilterWrite>
      <allowedArea>..</allowedArea>
      <catalogMode>..</catalogMode>

      <allowedStyle>..</allowedStyle>
      ..

      <attribute>
         <name>..</name>
         <datatype>..</datatype>
         <accessType> NONE | READONLY | READWRITE </accessType>
      </attribute>
      ..

   </layerDetails>
</Rule>

Encoding of a rule in JSON:

{
  "Rule": {
    "id":..,
    "priority":..,
    "userName":"..",
    "roleName":"..",
    "addressRange",
    "validAfter",
    "validBefore",
    "service":"..",
    "request":"..",
    "subfield":"..",
    "workspace":"..",
    "layer":"..",
    "access":".."
  }
}

In case a rule that has “any” (“*”) for a particular field the field is either not included (default), left empty or specified with a single asterisk (the latter two may be used for updates to distinguish from “do not change this field”).

Encoding of a list of rules in XML:

<Rules count="n">
  <Rule> ... </Rule>
  <Rule> ... </Rule>
  ...
</Rules>

The result of a count would not include the actual <Rule> tags.

Encoding of a list of rules in JSON:

{
  "count":n,
  "rules":[
    {..},
    ..
  ]
}

Rule content¶

Name	Type	M/O/C	Description
priority	integer	M	Rule priority
userName	string	O	The user this rule should be applied to
roleName	string	O	The group this rule should be applied to
addressRange	IPv4 CIDR notation	O	The range of calling IP addresses this rule should be applied to. Example: `192.168.0.0/16`
validAfter	string	O	Date after which the rule is applied. Format is `yyyy-MM-dd`, example: `2025-02-27`. If `validBefore` is also given, the rule will be valid in the date range between `validAfter` and `validBefore`.
validBefore	string	O	Date before which the rule is applied. See also `validAfter`. Format is `yyyy-MM-dd`, example: `2025-02-27`.
service	string	O	The OGC service this rule should be applied to
request	string	O	The OGC request this rule should be applied to
subfield	string	O	An additional generic field for filtering rules. At the moment only used to specify WPS processes in WPS calls.
workspace	string	O	The workspace this rule should be applied to
layer	string	O	The layer this rule should be applied to
access	string	M	The type of access granted. May be `ALLOW \| DENY \| LIMIT`. When `LIMIT` the limits element should be declared.
limits	complex	C	Mandatory when `access=LIMIT`. Allowed when `access=ALLOW`. Tells how the access should be limited.
allowedArea	EWKT	O	Limit the geographic area that will be returned.
catalogMode	String	O	GeoServer cataog mode to be applied. May be `HIDE \| CHALLENGE \| MIXED`.
layerDetails	complex	C	Only allowed when `layer` is specified. Set further limitations to the data access when the rule is matched.
defaultStyle	String	O	If not null, forces a different style
cqlFilterRead	CQL	O	Apply the CQL filter to the returned data.
cqlFilterWrite	CQL	O	Limits the features that can be modified.
allowedArea	EWKT	O	Limit the geographic area that will be returned.
catalogMode	String	O	GeoServer cataog mode to be applied. May be `HIDE \| CHALLENGE \| MIXED`.
attributes	complex	O	Set R/W privileges to the single attributes

Filter Parameters¶

All filter parameters are optional.

Name	Type	Description
page	number	Used for paging a list of rules. Specifies the number of the page. Leave out for no paging. If specified, `entries` should also be specified.
entries	number	Used for paging a list of rules. Specifies the number of entries per page. Leave out for no paging. If specified, `page` should also be specified.
userName	string	Filter rules on username (excludes all other specific usernames).
userAny	0 or 1.	Specify whether rules matching any username are included or not.
roleName	string	Filter rules on rolename (excludes all other specific rolenames).
roleAny	0 or 1.	Specify whether rules matching any rolename are included or not.
ipAddress	string	Filter rules on IP address range (only select rules with an address range that includes the passed IP address).
ipAddressAny	0 or 1.	Specify whether rules matching any IP address are included or not.
date	string	Filter rules by date. Only returns rules where `date` is between `validAfter` and `validBefore`. Format is yyyy-MM-dd.
dateAny	0 or 1.	Specify whether rules with no data range defined are included or not
service	string	Filter rules on service (excludes all other specific services).
serviceAny	0 or 1.	Specify whether rules matching any service are included or not.
request	string	Filter rules on request (excludes all other specific requests).
requestAny	0 or 1.	Specify whether rules matching any request are included or not.
workspace	string	Filter rules on workspace (excludes all other specific workspaces).
workspaceAny	0 or 1.	Specify whether rules matching any workspace are included or not.
layer	string	Filter rules on layer (excludes all other specific layers).
layerAny	0 or 1.	Specify whether rules matching any layer are included or not.

Requests¶

`/rest/geofence/rules/`¶

Query all rules or add a new rule.

Method	Action	Supported parameters	Response
GET	List all rules, with respect to any added filters	page, entries, userName, userAny, roleName, roleAny, service, serviceAny, request, requestAny, workspace, workspaceAny, layer, layerAny	200 OK. List of rules in XML.
POST	Add a new rule	None	201 Inserted. Created `ID` header.

`/rest/geofence/rules/count`¶

Counts (filtered) rules.

Method	Action	Supported parameters	Response
GET	Count all rules, with respect to any added filters	userName, userAny, roleName, roleAny, service, serviceAny, request, requestAny, workspace, workspaceAny, layer, layerAny	200 OK. Rule list count in XML.

`/rest/geofence/rules/id/<id>`¶

Query, modify or delete a specific rule.

Method	Action	Supported parameters	Response
GET	Read rule information	None	200 OK. Rule in XML.
POST	Modify the rule, unspecified fields remain unchanged.	None	200 OK.
DELETE	Delete the rule	None	200 OK.

Previous: GeoFence Server GUI

Next: AdminRules Rest API

GeoFence Rest API¶

Security¶

Input/Output¶

Data Object Transfer¶

Rule content¶

Filter Parameters¶

Requests¶

`/rest/geofence/rules/`¶

`/rest/geofence/rules/count`¶

`/rest/geofence/rules/id/<id>`¶

Table Of Contents

Continue Reading

This Page

Known GeoServer issues

GeoFence Rest API¶

Security¶

Input/Output¶

Data Object Transfer¶

Rule content¶

Filter Parameters¶

Requests¶

/rest/geofence/rules/¶

/rest/geofence/rules/count¶

/rest/geofence/rules/id/<id>¶

Table Of Contents

Continue Reading

This Page

Known GeoServer issues

`/rest/geofence/rules/`¶

`/rest/geofence/rules/count`¶

`/rest/geofence/rules/id/<id>`¶