Access Control¶
/security/acl/catalog.<format>¶
Fetches the catalog mode and allows to change the catalog mode. The mode must be one of
HIDE
MIXED
CHALLENGE
Method |
Action |
Status code |
Formats |
Default Format |
|---|---|---|---|---|
GET |
Fetch the catalog mode |
200,403 |
XML, JSON |
|
PUT |
Set the catalog mode |
200,403,404,422 |
XML, JSON |
Formats:
XML
<catalog>
<mode>HIDE</mode>
</catalog>
JSON
{"mode":"HIDE" }
Exceptions¶
Exception |
Status code |
|---|---|
No administrative privileges |
403 |
Malformed request |
404 |
Invalid catalog mode |
422 |
/security/acl/layers.<format>¶
/security/acl/services.<format>¶
/security/acl/rest.<format>¶
API for administering access control for
Layers
Services
The REST API
Method |
Action |
Status code |
Formats |
Default Format |
|---|---|---|---|---|
GET |
Fetch all rules |
200,403 |
XML, JSON |
|
POST |
Add a set of rules |
200,403,409 |
XML, JSON |
|
PUT |
Modify a set of rules |
200,403,409 |
XML, JSON |
|
DELETE |
Delete a specific rule |
200,404,409 |
XML, JSON |
Format for DELETE:
The specified rule has to be the last part in the URI:
/security/acl/layers/*.*.r
Note
Slashes (“/”) in a rule name must be encoded with %2F. The REST rule /**;GET must be encoded to /security/acl/rest/%2F**;GET
Formats for GET,POST and PUT:
XML
<?xml version="1.0" encoding="UTF-8"?>
<rules>
<rule resource="*.*.r">*</rule>
<rule resource="myworkspace.*.w">ROLE_1,ROLE_2</rule>
</rules>
JSON
{
"*.*.r": "*",
"myworkspace".*.w": "ROLE_1,ROLE_2"
}
The resource attribute specifies a rule. There are three different formats.
For layers: <workspace>.<layer>.<access>. The asterisk is a wild card for <workspace> and <layer>. <access> is one of r (read), w (write) or a (administer).
For services: <service>.<method>. The asterisk is a wild card wild card for <service> and <method>. Examples:
wfs.GetFeature
wfs.GetTransaction
wfs.*
For REST: <URL Ant pattern>;<comma separated list of HTTP methods>. Examples:
/**;GET
/**;POST,DELETE,PUT
The content of a rule element is a comma separated list of roles or the asterisk.
Exceptions¶
Exception |
Status code |
|---|---|
No administrative privileges |
403 |
POST, adding an already existing rule |
409 |
PUT, modifying a non existing rule |
409 |
DELETE, Deleting a non existing rule |
409 |
Invalid rule specification |
422 |
Note
When adding a set of rules and only one role does already exist, the whole request is aborted. When modifying a set of rules and only one role does not exist, the whole request is aborted too.