The Settings page controls the global GeoServer security settings.


Security Settings page

Active role service

This option sets the active role service (provides information about roles). Role services are managed on the Users, Groups, Roles page. There can be only one active role service at one time.


The GeoServer user interface (UI) can sometimes expose parameters in plain text inside the URLs. As a result, it may be desirable to encrypt the URL parameters. To enable encryption, select Encrypt web admin URL parameters. This will configure GeoServer to uses a PBE-based Password encryption.

For example, with this feature enabled, the page:


would now be found at the following URL:


Password encryption

This setting allows you to select the type of Password encryption used for passwords. The options are Plain text, Weak PBE, or Strong PBE.

If Strong PBE is not available as part of the JVM, a warning will display and the option will be disabled. To enable Strong PBE, you must install external policy JARs that support this form of encryption. See the section on Password encryption for more details about these settings.


Warning if Strong PBE is not available