Access Control
/security/acl/catalog.<format>
Fetches the catalog mode and allows to change the catalog mode. The mode must be one of
- HIDE
- MIXED
- CHALLENGE
| Method | Action | Status code | Formats | Default Format |
|---|---|---|---|---|
| GET | Fetch the catalog mode | 200,403 | XML, JSON | |
| PUT | Set the catalog mode | 200,403,404,422 | XML, JSON |
Formats:
XML
JSON
Exceptions
| Exception | Status code |
|---|---|
| No administrative privileges | 403 |
| Malformed request | 404 |
| Invalid catalog mode | 422 |
/security/acl/layers.<format>
/security/acl/services.<format>
/security/acl/rest.<format>
API for administering access control for
- Layers
- Services
- The REST API
| Method | Action | Status code | Formats | Default Format |
|---|---|---|---|---|
| GET | Fetch all rules | 200,403 | XML, JSON | |
| POST | Add a set of rules | 200,403,409 | XML, JSON | |
| PUT | Modify a set of rules | 200,403,409 | XML, JSON | |
| DELETE | Delete a specific rule | 200,404,409 | XML, JSON |
Format for DELETE:
The specified rule has to be the last part in the URI:
/security/acl/layers/*.*.r
Note
Slashes ("/") in a rule name must be encoded with %2F. The REST rule /;GET must be encoded to /security/acl/rest/%2F;GET
Formats for GET,POST and PUT:
XML
<?xml version="1.0" encoding="UTF-8"?>
<rules>
<rule resource="*.*.r">*</rule>
<rule resource="myworkspace.*.w">ROLE_1,ROLE_2</rule>
</rules>
JSON :
{
"*.*.r": "*",
"myworkspace".*.w": "ROLE_1,ROLE_2"
}
The resource attribute specifies a rule. There are three different formats.
- For layers:
. . . The asterisk is a wild card for and . is one of r (read), w (write) or a (administer). - For services:
. . The asterisk is a wild card wild card for and . Examples:
- wfs.GetFeature
- wfs.GetTransaction
- wfs.*
- For REST:
; . Examples:
- /**;GET
- /**;POST,DELETE,PUT
The content of a rule element is a comma separated list of roles or the asterisk.
Exceptions
| Exception | Status code |
|---|---|
| No administrative privileges | 403 |
| POST, adding an already existing rule | 409 |
| PUT, modifying a non existing rule | 409 |
| DELETE, Deleting a non existing rule | 409 |
| Invalid rule specification | 422 |
Note
When adding a set of rules and only one role does already exist, the whole request is aborted. When modifying a set of rules and only one role does not exist, the whole request is aborted too.