GeoServer provides a RESTful interface through which clients can retrieve information about an instance and make configuration changes. Using the REST interface’s simple HTTP calls, clients can configure GeoServer without needing to use the Web administration interface.
REST is an acronym for “REpresentational State Transfer”. REST adopts a fixed set of operations on named resources, where the representation of each resource is the same for retrieving and setting information. In other words, you can retrieve (read) data in an XML format and also send data back to the server in similar XML format in order to set (write) changes to the system.
Operations on resources are implemented with the standard primitives of HTTP: GET to read; and PUT, POST, and DELETE to write changes. Each resource is represented as a URL, such as http://GEOSERVER_HOME/rest/workspaces/topp.
Steps to configure authentication
We want to developing based on GeoServer restful api, the first thing would be configuring GeoServer to accept authentication information passed by HTTP header attribute(s).
Rest properties file
The REST process has its own security configuration that needs to be setup in addition to the web interface user. These are different configurations and are setup in different spots. The REST configuration does use that same users you have configured in the web interface it just doesn’t use the access rules that you would have set up.
To know about the permissions you need to view a file in the directory [Geoserver_data}/security called rest.properties.
From the properties file content, we can see all the rest api will need admin user authentication.
Users, groups and roles
From the GeoServer web ui, we can define users, groups and roles.
If we try to test any GeoServer rest api without any configuration, we will meet a 401 error because of no authentication.
Click the Authentication link located under the Security section of the navigation sidebar. Scroll down to the Authentication Filters panel and click the Add new link.
Add authentication filter
Click the HTTP Header link and set “Name” to anything you’d like, Set Request header attribute to to a random token other than “user” or “admin”. It’s a obscure header attribute name which is a shared secret between the proxy and GeoServer. Set Role source to “User group service” and name of the user group service to “default”.
Authentication filter chains
Go back to the Authentication link and scroll down to the Filter Chains panel. Notice the rest filter chain here and click into it.
Configure rest filter chain
Scroll down to the Chain filters panel. Drag the newly added authentication filter to the selected part and position it before all other filters.
Rest test successful
Try the rest api again with specified header which is the Request header attribute we just set and with the value of “admin”.
The full restful api list can be found here