Security
The REST API allows you to adjust GeoServer security settings.
Note
Read the API reference for /security.
Listing the keystore password
Retrieve the keystore password used to encode secrets in geoserver.jceks,
and optional login as root user (this is the source xml name masterPassword shown below).
Request
curl
curl -v -u admin:geoserver -XGET http://localhost:8080/geoserver/rest/security/masterpw.xml
Response
<?xml version="1.0" encoding="UTF-8"?><masterPassword>
<oldMasterPassword>geoserver</oldMasterPassword>
</masterPassword>
Changing the keystore password
Change to a new keystore password
Note
Requires knowledge of the current keystore password.
Given a changes.xml file:
<masterPassword>
<oldMasterPassword>-"}3a^Kh</oldMasterPassword>
<newMasterPassword>geoserver1</newMasterPassword>
</masterPassword>
Request
curl
curl -v -u admin:geoserver -XPUT -H "Content-type: text/xml" -d @change.xml http://localhost:8080/geoserver/rest/security/masterpw.xml
Response
200 OK
Listing the catalog mode
Fetch the current catalog mode
Request
curl
curl -v -u admin:geoserver -XGET http://localhost:8080/geoserver/rest/security/acl/catalog.xml
Response
<?xml version="1.0" encoding="UTF-8"?>
<catalog>
<mode>HIDE</mode>
</catalog>
Changing the catalog mode
Set a new catalog mode
Given a newMode.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<catalog>
<mode>MIXED</mode>
</catalog>
Request
curl
curl -v -u admin:geoserver -XPUT -H "Content-type: text/xml" -d @newMode.xml http://localhost:8080/geoserver/rest/security/acl/catalog.xml
Listing access control rules
Retrieve current list of access control rules
Request
curl
curl -v -u admin:geoserver -XGET http://localhost:8080/geoserver/rest/security/acl/layers.xml
Response
<?xml version="1.0" encoding="UTF-8"?>
<rules />
Note
The above response shows no rules specified.
Changing access control rules
Set a new list of access control rules
Given a rules.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<rules>
<rule resource="topp.*.r">ROLE_AUTHORIZED</rule>
<rule resource="topp.mylayer.w">ROLE_1,ROLE_2</rule>
</rules>
Request
curl
curl -v -u admin:geoserver -XPOST -H "Content-type: text/xml" -d @rules.xml http://localhost:8080/geoserver/rest/security/acl/layers.xml
Response
201 Created
Deleting access control rules
Delete individual access control rule
Request
curl
curl -v -u admin:geoserver -XDELETE http://localhost:8080/geoserver/rest/security/acl/layers/topp.*.r
Response
200 OK