- OAuth2 and OpenID Connect authentication and authorization
- LDAP authentication and authorization
- HTTP/2
- Websockets
LDAP Authentication is enabled and set up through the following
configuration properties in application.yml
:
georchestra.security.ldap:
enabled: true
url: ${ldapScheme}://${ldapHost}:${ldapPort}
baseDn: ${ldapBaseDn:dc=georchestra,dc=org}
usersRdn: ${ldapUsersRdn:ou=users}
userSearchFilter: ${ldapUserSearchFilter:(uid={0})}
rolesRdn: ${ldapRolesRdn:ou=roles}
rolesSearchFilter: ${ldapRolesSearchFilter:(member={0})}
If georchestra.security.ldap.enabled
is false
,the log-in page won't show the username/password form inputs.
Routes and other relevant configuration properties are loaded from geOrchestra "data directory"'s
default.properties
and gateway/gateway.yaml
.
The location of the data directory is picked up from the georchestra.datadir
environment property,
and the additional property sources by means of spring-boot's
spring.config.import
environment property, like in:
spring.config.import: ${georchestra.datadir}/default.properties,${georchestra.datadir}/gateway/gateway.yaml
.
make
Builds geOrchestra submodule dependencies, the gateway, runs tests, and builds the docker image.
make deps
make install
make test
make docker
Or manually:
./mvnw -f gateway [-DimageTag=<tag>] spring-boot:build-image
The docker image is created by the spring-boot-maven-plugin
under the
docker
maven profile, which is active by default.
spring-boot-maven-plugin
builds an OCI compliant image based on Packeto buildpacks.
Security proxy feature set upgrade matrix
security-proxy | Gateway | Notes |
---|---|---|
Per service URI simple routing |
|
as traditionally defined in targets-mapping.properties |
Global and per-service sec-* headers |
|
as traditionally defined in headers-mapping.properties |
Filter incoming sec-* headers |
|
prevents impersonation from outside world |
ogc-server-statistics integration |
||