- OAuth2 and OpenID Connect authentication and authorization
- LDAP authentication and authorization
- HTTP/2
- Websockets
LDAP Authentication is enabled and set up through the following
configuration properties in application.yml:
georchestra.security.ldap:
enabled: true
url: ${ldapScheme}://${ldapHost}:${ldapPort}
baseDn: ${ldapBaseDn:dc=georchestra,dc=org}
usersRdn: ${ldapUsersRdn:ou=users}
userSearchFilter: ${ldapUserSearchFilter:(uid={0})}
rolesRdn: ${ldapRolesRdn:ou=roles}
rolesSearchFilter: ${ldapRolesSearchFilter:(member={0})}If georchestra.security.ldap.enabled is false,the log-in page won't show the username/password form inputs.
Routes and other relevant configuration properties are loaded from geOrchestra "data directory"'s
default.properties and gateway/gateway.yaml.
The location of the data directory is picked up from the georchestra.datadir environment property,
and the additional property sources by means of spring-boot's
spring.config.import environment property, like in:
spring.config.import: ${georchestra.datadir}/default.properties,${georchestra.datadir}/gateway/gateway.yaml.
make
Builds georchestra submodule dependencies, the gateway, runs tests, and builds the docker image.
make deps
make install
make test
make docker
Or manually:
./mvnw -f gateway [-DimageTag=<tag>] spring-boot:build-image
The docker image is created by the spring-boot-maven-plugin under the
docker maven profile, which is active by default.
spring-boot-maven-plugin builds an OCI compliant image based on Packeto buildpacks.
Security proxy feature set upgrade matrix
| security-proxy | Gateway | Notes |
|---|---|---|
| Per service URI simple routing |
|
as traditionally defined in targets-mapping.properties |
Global and per-service sec-* headers |
|
as traditionally defined in headers-mapping.properties |
Filter incoming sec-* headers |
|
prevents impersonation from outside world |
ogc-server-statistics integration |
||