123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699 |
- ---
- swagger: '2.0'
- info:
- version: 1.0.0
- title: GeoServer Security
- description: The Security area shows access rules and other configuration for the security subsystem
- contact:
- name: GeoServer
- email: 'geoserver-users@osgeo.org'
- url: 'https://geoserver.org/comm/'
- host: localhost:8080
- basePath: /geoserver/rest
- paths:
- /rest/security/masterpw:
- get:
- operationId: getMasterPW
- tags:
- - "Security"
- summary: Get keystore password
- description: |
- Displays the keystore password. HTTPS is strongly suggested, otherwise password will be sent in plain text. Use the "Accept:" header to specify format or append an extension to the endpoint (example "/settings.xml" for XML).
- produces:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- schema:
- $ref: "#/definitions/MasterPW"
- examples:
- application/xml: |
- <?xml version="1.0" encoding="UTF-8"?>
- <masterPassword>
- <oldMasterPassword>geoserver</oldMasterPassword>
- </masterPassword>
-
- application/json: |
- {"oldMasterPassword":"GeoServer"}
-
- post:
- operationId: postMasterPW
- tags:
- - "Security"
- description: Invalid. Use PUT to change keystore password.
- responses:
- 405:
- description: Method Not Allowed
- put:
- operationId: putMasterPW
- tags:
- - "Security"
- summary: Update keystore password
- description: Changes keystore password. Must supply current keystore password. HTTPS is strongly suggested, otherwise password will be sent in plain text.
- parameters:
- - name: MasterPWBody
- description: The old and new keystore password information to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/UpdateMasterPW"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 422:
- description: Unprocessable Entity. This error code will show when the current keystore password supplied is incorrect, or if the new keystore password is rejected by the password policy.
- delete:
- operationId: deleteMasterPW
- tags:
- - "Security"
- description: Invalid. Use PUT to change keystore password.
- responses:
- 405:
- description: Method Not Allowed
- /rest/security/self/password:
- get:
- operationId: getSelfPassword
- tags:
- - "Security"
- description: Invalid. Use PUT to change password.
- responses:
- 405:
- description: Method Not Allowed
- post:
- operationId: postSelfPassword
- tags:
- - "Security"
- description: Invalid. Use PUT to change password
- responses:
- 405:
- description: Method Not Allowed
- put:
- operationId: putSelfPassword
- tags:
- - "Security"
- summary: Update password
- description: Updates the password for the account used to issue the request.
- parameters:
- - name: SelfPasswordBody
- description: The catalog mode information to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/SelfPassword"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 422:
- description: Bad password
- delete:
- operationId: deleteSelfPassword
- tags:
- - "Security"
- description: Invalid. Use PUT to change password.
- responses:
- 405:
- description: Method Not Allowed
- /rest/security/acl/catalog:
- get:
- operationId: getCatalogMode
- tags:
- - "Security"
- description: Gets the catalog mode, which specifies how GeoServer will advertise secured layers and behave when a secured layer is accessed without the necessary privileges.
- produces:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- schema:
- $ref: "#/definitions/CatalogMode"
- examples:
- application/xml: |
- <?xml version="1.0" encoding="UTF-8"?>
- <catalog>
- <mode>HIDE</mode>
- </catalog>
-
- application/json: |
- {"mode":"HIDE"}
-
- post:
- operationId: postCatalogMode
- tags:
- - "Security"
- description: Invalid. Use PUT to change catalog mode.
- responses:
- 405:
- description: Method Not Allowed
- put:
- tags:
- - "Security"
- summary: Update catalog mode
- description: Changes catalog mode. The mode must be one of HIDE, MIXED, or CHALLENGE.
- parameters:
- - name: CatalogModeBody
- description: The catalog mode information to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/CatalogMode"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 422:
- description: Unprocessable Entity. This error code will show when an invalid catalog mode is specified.
- delete:
- operationId: deleteCatalogMode
- tags:
- - "Security"
- description: Invalid. Use PUT to change catalog mode.
- responses:
- 405:
- description: Method Not Allowed
- /rest/security/acl/layers:
- get:
- operationId: getACLLayers
- tags:
- - "Security"
- summary: Get layer rules
- description: Displays the current layer-based security rules.
- produces:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- schema:
- $ref: "#/definitions/ACLLayers"
- examples:
- application/xml: |
- <?xml version="1.0" encoding="UTF-8"?>
- <rules>
- <rule resource="*.*.w">GROUP_ADMIN,ADMIN</rule>
- <rule resource="*.*.r">*</rule>
- </rules>
-
- application/json: |
- {"*.*.w":"GROUP_ADMIN,ADMIN","*.*.r":"*"}
-
- post:
- operationId: postACLLayers
- tags:
- - "Security"
- summary: Add layer rule(s)
- description: |
- Adds one or more new layer-based rules to the list of security rules.
- parameters:
- - name: ACLLayersBody
- description: The new rules to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/ACLLayers"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 409:
- description: |
- Conflict. Adding an already-added rule. Use PUT to edit the rule in this case. All rule additions are aborted.
- put:
- operationId: putACLLayers
- tags:
- - "Security"
- summary: Edit layer rule(s)
- description: Edits one or more layer-based rules in the list of security rules.
- parameters:
- - name: ACLLayersBody
- description: The altered rules to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/ACLLayers"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 409:
- description: Conflict. Attempting to modify a non-existent rule. Use POST to create the rule in this case. All rule modifications are aborted.
- delete:
- operationId: deleteACLLayers
- tags:
- - "Security"
- summary: Delete layer rule(s)
- description: |
- Deletes one or more layer-based rules in the list of security rules.
- responses:
- 200:
- description: OK
- 404:
- description: Not found. Attempting to delete a non-existent rule.
- /rest/security/acl/layers/{rule}:
- parameters:
- - $ref: "#/parameters/Rule"
- get:
- operationId: getACLLayer
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 405:
- description: Method not allowed
- post:
- operationId: postACLLayer
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 405:
- description: Method not allowed.
- put:
- operationId: putACLLayer
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 405:
- description: Method not allowed.
- delete:
- operationId: deleteACLLayer
- tags:
- - "Security"
- summary: Delete layer rule.
- description: |
- Deletes specific layer-based rule(s). The {rule} must specified in the last part of the URL and of the form \<workspace\>.\<layer\>.[r|w|a]
- responses:
- 200:
- description: OK
- /rest/security/acl/services:
- get:
- operationId: getACLServices
- tags:
- - "Security"
- summary: Get service rules
- description: Displays the current service-based security rules.
- produces:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- schema:
- $ref: "#/definitions/ACLServices"
- examples:
- application/xml: |
- <?xml version="1.0" encoding="UTF-8"?>
- <rules>
- <rule resource="*.*">*</rule>
- </rules>
-
- application/json: |
- {"*.*":"*"}
-
- post:
- operationId: postACLServices
- tags:
- - "Security"
- summary: Add service rule(s)
- description: Adds one or more new service-based rules to the list of security rules.
- parameters:
- - name: ACLServicesBody
- description: The new rules to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/ACLServices"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 409:
- description: Conflict. Adding an already-added rule. Use PUT to edit the rule in this case. All rule additions are aborted.
- put:
- operationId: putACLServices
- tags:
- - "Security"
- summary: Edit service rule(s)
- description: Edits one or more service-based rules in the list of security rules.
- parameters:
- - name: ACLServicesBody
- description: The altered rules to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/ACLServices"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 409:
- description: Conflict. Attempting to modify a non-existent rule. Use POST to create the rule in this case. All rule modifications are aborted.
- delete:
- operationId: deleteACLServices
- tags:
- - "Security"
- summary: Delete service rule(s)
- description: Deletes one or more service-based rules in the list of security rules.
- responses:
- 200:
- description: OK
- 404:
- description: Not found. Attempting to delete a non-existent rule.
- /rest/security/acl/services/{rule}:
- parameters:
- - $ref: "#/parameters/Rule"
-
- get:
- operationId: getACLService
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 405:
- description: Method not allowed.
- post:
- operationId: postACLService
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 405:
- description: Method not allowed.
- put:
- operationId: putACLService
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 405:
- description: Method not allowed.
- delete:
- operationId: deleteACLService
- tags:
- - "Security"
- summary: Delete service rule.
- description: |
- Deletes specific service-based rule(s). The {rule} must be specified as the last part of the URL and must be of the form \<service\>.\<operation\>
- responses:
- 200:
- description: OK
- /rest/security/acl/rest:
- get:
- operationId: getACLRESTRules
- tags:
- - "Security"
- summary: Get REST rules
- description: Displays the current REST access rules.
- produces:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- schema:
- $ref: "#/definitions/ACLREST"
- examples:
- application/xml: |
- <rules>
- <rule resource="/**:GET">ADMIN</rule>
- <rule resource="/**:POST,DELETE,PUT">ADMIN</rule>
- </rules>
-
- application/json: |
- {"/**:GET":"ADMIN","/**:POST,DELETE,PUT":"ADMIN"}
- post:
- operationId: postACLRESTRules
- tags:
- - "Security"
- summary: Add REST access rule(s)
- description: Adds one or more new REST access rules.
- parameters:
- - name: ACLRESTBody
- description: The new rules to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/ACLREST"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 409:
- description: Conflict. Adding an already-added rule. Use PUT to edit the rule in this case. All rule additions are aborted.
- put:
- operationId: putACLRESTRules
- tags:
- - "Security"
- summary: Edit REST access rule(s)
- description: Edits one or more REST access rules.
- parameters:
- - name: ACLRESTBody
- description: The altered rules to upload.
- in: body
- required: true
- schema:
- $ref: "#/definitions/ACLREST"
- consumes:
- - application/xml
- - application/json
- responses:
- 200:
- description: OK
- 409:
- description: Conflict. Attempting to modify a non-existent rule. Use POST to create the rule in this case. All rule modifications are aborted.
- delete:
- operationId: deleteACLRESTRules
- tags:
- - "Security"
- summary: Delete REST access rule(s)
- description: Deletes one or more service-based rules.
- responses:
- 200:
- description: OK
- 404:
- description: Not found. Attempting to delete a non-existent rule.
- /rest/security/acl/rest/{rule}:
- parameters:
- - name: rule
- type: string
- in: path
- required: true
- description: |
- The REST rule, specified as \<URL Ant pattern\>;\<comma separated list of HTTP methods\>. Examples are
-
- - /**;GET
- - /**;POST,DELETE,PUT
- get:
- operationId: getACLRESTRule
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 200:
- description: OK
- post:
- operationId: postACLRESTRule
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 200:
- description: OK
- put:
- operationId: putACLRESTRule
- tags:
- - "Security"
- description: Has no effect. Endpoint that includes a specific rule is only used with DELETE.
- responses:
- 200:
- description: OK
- delete:
- operationId: deleteACLRESTRule
- tags:
- - "Security"
- summary: Delete REST access rule
- description: |
- Deletes specific REST access rule(s). The {rule} must specified as the last part of the URL and must be of the form \<URL Ant pattern\>:\<comma separated list of HTTP methods\>
- responses:
- 200:
- description: OK
- parameters:
- Rule:
- name: rule
- in: path
- required: true
- type: string
- description: |
- The specified rule, as the last part in the URI, e.g. /security/acl/layers/\*.\*.r
- definitions:
- MasterPW:
- title: masterPassword
- type: object
- properties:
- oldMasterPassword:
- type: string
- description: Current keystore password
- UpdateMasterPW:
- title: masterPassword
- type: object
- xml:
- name: masterPassword
- properties:
- oldMasterPassword:
- type: string
- description: Current keystore password
- example: oldPassword
- newMasterPassword:
- type: string
- description: New keystore password
- example: newPassword
- CatalogMode:
- title: catalog
- xml:
- name: catalog
- type: object
- properties:
- mode:
- type: string
- enum:
- - HIDE
- - MIXED
- - CHALLENGE
- SelfPassword:
- title: userPassword
- type: object
- xml:
- name: userPassword
- properties:
- newPassword:
- type: string
- description: New password
- example: newPassword
- ACLLayers:
- title: rules
- xml:
- name: rules
- type: object
- properties:
- rule:
- type: object
- properties:
- '@resource':
- type: string
- description: |
- Security pattern of the form <workspace>.<layer>.[r|w|a]
- text:
- type: string
- description: Comma-separated list of roles
- ACLServices:
- title: rules
- xml:
- name: rules
- type: object
- properties:
- rule:
- type: object
- properties:
- '@resource':
- type: string
- description: |
- Security pattern of the form \<service\>.\<operation\>
- text:
- type: string
- description: Comma-separated list of roles
- ACLREST:
- title: rules
- xml:
- name: rules
- type: object
- properties:
- rule:
- type: object
- properties:
- '@resource':
- type: string
- description: |
- Security pattern of the form \<URL Ant pattern\>:\<comma separated list of HTTP methods\>
- text:
- type: string
- description: Comma-separated list of roles
|