Difference between revisions of "GeoNetwork Configuration"

From Gcube Wiki
Jump to: navigation, search
(Fields)
 
(9 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
<!-- CATEGORIES -->
 
<!-- CATEGORIES -->
[[Category: Administrator's Guide]]
+
[[Category: Administrator's Guide]][[Category: gCube Spatial Data Infrastructure]]
 +
 
 
<!-- CATEGORIES -->
 
<!-- CATEGORIES -->
  
Line 8: Line 9:
  
 
=Installation=
 
=Installation=
GeoNetwork version adopted by the gCube infrastructure is 2.8.0 , available [http://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v2.8.0/ here].
+
GeoNetwork version adopted by the gCube infrastructure is 2.6.4 , available [https://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v2.6.4/geonetwork.war/download here].
  
 
Prerequisites are :  
 
Prerequisites are :  
*java7 jre sun
+
*java 5+
*apache tomcat 7
+
*apache tomcat 5+
*postgres 9
+
*postgres 7+
*postgis2
+
  
In order to configure GeoNetwork to use postgis jdbc connection to the local database, please refer to [http://geonetwork-opensource.org/manuals/2.8.0/eng/users/index.html official documentation].
 
  
Please, note that the jdbc url to the database must have the form ''jdbc:postgis://<HOST>:<PORT>/<DATABASE_NAME>'', other wise the spatial metadata catalog is created as a shapefile, which may cause a loss of performance.
 
  
=Security=
+
==SmartGears Installation==
 +
In order to enable SmartGears to correctly handle the web application, the following values must be declared in its '''gcube-app.xml''' file :
 +
* Name : '''GeoNetwork'''
 +
* Group : '''SDI'''
 +
* Description : '''OGC CSW 2.0 compliant catalogue'''
 +
 
 +
The following SmartGears handlers should be excluded :
 +
*'''request-validation'''
 +
 
 +
==Database configuration==
 +
In order to configure GeoNetwork to use postgis jdbc connection to the local database, the file config.xml under $TOMCAT_HOME/webapps/geonetwork/WEB-INF must be properly edited. A development config.xml file copy is provided in shared workspace folder https://goo.gl/dros0u.
 +
Just change the postgres connection parameters of the provided file once copied to the webapp.
 +
Please, note that the jdbc url to the database must have the form ''jdbc:postgis://<HOST>:<PORT>/<DATABASE_NAME>'', otherwise the spatial metadata catalog is created as a shapefile, which may cause a loss of performance (please refer to [http://geonetwork.d4science.org/geonetwork/docs/eng/users/ official documentation] for further information).
 +
 
 +
===GeoNetwork Connector installation===
 +
 
 +
'''GeoNetwork Connector''' is a jar library that should be included among the jars of a Geonetworkinstance deployed on SmartGear. The jar includes a ''Tomcat Filter'' and a ''SmartGear Request Handler''.
 +
 
 +
The detailed steps to install and configure the library on an existing Geonetwork instance are listed below:
 +
 
 +
1. Download latest version of the jar from [http://maven.research-infrastructures.eu/nexus/index.html#nexus-search;quick~geonetwork-connector Nexus repository]
 +
 
 +
2. Move the jar file to lib folder (''geonetwork/WEB-INF/lib'') of the Geonetwork Service deployed on SmartGear
 +
 
 +
3. Configure ''GeoNetworkFilter'' filter class in the ''web.xml'' of GeoNetwork Service just '''before filterChainProxy filter''' as follow:
 +
   
 +
    '''<filter>'''
 +
      '''<filter-name>gcubeAuthenticationFilter</filter-name>'''
 +
      '''<filter-class>org.gcube.data.access.connector.GeoNetworkFilter</filter-class>'''
 +
    '''</filter>'''
 +
    <filter>
 +
    <filter-name>filterChainProxy</filter-name>
 +
    ....
 +
 
 +
4. Reference the filter mapping to all the URLs of the Service:
 +
 
 +
    <filter-mapping>
 +
      <filter-name>gcubeAuthenticationFilter</filter-name>
 +
      <url-pattern>/*</url-pattern>
 +
    </filter-mapping>
 +
 +
5. Edit ''gcube-handlers.xml'' (under WEB-INF)  adding '''authentication-filter''' Request Handler under '''request''' element:
 +
 
 +
    <handlers>
 +
        <lifecycle>
 +
            <profile-management />
 +
        </lifecycle>
 +
        <request>
 +
            <request-validation />
 +
            <request-accounting />
 +
            '''<authentication-filter />'''
 +
        </request>
 +
    </handlers>
 +
 +
6. restart the service
 +
 
 +
=Security in gcube 3.X=
  
 
To reproduce visibility and security means of the gCube infrastructure, the security module of GeoNetwork need to be configured accordingly to the scope(s) in which it is registered in.  
 
To reproduce visibility and security means of the gCube infrastructure, the security module of GeoNetwork need to be configured accordingly to the scope(s) in which it is registered in.  
Line 37: Line 91:
  
 
*<SCOPE>_Public : used to publish / read metadata with a scope level visibility. Role of this user must be set as ''Editor'' for the groups in which it must have read access (The <SCOPE> group itself and every sub scope in case of VO or INFRASTRUCTURE);
 
*<SCOPE>_Public : used to publish / read metadata with a scope level visibility. Role of this user must be set as ''Editor'' for the groups in which it must have read access (The <SCOPE> group itself and every sub scope in case of VO or INFRASTRUCTURE);
<SCOPE>_Private : used to publish / read metadata with a private visibility. Role of this user must be set as as ''Editor'' for its <SCOPE> group.
+
*<SCOPE>_Private : used to publish / read metadata with a private visibility. Role of this user must be set as as ''Editor'' for its <SCOPE> group.
  
 
For more clarity, let's say our GeoNetwork service is registered in ''d4science.research-infrastructures.eu/gCubeApps'' and in ''d4science.research-infrastructures.eu/gCubeApps/EcoligicalModelling'' scopes.
 
For more clarity, let's say our GeoNetwork service is registered in ''d4science.research-infrastructures.eu/gCubeApps'' and in ''d4science.research-infrastructures.eu/gCubeApps/EcoligicalModelling'' scopes.
Line 48: Line 102:
 
* EcologicalModelling_Private : ''Editor'' role in the group ''EcologicalModelling''
 
* EcologicalModelling_Private : ''Editor'' role in the group ''EcologicalModelling''
 
* EcologicalModelling_Public : ''Editor'' role in the group ''EcologicalModelling''
 
* EcologicalModelling_Public : ''Editor'' role in the group ''EcologicalModelling''
 +
 +
 +
=Security in gcube 4.X=
 +
 +
==Access rights table==
 +
The following schema report the publish/visibility policies to be followed from '''gcube 4.0.0'''.
 +
 +
[[Image:Geonetwork_user_management_Sheets.png]]
 +
 +
==Scope Configuration==
 +
Please note that the library '''org.gcube.spatial.data.geonetwork''' automatically creates a scope configuration if none is already setup, both updating Information system and GeoNetwork master instance. For completeness we report here groups and users involved in each scope configuration :
 +
 +
*Private_Group : Group with visibility only from the current scope or enclosed ones (ie : VRE_SCOPE_USER can access it's VO_PRIVATE_GROUP);
 +
*Public_Group : Group with visibility only from the current scope and enclosing ones (ie : VO_SCOPE_USER can access it's VRE_PUBLIC_GROUP);
 +
*Scope_User : ''Editor'' user in GeoNetwork, with rights in current scope groups and enclosing ones;
 +
*CKAN_User : ''Registered'' user in GeoNetwork, with rights in current scope groups.
 +
 +
 +
  
 
=GeoNetwork categories=
 
=GeoNetwork categories=
Line 60: Line 133:
 
=Runtime Resource=
 
=Runtime Resource=
 
The ''Geo Network Runtime Resource'' gives information about Geo Network instance deployed: where the Geo Network is deployed and what are the credentials to contact it.
 
The ''Geo Network Runtime Resource'' gives information about Geo Network instance deployed: where the Geo Network is deployed and what are the credentials to contact it.
 +
 +
 +
  
 
==== Description====
 
==== Description====
Line 77: Line 153:
 
* Platform/Name = ''geonetwork''
 
* Platform/Name = ''geonetwork''
  
Other than required Runtime Resource fields almost one access point is needed with the following constraints :  
+
Other than required Runtime Resource fields one access point is needed with the following constraints :  
  
 
* Endpoint EntryName = ''geonetwork''
 
* Endpoint EntryName = ''geonetwork''
* boolean property ''master''
+
* integer property ''priority''
 +
* String property ''suffixes''
 
* For each gCube scope (indicated as <SCOPE_NAME>) in which the Runtime Resource is registered, the access point should declare the following properties
 
* For each gCube scope (indicated as <SCOPE_NAME>) in which the Runtime Resource is registered, the access point should declare the following properties
 
** encrypted string property <SCOPE_NAME>_Public containing the password of the public user for the given scope
 
** encrypted string property <SCOPE_NAME>_Public containing the password of the public user for the given scope

Latest revision as of 11:30, 4 January 2022


GeoNetwork is a catalog application to manage spatially referenced resources, thus is a strategic technology for all geospatial application. Purpose of this page is to explain how to configure a GeoNetwork service instance in order to fulfill the needs of gCube environment. Please refer to its official website for further configuration details and more comprehensive documentation.

Installation

GeoNetwork version adopted by the gCube infrastructure is 2.6.4 , available here.

Prerequisites are :

  • java 5+
  • apache tomcat 5+
  • postgres 7+


SmartGears Installation

In order to enable SmartGears to correctly handle the web application, the following values must be declared in its gcube-app.xml file :

  • Name : GeoNetwork
  • Group : SDI
  • Description : OGC CSW 2.0 compliant catalogue

The following SmartGears handlers should be excluded :

  • request-validation

Database configuration

In order to configure GeoNetwork to use postgis jdbc connection to the local database, the file config.xml under $TOMCAT_HOME/webapps/geonetwork/WEB-INF must be properly edited. A development config.xml file copy is provided in shared workspace folder https://goo.gl/dros0u. Just change the postgres connection parameters of the provided file once copied to the webapp. Please, note that the jdbc url to the database must have the form jdbc:postgis://<HOST>:<PORT>/<DATABASE_NAME>, otherwise the spatial metadata catalog is created as a shapefile, which may cause a loss of performance (please refer to official documentation for further information).

GeoNetwork Connector installation

GeoNetwork Connector is a jar library that should be included among the jars of a Geonetworkinstance deployed on SmartGear. The jar includes a Tomcat Filter and a SmartGear Request Handler.

The detailed steps to install and configure the library on an existing Geonetwork instance are listed below:

1. Download latest version of the jar from Nexus repository

2. Move the jar file to lib folder (geonetwork/WEB-INF/lib) of the Geonetwork Service deployed on SmartGear

3. Configure GeoNetworkFilter filter class in the web.xml of GeoNetwork Service just before filterChainProxy filter as follow:

   <filter>
      <filter-name>gcubeAuthenticationFilter</filter-name>
      <filter-class>org.gcube.data.access.connector.GeoNetworkFilter</filter-class>
   </filter> 
   <filter>
   <filter-name>filterChainProxy</filter-name>
   ....

4. Reference the filter mapping to all the URLs of the Service:

   <filter-mapping>
      <filter-name>gcubeAuthenticationFilter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>

5. Edit gcube-handlers.xml (under WEB-INF) adding authentication-filter Request Handler under request element:

   <handlers>	
       <lifecycle>
           <profile-management />
       </lifecycle>
       <request>
           <request-validation />
           <request-accounting /> 
           <authentication-filter /> 
       </request>
   </handlers>

6. restart the service

Security in gcube 3.X

To reproduce visibility and security means of the gCube infrastructure, the security module of GeoNetwork need to be configured accordingly to the scope(s) in which it is registered in. Please note that the following conventions needs to be maintained according to the infrastructure state.


Groups

For each scope in which the GeoNetwork instance is registered in, the administrator must create a group with the same name of the scope.

I.e. Let's assume our instance to be registered both in d4science.research-infrastructures.eu and in d4science.research-infrastructures.eu/gCubeApps. The GeoNetwork must be configured with at least the 2 groups d4science.research-infrastructures.eu and gCubeApps.

Users

Other then at least one administrator user, 2 users must be set for each and every scope in which the GeoNetwork is registered. The convention for these users name is :

  • <SCOPE>_Public : used to publish / read metadata with a scope level visibility. Role of this user must be set as Editor for the groups in which it must have read access (The <SCOPE> group itself and every sub scope in case of VO or INFRASTRUCTURE);
  • <SCOPE>_Private : used to publish / read metadata with a private visibility. Role of this user must be set as as Editor for its <SCOPE> group.

For more clarity, let's say our GeoNetwork service is registered in d4science.research-infrastructures.eu/gCubeApps and in d4science.research-infrastructures.eu/gCubeApps/EcoligicalModelling scopes. As stated above in the group section, our service is supposed to be configured with at least the groups gCubeApps and EcologicalModelling. With these assumptions, these are the expected users :

  • Administrator : user with administrator role
  • gCubeApps_Private : Editor role in the group gCubeApps
  • gCubeApps_Public : Editor role in the groups gCubeApps and EcologicalModelling
  • EcologicalModelling_Private : Editor role in the group EcologicalModelling
  • EcologicalModelling_Public : Editor role in the group EcologicalModelling


Security in gcube 4.X

Access rights table

The following schema report the publish/visibility policies to be followed from gcube 4.0.0.

Geonetwork user management Sheets.png

Scope Configuration

Please note that the library org.gcube.spatial.data.geonetwork automatically creates a scope configuration if none is already setup, both updating Information system and GeoNetwork master instance. For completeness we report here groups and users involved in each scope configuration :

  • Private_Group : Group with visibility only from the current scope or enclosed ones (ie : VRE_SCOPE_USER can access it's VO_PRIVATE_GROUP);
  • Public_Group : Group with visibility only from the current scope and enclosing ones (ie : VO_SCOPE_USER can access it's VRE_PUBLIC_GROUP);
  • Scope_User : Editor user in GeoNetwork, with rights in current scope groups and enclosing ones;
  • CKAN_User : Registered user in GeoNetwork, with rights in current scope groups.



GeoNetwork categories

External resources

External OGC catalogs are managed via the harvesting facility offered by GeoNetwork. Please read the related documentation on the provider's official page.

GUI Customization

Replica management

To improve robustness, reliability and performance of the SDI, one or more replica of a GeoNetwork service can be registered in a given scope. These instances must be registered with the boolean flag master as false. See [Runtime Resource] below for more details.

Runtime Resource

The Geo Network Runtime Resource gives information about Geo Network instance deployed: where the Geo Network is deployed and what are the credentials to contact it.



Description

There will be one Runtime Resource for each Geo Network instance.

The resource can be registered:

  • at VO level, if the Geo Network instance is shared between VREs.
  • at VRE level, if the Geo Network instance is VRE dedicated.

The Geo Network runtime resource is mandatory if in the VO/VRE are installed application using the GCube Gis Viewer widget.

Fields

The following Runtime Resource standard fields value are mandatory in order to discover it in the infrastructure :

  • Category = Gis
  • Platform/Name = geonetwork

Other than required Runtime Resource fields one access point is needed with the following constraints :

  • Endpoint EntryName = geonetwork
  • integer property priority
  • String property suffixes
  • For each gCube scope (indicated as <SCOPE_NAME>) in which the Runtime Resource is registered, the access point should declare the following properties
    • encrypted string property <SCOPE_NAME>_Public containing the password of the public user for the given scope
    • encrypted string property <SCOPE_NAME>_Private containing the password of the private user for the given scope
    • integer property <SCOPE_NAME>_group containing the id of the publishing group for the given scope

Example

<Resource version="0.4.x">
 
   <ID>b7fce5e0-b0e5-11e2-9d26-c9dc2c525e1c</ID>
 
   <Type>RuntimeResource</Type>
 
   <Scopes>
 
      <Scope>/gcube/devNext</Scope>
 
   </Scopes>
 
   <Profile>
 
      <Category>Gis</Category>
 
      <Name>GeoNetwork</Name>
 
      <Description />
 
      <Platform>
 
         <Name>geonetwork</Name>
 
         <Version>2</Version>
 
         <MinorVersion>2</MinorVersion>
 
         <RevisionVersion>2</RevisionVersion>
 
         <BuildVersion>2</BuildVersion>
 
      </Platform>
 
      <RunTime>
 
         <HostedOn>geoserver-dev2.d4science-ii.research-infrastructures.eu</HostedOn>
 
         <GHN UniqueID="" />
 
         <Status>READY</Status>
 
      </RunTime>
 
      <AccessPoint>
 
         <Description>Main access point</Description>
 
         <Interface>
 
            <Endpoint EntryName="geonetwork">http://geoserver-dev2.d4science-ii.research-infrastructures.eu/geonetwork</Endpoint>
 
         </Interface>
 
         <AccessData>
 
            <Username>admin</Username>
 
            <Password>wW9T5/k5VaLdTdc3WlPbWw==</Password>
 
         </AccessData>
 
         <Properties>
 
            <Property>
 
               <Name>devNext_group</Name>
 
               <Value encrypted="false">7</Value>
 
            </Property>
 
            <Property>
 
               <Name>devNext_Private</Name>
 
               <Value encrypted="true">Jm3d1N30c2gCjjo828IdOw==</Value>
 
            </Property>
            <Property>
 
               <Name>devNext_Public</Name>
 
               <Value encrypted="true">5I/EJznPaq3flojA4HTz5Q==</Value>
 
            </Property>
 
            <Property>
 
               <Name>master</Name>
 
               <Value encrypted="false">true</Value>
 
            </Property>
 
         </Properties>
 
      </AccessPoint>
 
   </Profile>
 
</Resource>