Difference between revisions of "GeoNetwork Configuration"
m (→Users) |
(→Fields) |
||
(8 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
<!-- CATEGORIES --> | <!-- CATEGORIES --> | ||
− | [[Category: Administrator's Guide]] | + | [[Category: Administrator's Guide]][[Category: gCube Spatial Data Infrastructure]] |
+ | |||
<!-- CATEGORIES --> | <!-- CATEGORIES --> | ||
Line 8: | Line 9: | ||
=Installation= | =Installation= | ||
− | GeoNetwork version adopted by the gCube infrastructure is 2. | + | GeoNetwork version adopted by the gCube infrastructure is 2.6.4 , available [https://sourceforge.net/projects/geonetwork/files/GeoNetwork_opensource/v2.6.4/geonetwork.war/download here]. |
Prerequisites are : | Prerequisites are : | ||
− | * | + | *java 5+ |
− | *apache tomcat | + | *apache tomcat 5+ |
− | *postgres | + | *postgres 7+ |
− | + | ||
− | |||
− | |||
− | =Security= | + | ==SmartGears Installation== |
+ | In order to enable SmartGears to correctly handle the web application, the following values must be declared in its '''gcube-app.xml''' file : | ||
+ | * Name : '''GeoNetwork''' | ||
+ | * Group : '''SDI''' | ||
+ | * Description : '''OGC CSW 2.0 compliant catalogue''' | ||
+ | |||
+ | The following SmartGears handlers should be excluded : | ||
+ | *'''request-validation''' | ||
+ | |||
+ | ==Database configuration== | ||
+ | In order to configure GeoNetwork to use postgis jdbc connection to the local database, the file config.xml under $TOMCAT_HOME/webapps/geonetwork/WEB-INF must be properly edited. A development config.xml file copy is provided in shared workspace folder https://goo.gl/dros0u. | ||
+ | Just change the postgres connection parameters of the provided file once copied to the webapp. | ||
+ | Please, note that the jdbc url to the database must have the form ''jdbc:postgis://<HOST>:<PORT>/<DATABASE_NAME>'', otherwise the spatial metadata catalog is created as a shapefile, which may cause a loss of performance (please refer to [http://geonetwork.d4science.org/geonetwork/docs/eng/users/ official documentation] for further information). | ||
+ | |||
+ | ===GeoNetwork Connector installation=== | ||
+ | |||
+ | '''GeoNetwork Connector''' is a jar library that should be included among the jars of a Geonetworkinstance deployed on SmartGear. The jar includes a ''Tomcat Filter'' and a ''SmartGear Request Handler''. | ||
+ | |||
+ | The detailed steps to install and configure the library on an existing Geonetwork instance are listed below: | ||
+ | |||
+ | 1. Download latest version of the jar from [http://maven.research-infrastructures.eu/nexus/index.html#nexus-search;quick~geonetwork-connector Nexus repository] | ||
+ | |||
+ | 2. Move the jar file to lib folder (''geonetwork/WEB-INF/lib'') of the Geonetwork Service deployed on SmartGear | ||
+ | |||
+ | 3. Configure ''GeoNetworkFilter'' filter class in the ''web.xml'' of GeoNetwork Service just '''before filterChainProxy filter''' as follow: | ||
+ | |||
+ | '''<filter>''' | ||
+ | '''<filter-name>gcubeAuthenticationFilter</filter-name>''' | ||
+ | '''<filter-class>org.gcube.data.access.connector.GeoNetworkFilter</filter-class>''' | ||
+ | '''</filter>''' | ||
+ | <filter> | ||
+ | <filter-name>filterChainProxy</filter-name> | ||
+ | .... | ||
+ | |||
+ | 4. Reference the filter mapping to all the URLs of the Service: | ||
+ | |||
+ | <filter-mapping> | ||
+ | <filter-name>gcubeAuthenticationFilter</filter-name> | ||
+ | <url-pattern>/*</url-pattern> | ||
+ | </filter-mapping> | ||
+ | |||
+ | 5. Edit ''gcube-handlers.xml'' (under WEB-INF) adding '''authentication-filter''' Request Handler under '''request''' element: | ||
+ | |||
+ | <handlers> | ||
+ | <lifecycle> | ||
+ | <profile-management /> | ||
+ | </lifecycle> | ||
+ | <request> | ||
+ | <request-validation /> | ||
+ | <request-accounting /> | ||
+ | '''<authentication-filter />''' | ||
+ | </request> | ||
+ | </handlers> | ||
+ | |||
+ | 6. restart the service | ||
+ | |||
+ | =Security in gcube 3.X= | ||
To reproduce visibility and security means of the gCube infrastructure, the security module of GeoNetwork need to be configured accordingly to the scope(s) in which it is registered in. | To reproduce visibility and security means of the gCube infrastructure, the security module of GeoNetwork need to be configured accordingly to the scope(s) in which it is registered in. | ||
Line 48: | Line 102: | ||
* EcologicalModelling_Private : ''Editor'' role in the group ''EcologicalModelling'' | * EcologicalModelling_Private : ''Editor'' role in the group ''EcologicalModelling'' | ||
* EcologicalModelling_Public : ''Editor'' role in the group ''EcologicalModelling'' | * EcologicalModelling_Public : ''Editor'' role in the group ''EcologicalModelling'' | ||
+ | |||
+ | |||
+ | =Security in gcube 4.X= | ||
+ | |||
+ | ==Access rights table== | ||
+ | The following schema report the publish/visibility policies to be followed from '''gcube 4.0.0'''. | ||
+ | |||
+ | [[Image:Geonetwork_user_management_Sheets.png]] | ||
+ | |||
+ | ==Scope Configuration== | ||
+ | Please note that the library '''org.gcube.spatial.data.geonetwork''' automatically creates a scope configuration if none is already setup, both updating Information system and GeoNetwork master instance. For completeness we report here groups and users involved in each scope configuration : | ||
+ | |||
+ | *Private_Group : Group with visibility only from the current scope or enclosed ones (ie : VRE_SCOPE_USER can access it's VO_PRIVATE_GROUP); | ||
+ | *Public_Group : Group with visibility only from the current scope and enclosing ones (ie : VO_SCOPE_USER can access it's VRE_PUBLIC_GROUP); | ||
+ | *Scope_User : ''Editor'' user in GeoNetwork, with rights in current scope groups and enclosing ones; | ||
+ | *CKAN_User : ''Registered'' user in GeoNetwork, with rights in current scope groups. | ||
+ | |||
+ | |||
+ | |||
=GeoNetwork categories= | =GeoNetwork categories= | ||
Line 60: | Line 133: | ||
=Runtime Resource= | =Runtime Resource= | ||
The ''Geo Network Runtime Resource'' gives information about Geo Network instance deployed: where the Geo Network is deployed and what are the credentials to contact it. | The ''Geo Network Runtime Resource'' gives information about Geo Network instance deployed: where the Geo Network is deployed and what are the credentials to contact it. | ||
+ | |||
+ | |||
+ | |||
==== Description==== | ==== Description==== | ||
Line 77: | Line 153: | ||
* Platform/Name = ''geonetwork'' | * Platform/Name = ''geonetwork'' | ||
− | Other than required Runtime Resource fields | + | Other than required Runtime Resource fields one access point is needed with the following constraints : |
* Endpoint EntryName = ''geonetwork'' | * Endpoint EntryName = ''geonetwork'' | ||
− | * | + | * integer property ''priority'' |
+ | * String property ''suffixes'' | ||
* For each gCube scope (indicated as <SCOPE_NAME>) in which the Runtime Resource is registered, the access point should declare the following properties | * For each gCube scope (indicated as <SCOPE_NAME>) in which the Runtime Resource is registered, the access point should declare the following properties | ||
** encrypted string property <SCOPE_NAME>_Public containing the password of the public user for the given scope | ** encrypted string property <SCOPE_NAME>_Public containing the password of the public user for the given scope |
Latest revision as of 11:30, 4 January 2022
GeoNetwork is a catalog application to manage spatially referenced resources, thus is a strategic technology for all geospatial application. Purpose of this page is to explain how to configure a GeoNetwork service instance in order to fulfill the needs of gCube environment. Please refer to its official website for further configuration details and more comprehensive documentation.
Contents
Installation
GeoNetwork version adopted by the gCube infrastructure is 2.6.4 , available here.
Prerequisites are :
- java 5+
- apache tomcat 5+
- postgres 7+
SmartGears Installation
In order to enable SmartGears to correctly handle the web application, the following values must be declared in its gcube-app.xml file :
- Name : GeoNetwork
- Group : SDI
- Description : OGC CSW 2.0 compliant catalogue
The following SmartGears handlers should be excluded :
- request-validation
Database configuration
In order to configure GeoNetwork to use postgis jdbc connection to the local database, the file config.xml under $TOMCAT_HOME/webapps/geonetwork/WEB-INF must be properly edited. A development config.xml file copy is provided in shared workspace folder https://goo.gl/dros0u. Just change the postgres connection parameters of the provided file once copied to the webapp. Please, note that the jdbc url to the database must have the form jdbc:postgis://<HOST>:<PORT>/<DATABASE_NAME>, otherwise the spatial metadata catalog is created as a shapefile, which may cause a loss of performance (please refer to official documentation for further information).
GeoNetwork Connector installation
GeoNetwork Connector is a jar library that should be included among the jars of a Geonetworkinstance deployed on SmartGear. The jar includes a Tomcat Filter and a SmartGear Request Handler.
The detailed steps to install and configure the library on an existing Geonetwork instance are listed below:
1. Download latest version of the jar from Nexus repository
2. Move the jar file to lib folder (geonetwork/WEB-INF/lib) of the Geonetwork Service deployed on SmartGear
3. Configure GeoNetworkFilter filter class in the web.xml of GeoNetwork Service just before filterChainProxy filter as follow:
<filter> <filter-name>gcubeAuthenticationFilter</filter-name> <filter-class>org.gcube.data.access.connector.GeoNetworkFilter</filter-class> </filter> <filter> <filter-name>filterChainProxy</filter-name> ....
4. Reference the filter mapping to all the URLs of the Service:
<filter-mapping> <filter-name>gcubeAuthenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
5. Edit gcube-handlers.xml (under WEB-INF) adding authentication-filter Request Handler under request element:
<handlers> <lifecycle> <profile-management /> </lifecycle> <request> <request-validation /> <request-accounting /> <authentication-filter /> </request> </handlers>
6. restart the service
Security in gcube 3.X
To reproduce visibility and security means of the gCube infrastructure, the security module of GeoNetwork need to be configured accordingly to the scope(s) in which it is registered in. Please note that the following conventions needs to be maintained according to the infrastructure state.
Groups
For each scope in which the GeoNetwork instance is registered in, the administrator must create a group with the same name of the scope.
I.e. Let's assume our instance to be registered both in d4science.research-infrastructures.eu and in d4science.research-infrastructures.eu/gCubeApps. The GeoNetwork must be configured with at least the 2 groups d4science.research-infrastructures.eu and gCubeApps.
Users
Other then at least one administrator user, 2 users must be set for each and every scope in which the GeoNetwork is registered. The convention for these users name is :
- <SCOPE>_Public : used to publish / read metadata with a scope level visibility. Role of this user must be set as Editor for the groups in which it must have read access (The <SCOPE> group itself and every sub scope in case of VO or INFRASTRUCTURE);
- <SCOPE>_Private : used to publish / read metadata with a private visibility. Role of this user must be set as as Editor for its <SCOPE> group.
For more clarity, let's say our GeoNetwork service is registered in d4science.research-infrastructures.eu/gCubeApps and in d4science.research-infrastructures.eu/gCubeApps/EcoligicalModelling scopes. As stated above in the group section, our service is supposed to be configured with at least the groups gCubeApps and EcologicalModelling. With these assumptions, these are the expected users :
- Administrator : user with administrator role
- gCubeApps_Private : Editor role in the group gCubeApps
- gCubeApps_Public : Editor role in the groups gCubeApps and EcologicalModelling
- EcologicalModelling_Private : Editor role in the group EcologicalModelling
- EcologicalModelling_Public : Editor role in the group EcologicalModelling
Security in gcube 4.X
Access rights table
The following schema report the publish/visibility policies to be followed from gcube 4.0.0.
Scope Configuration
Please note that the library org.gcube.spatial.data.geonetwork automatically creates a scope configuration if none is already setup, both updating Information system and GeoNetwork master instance. For completeness we report here groups and users involved in each scope configuration :
- Private_Group : Group with visibility only from the current scope or enclosed ones (ie : VRE_SCOPE_USER can access it's VO_PRIVATE_GROUP);
- Public_Group : Group with visibility only from the current scope and enclosing ones (ie : VO_SCOPE_USER can access it's VRE_PUBLIC_GROUP);
- Scope_User : Editor user in GeoNetwork, with rights in current scope groups and enclosing ones;
- CKAN_User : Registered user in GeoNetwork, with rights in current scope groups.
GeoNetwork categories
External resources
External OGC catalogs are managed via the harvesting facility offered by GeoNetwork. Please read the related documentation on the provider's official page.
GUI Customization
Replica management
To improve robustness, reliability and performance of the SDI, one or more replica of a GeoNetwork service can be registered in a given scope. These instances must be registered with the boolean flag master as false. See [Runtime Resource] below for more details.
Runtime Resource
The Geo Network Runtime Resource gives information about Geo Network instance deployed: where the Geo Network is deployed and what are the credentials to contact it.
Description
There will be one Runtime Resource for each Geo Network instance.
The resource can be registered:
- at VO level, if the Geo Network instance is shared between VREs.
- at VRE level, if the Geo Network instance is VRE dedicated.
The Geo Network runtime resource is mandatory if in the VO/VRE are installed application using the GCube Gis Viewer widget.
Fields
The following Runtime Resource standard fields value are mandatory in order to discover it in the infrastructure :
- Category = Gis
- Platform/Name = geonetwork
Other than required Runtime Resource fields one access point is needed with the following constraints :
- Endpoint EntryName = geonetwork
- integer property priority
- String property suffixes
- For each gCube scope (indicated as <SCOPE_NAME>) in which the Runtime Resource is registered, the access point should declare the following properties
- encrypted string property <SCOPE_NAME>_Public containing the password of the public user for the given scope
- encrypted string property <SCOPE_NAME>_Private containing the password of the private user for the given scope
- integer property <SCOPE_NAME>_group containing the id of the publishing group for the given scope
Example
<Resource version="0.4.x"> <ID>b7fce5e0-b0e5-11e2-9d26-c9dc2c525e1c</ID> <Type>RuntimeResource</Type> <Scopes> <Scope>/gcube/devNext</Scope> </Scopes> <Profile> <Category>Gis</Category> <Name>GeoNetwork</Name> <Description /> <Platform> <Name>geonetwork</Name> <Version>2</Version> <MinorVersion>2</MinorVersion> <RevisionVersion>2</RevisionVersion> <BuildVersion>2</BuildVersion> </Platform> <RunTime> <HostedOn>geoserver-dev2.d4science-ii.research-infrastructures.eu</HostedOn> <GHN UniqueID="" /> <Status>READY</Status> </RunTime> <AccessPoint> <Description>Main access point</Description> <Interface> <Endpoint EntryName="geonetwork">http://geoserver-dev2.d4science-ii.research-infrastructures.eu/geonetwork</Endpoint> </Interface> <AccessData> <Username>admin</Username> <Password>wW9T5/k5VaLdTdc3WlPbWw==</Password> </AccessData> <Properties> <Property> <Name>devNext_group</Name> <Value encrypted="false">7</Value> </Property> <Property> <Name>devNext_Private</Name> <Value encrypted="true">Jm3d1N30c2gCjjo828IdOw==</Value> </Property> <Property> <Name>devNext_Public</Name> <Value encrypted="true">5I/EJznPaq3flojA4HTz5Q==</Value> </Property> <Property> <Name>master</Name> <Value encrypted="false">true</Value> </Property> </Properties> </AccessPoint> </Profile> </Resource>