Hi Asko
It is possible to set up the WFS in Spatial Manager using the WFS services page. You can add tables to the WFS service and choose which columns in these tables to expose. This would allow the service to be used internally. For example, if the server name was spectrum-server deployed on port 8080 this URL would return the capabilities
http://spectrum-server:8080/rest/Spatial/WFS?SERVICE=WFS&REQUEST=GetCapabilities&VERSION=2.0.2
However, there are two further considerations when exposing this publicly which use of a proxy server is needed to resolve.
First – handling authentication for public access
When accessing the WFS service Spectrum Spatial will prompt the user for a log-in. Any Spectrum user can be used to login, as all Spectrum users have permissions to access the OGC services. However, it is not possible to disable security for just the OGC services without disabling it for the whole of Spectrum Spatial
A proxy server can be used to add the authentication header (basic authentication username/password) to the request made by end users/WFS client apps. The end user or client is then never prompted for the login. The client calls the proxy URL, the proxy adds the authentication and then redirects or calls the spectrum server
Here is an example request where the header is U3BhdGlhbE9HQ1VzZXI6U3BhdGlhbE9HQ1Bhc3N3b3Jk
(this is the user/password combination in base 64 encoding, which here is a user I created called SpatialOGCUser:SpatialOGCPassword)
GET http:// spectrum-server:8080/rest/Spatial/WFS?SERVICE=WFS&REQUEST=GetCapabilities&VERSION=2.0.2 HTTP/1.1
cache-control: no-cache
Postman-Token: be4be5cb-2878-47ce-93e0-0b19b5607b9e
Authorization: Basic U3BhdGlhbE9HQ1VzZXI6U3BhdGlhbE9HQ1Bhc3N3b3Jk
User-Agent: PostmanRuntime/7.6.0
Accept: */*
Host: sky-7205785:8080
accept-encoding: gzip, deflate
Connection: keep-alive
|
As this request is made behind the proxy, and is not seen by users, it could be a HTTP call rather than HTTPS.
Second: Exposing a public facing URL in place of the internal server name
You would normally want to expose a different public URL for the service than the internal server name
For example the internal server name may be http://spectrum-server:8080/rest/Spatial/WFS
The public URL you need to expose may be something like this (without the port, so it works on default port 80) http://publicWFS/rest/Spatial/WFS
The proxy would therefore be exposed as publicWFS and would send requests to local-spectrum-server:8080 (as well as adding the authorization header)
When changing the end point like this there is a need to consider the URL defined in the WFS configuration. The WFS returns the URL of the service for each of its supported operations when you make a get capabilities call. WFS clients use this to make further requests to describe and get features from tables. Below is a snippet from a get capabilities request showing the DescribeFeatureType operation, showing the internal URL returned.
http://spectrum-server:8080/rest/Spatial/WFS?SERVICE=WFS&REQUEST=GetCapabilities&VERSION=2.0.2
<ows:Operation name="DescribeFeatureType">
<ows:DCP>
<ows:HTTP>
<ows:Get xlink:href="http://spectrum-server:8080/rest/Spatial/WFS?"/>
<ows:Post xlink:href="http://spectrum-server:8080/rest/Spatial/WFS"/>
</ows:HTTP>
</ows:DCP>
<ows:Parameter name="OutputFormat">
<ows:AllowedValues>
<ows:Value>application/gml+xml;version=3.2</ows:Value>
<ows:Value>application/gml+xml;version=3.1.1</ows:Value>
<ows:Value>application/gml+xml;version=2.1.2</ows:Value>
<ows:Value>XMLSCHEMA</ows:Value>
</ows:AllowedValues>
</ows:Parameter>
</ows:Operation>
|
You would want the request to return the public URL.
There are two ways to do this
- First you can modify the WFS configuration in Spectrum Spatial Manager to replace the URL used with the public URL. This method allows the WFS to work from the public URL, but won't work internally if you have WFS clients using the internal URL. The images below show how to do this.
- Second, you can have the proxy server modify the XML returned from Spectrum to replace the internal URL with the public one. This method allows the WFS to be used both from the proxy and internally, as the URL returned will be valid in both cases.
I hope this provides enough information for your IT department to progress.
------------------------------
Mustafa Ismail
Product Architect
Pitney Bowes
London UK
------------------------------
Original Message:
Sent: 10-02-2020 09:18
From: Asko Põder
Subject: Spectrum WFS
Hello
I am an entry level Spectrum user and I don't have IT education. My goal is to make public WFS service, where people can download our establishments (state institution) GIS vector maps. Using Spatal Manager--> Services--> WFS I put resources to WFS (picture "SpatialManager_WFS.png"). These resources are originally from PostgreSQL database (tables). Is it possible to make public WFS service from that Spectrum WFS service so, that only certain tables and certain columns (marked red in picture "SpatialManager_WFS.png") from Spectrum WFS service can be accessed by random person? Maybe some basic/general directions how to do it?
I have been told, that proxy server on top of Spectrum WFS can do this? My IT department asks me more information how to solve this task and I don't know what to tell them anymore :).
Thank you
Asko Põder
------------------------------
Asko Põder
Knowledge Community Shared Account
------------------------------