Logo of 52°North

WPS Interceptor

The WPS Interceptor of 52°North enforces permissions for OGC Web Processing Service requests and responses.

General

  • Support WPS version 1.0
  • Supports KVP and POST/XML for GetCapabilities, KVP for DescribeProcess and POST/XML for Execute operations

Intercepted Operations

GetCapabilities

Action identifier: /operations/GetCapabilities

Affected resources: /process/[PROCESS_ID]

Interceptor actions:

  • Identify all processes inside the Capabilities response document
  • Check permission for every process
    • If no permission exists, the process is removed from the process offerings.

DescribeProcess

Action identifier: /operations/DescribeProcess

Affected resources: /process/[PROCESS_ID]

Interceptor actions:

  • Identify all processes IDs requested
  • Check permission for every process id
    • If a process id is requested that is denied, the request is blocked (an excepetion is returned).

Execute

Action identifier: /operations/Execute

Affected resources: /process/[PROCESS_ID]

Interceptor actions:

  • Identify the requested process.
  • Check permission for reqeusted process
    • If no permission exists for that process, the request is blocked (an excepetion is returned).

Obligations

There are currently no obligations defined for the WPS interceptor.

Example Permission

<PermissionSet name="WPS giv">
    <ResourceDomain value="http://localhost:8080/wss/service/wps_giv/*"/>
    <ActionDomain value="http://localhost:8080/wss/service/wps_giv/*"/>
    <SubjectDomain value="urn:n52:security:subject:role"/>
    <Permission name="alice_all">
        <Resource value="/process/*"/>
        <!-- Any operations allowed -->
        <Action value="/operations/*"/>
        <!-- Any operations -->
        <Subject value="alice"/>
    </Permission>
    <Permission name="bob_Capabilities">
        <Resource value="/process/org.n52.wps.server.algorithm.simplify.DouglasPeuckerAlgorithm"/>
        <Resource value="/process/delaunay"/>
        <Resource value="/process/transform"/>
    <Resource value="/process/org.n52.wps.server.algorithm.SimpleBufferAlgorithm"/>
        <Action value="/operations/GetCapabilities"/>
        <Subject value="bob"/>
    </Permission>
    <Permission name="bob_DecribeProcess">
        <Action value="/operations/DescribeProcess"/>
        <Resource value="/process/org.n52.wps.server.algorithm.simplify.DouglasPeuckerAlgorithm"/>
        <Resource value="/process/delaunay"/>
        <Resource value="/process/transform"/>
        <Resource value="/process/org.n52.wps.server.algorithm.SimpleBufferAlgorithm"/>
        <Subject value="bob"/>
    </Permission>
    <Permission name="bob_Execute">
        <Action value="/operations/Execute"/>
        <Resource value="/process/org.n52.wps.server.algorithm.SimpleBufferAlgorithm"/>
        <Subject value="bob"/>
    </Permission>
</PermissionSet>