GeoNetwork is a catalog application to manage spatially referenced resources, thus is a strategic technology for all geospatial application. Purpose of this page is to explain how to configure a GeoNetwork service instance in order to fulfill the needs of gCube environment. Please refer to its official website for further configuration details and more comprehensive documentation.
- 1 Installation
- 2 Security in gcube 3.X
- 3 Security in gcube 4.X
- 4 GeoNetwork categories
- 5 External resources
- 6 GUI Customization
- 7 Replica management
- 8 Runtime Resource
GeoNetwork version adopted by the gCube infrastructure is 2.6.4 , available here.
Prerequisites are :
- java 5+
- apache tomcat 5+
- postgres 7+
In order to enable SmartGears to correctly handle the web application, the following values must be declared in its gcube-app.xml file :
- Name : GeoNetwork
- Group : SDI
- Description : OGC CSW 2.0 compliant catalogue
The following SmartGears handlers should be excluded :
In order to configure GeoNetwork to use postgis jdbc connection to the local database, the file config.xml under $TOMCAT_HOME/webapps/geonetwork/WEB-INF must be properly edited. A development config.xml file copy is provided in shared workspace folder https://goo.gl/dros0u. Just change the postgres connection parameters of the provided file once copied to the webapp. Please, note that the jdbc url to the database must have the form jdbc:postgis://<HOST>:<PORT>/<DATABASE_NAME>, otherwise the spatial metadata catalog is created as a shapefile, which may cause a loss of performance (please refer to official documentation for further information).
GeoNetwork Connector installation
GeoNetwork Connector is a jar library that should be included among the jars of a Geonetworkinstance deployed on SmartGear. The jar includes a Tomcat Filter and a SmartGear Request Handler.
The detailed steps to install and configure the library on an existing Geonetwork instance are listed below:
1. Download latest version of the jar from Nexus repository
2. Move the jar file to lib folder (geonetwork/WEB-INF/lib) of the Geonetwork Service deployed on SmartGear
3. Configure GeoNetworkFilter filter class in the web.xml of GeoNetwork Service just before filterChainProxy filter as follow:
<filter> <filter-name>gcubeAuthenticationFilter</filter-name> <filter-class>org.gcube.data.access.connector.GeoNetworkFilter</filter-class> </filter> <filter> <filter-name>filterChainProxy</filter-name> ....
4. Reference the filter mapping to all the URLs of the Service:
<filter-mapping> <filter-name>gcubeAuthenticationFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
5. Edit gcube-handlers.xml (under WEB-INF) adding authentication-filter Request Handler under request element:
<handlers> <lifecycle> <profile-management /> </lifecycle> <request> <request-validation /> <request-accounting /> <authentication-filter /> </request> </handlers>
6. restart the service
Security in gcube 3.X
To reproduce visibility and security means of the gCube infrastructure, the security module of GeoNetwork need to be configured accordingly to the scope(s) in which it is registered in. Please note that the following conventions needs to be maintained according to the infrastructure state.
For each scope in which the GeoNetwork instance is registered in, the administrator must create a group with the same name of the scope.
I.e. Let's assume our instance to be registered both in d4science.research-infrastructures.eu and in d4science.research-infrastructures.eu/gCubeApps. The GeoNetwork must be configured with at least the 2 groups d4science.research-infrastructures.eu and gCubeApps.
Other then at least one administrator user, 2 users must be set for each and every scope in which the GeoNetwork is registered. The convention for these users name is :
- <SCOPE>_Public : used to publish / read metadata with a scope level visibility. Role of this user must be set as Editor for the groups in which it must have read access (The <SCOPE> group itself and every sub scope in case of VO or INFRASTRUCTURE);
- <SCOPE>_Private : used to publish / read metadata with a private visibility. Role of this user must be set as as Editor for its <SCOPE> group.
For more clarity, let's say our GeoNetwork service is registered in d4science.research-infrastructures.eu/gCubeApps and in d4science.research-infrastructures.eu/gCubeApps/EcoligicalModelling scopes. As stated above in the group section, our service is supposed to be configured with at least the groups gCubeApps and EcologicalModelling. With these assumptions, these are the expected users :
- Administrator : user with administrator role
- gCubeApps_Private : Editor role in the group gCubeApps
- gCubeApps_Public : Editor role in the groups gCubeApps and EcologicalModelling
- EcologicalModelling_Private : Editor role in the group EcologicalModelling
- EcologicalModelling_Public : Editor role in the group EcologicalModelling
Security in gcube 4.X
Access rights table
The following schema report the publish/visibility policies to be followed from gcube 4.0.0.
Please note that the library org.gcube.spatial.data.geonetwork automatically creates a scope configuration if none is already setup, both updating Information system and GeoNetwork master instance. For completeness we report here groups and users involved in each scope configuration :
- Private_Group : Group with visibility only from the current scope or enclosed ones (ie : VRE_SCOPE_USER can access it's VO_PRIVATE_GROUP);
- Public_Group : Group with visibility only from the current scope and enclosing ones (ie : VO_SCOPE_USER can access it's VRE_PUBLIC_GROUP);
- Scope_User : Editor user in GeoNetwork, with rights in current scope groups and enclosing ones;
- CKAN_User : Registered user in GeoNetwork, with rights in current scope groups.
External OGC catalogs are managed via the harvesting facility offered by GeoNetwork. Please read the related documentation on the provider's official page.
To improve robustness, reliability and performance of the SDI, one or more replica of a GeoNetwork service can be registered in a given scope. These instances must be registered with the boolean flag master as false. See [Runtime Resource] below for more details.
The Geo Network Runtime Resource gives information about Geo Network instance deployed: where the Geo Network is deployed and what are the credentials to contact it.
There will be one Runtime Resource for each Geo Network instance.
The resource can be registered:
- at VO level, if the Geo Network instance is shared between VREs.
- at VRE level, if the Geo Network instance is VRE dedicated.
The Geo Network runtime resource is mandatory if in the VO/VRE are installed application using the GCube Gis Viewer widget.
The following Runtime Resource standard fields value are mandatory in order to discover it in the infrastructure :
- Category = Gis
- Platform/Name = geonetwork
Other than required Runtime Resource fields one access point is needed with the following constraints :
- Endpoint EntryName = geonetwork
- integer property priority
- String property suffixes
- For each gCube scope (indicated as <SCOPE_NAME>) in which the Runtime Resource is registered, the access point should declare the following properties
- encrypted string property <SCOPE_NAME>_Public containing the password of the public user for the given scope
- encrypted string property <SCOPE_NAME>_Private containing the password of the private user for the given scope
- integer property <SCOPE_NAME>_group containing the id of the publishing group for the given scope
<Resource version="0.4.x"> <ID>b7fce5e0-b0e5-11e2-9d26-c9dc2c525e1c</ID> <Type>RuntimeResource</Type> <Scopes> <Scope>/gcube/devNext</Scope> </Scopes> <Profile> <Category>Gis</Category> <Name>GeoNetwork</Name> <Description /> <Platform> <Name>geonetwork</Name> <Version>2</Version> <MinorVersion>2</MinorVersion> <RevisionVersion>2</RevisionVersion> <BuildVersion>2</BuildVersion> </Platform> <RunTime> <HostedOn>geoserver-dev2.d4science-ii.research-infrastructures.eu</HostedOn> <GHN UniqueID="" /> <Status>READY</Status> </RunTime> <AccessPoint> <Description>Main access point</Description> <Interface> <Endpoint EntryName="geonetwork">http://geoserver-dev2.d4science-ii.research-infrastructures.eu/geonetwork</Endpoint> </Interface> <AccessData> <Username>admin</Username> <Password>wW9T5/k5VaLdTdc3WlPbWw==</Password> </AccessData> <Properties> <Property> <Name>devNext_group</Name> <Value encrypted="false">7</Value> </Property> <Property> <Name>devNext_Private</Name> <Value encrypted="true">Jm3d1N30c2gCjjo828IdOw==</Value> </Property> <Property> <Name>devNext_Public</Name> <Value encrypted="true">5I/EJznPaq3flojA4HTz5Q==</Value> </Property> <Property> <Name>master</Name> <Value encrypted="false">true</Value> </Property> </Properties> </AccessPoint> </Profile> </Resource>