Interaction with SDI-Service
SDI-Service is a REST service aimed to offer a simplified interface to SDI administration over the infrastructure and to most common use cases in dealing with geospatial data. This page illustrates the interface exposed by the service and how to interact with it.
Interaction
Thanks to the SDI-Service application can gather details on SDI facilities offered by the infrastructure. Every response returned by the service is contextualized by the request's gcube-token meaning :
- Configuration is related to the context (INFRASTRUCTURE, VO or VRE) of the request
- Credentials and accessible data spaces are related to the current ROLES associated with the authenticated calling user
Invocations to SDI-Service may trigger on-the-fly initialization of SDI resources, where needed. Being a SmartGears service, it is automatically published in the infrastructure's Information System with coordinates :
- Service Class : SDI
- Service Name : sdi-service
Concepts
In this section some basic concepts are explained in order to guide users better exploit SDI-Service facilities.
Data Spaces
Every SDI application implements a feature that can be described as a Data Space, which is a categorization of the application content. Security and access policies are based on the notion of data space (which is implemented in different ways in the various SDI applications), so knowing where to publish data is a crucial factor in data-management.
GeoServer Data Spaces
GeoServer data spaces are implemented as workspaces and for each context the following workspaces are created / provided :
- confidentialWorkspace : accessible only by CONTEXT_MANAGER accounts;
- contextVisibilityWorkspace : accessible by users belonging to the context (CONTEXT_MANAGER, CONTEXT_USER and CKAN);
- sharedWorkspace : accessible from other contexts;
- publicWorkspace : publicly accessible;
GeoNetwork Data Spaces
GeoNetwork data spaces are implemented as groups (see here for further details on GeoNetwork security). Following groups are created / provided for each context :
- contextGroup : accessible only by context users (CONTEXT_MANAGER, CONTEXT_USER and CKAN);
- sharedGroup : accessible from other contexts;
- publicGroup : publicly accessible;
Accounts
SDI-Service manages different kind of accounts and exposes them to the user depending on its ROLES in the infrastructure. Every account credential returned by the service has a type, which tells what kind of permissions that account has in its related application. Following is the list of possible Account Types :
- CKAN : read only access to resources published in the current context;
- CONTEXT_USER : read/write access to context data spaces;
- CONTEXT_MANAGER : read/write access to context data spaces and confidential ones;
- ADMIN: administration rights;
REST Invocation
SDI-Service is a SmartGears web application offering a REST interface, thus it can be invoked with simple HTTP requests. Every HTTP request to the service must contain a proper gcube-token property (as HTTP header or as query string parameter) in order to be authenticated and authorized. See #REST Interface for interface description.
JAVA Clients
For Java applications, a client library is distributed along with the service. The library facilitates the interaction with the service, automatically dealing with token and providing both an object model and a better fault management (see #Client library for more details). Such library is distributed as a maven artifact with the following coordinates
<groupId>org.gcube.spatial.data</groupId> <artifactId>sdi-library</artifactId>
REST Interface
This section describes the interfaces exposed by SDI-Service and how to interact with it with HTTP requests. It is required that every request is authorized, meaning that it must contain a proper gcube token (see details here).
Exposed Interfaces
This section describes the interfaces exposed by SDI-Service, listing their methods and expected parameters. HTTP Response are returned and the content is represented in JSON.
The base path for every request , referred to as <BASE_PATH> from now on, is : https://<HOSTNAME>/sdi-service/gcube/service
SDI
- PATH : <BASE_PATH>/SDI
- METHOD : GET
This interface returns the complete configuration of the SDI in the caller's context. The following is a typical response from this interface:
{
"contextName" : "...",
"geonetworkConfiguration" : {
"version" : {
"major" : 2,
"minor" : 6,
"build" : 0
},
"baseEndpoint" : "...",
"accessibleCredentials" : [ {
"username" : "...",
"password" : "...",
"accessType" : "CKAN"
}, {
"username" : "...",
"password" : "...",
"accessType" : "CONTEXT_USER"
} ],
"contextGroup" : "...",
"sharedGroup" : "...",
"publicGroup" : "..."
},
"geoserverClusterConfiguration" : {
"availableInstances" : [ {
"version" : {
"major" : 2,
"minor" : 1,
"build" : 2
},
"baseEndpoint" : "...",
"accessibleCredentials" : [ {
"username" : "...",
"password" : "...",
"accessType" : "ADMIN"
} ],
"confidentialWorkspace" : ...,
"contextVisibilityWorkspace" : ...,
"sharedWorkspace" : ...,
"publicWorkspace" : ...
} ]
},
"threddsConfiguration" : ...
}
GeoServer
This interface is dedicated to handling the GeoServer Cluster of the SDI.
- PATH : <BASE_PATH>/GeoServer
Configuration
- PATH : <BASE_PATH>/GeoServer/configuration/<HOST_NAME>
- METHOD : GET
This interface exposes the same information as per #SDI, limiting it to only the GeoServer instance hosted in <HOST_NAME>. The following is a typical response :
{
"version" : {
"major" : 2,
"minor" : 1,
"build" : 2
},
"baseEndpoint" : "...",
"accessibleCredentials" : [ {
"username" : "...",
"password" : "...",
"accessType" : "ADMIN"
} ],
"confidentialWorkspace" : ...,
"contextVisibilityWorkspace" : ...,
"sharedWorkspace" : ...,
"publicWorkspace" : ...
}
Credentials
- PATH : <BASE_PATH>/GeoServer/credentials/<HOST_NAME>
- METHOD : GET
This interface exposes the same information as per #Configuration, limiting it to only accessible credentials. The following is a typical response :
{
"username" : "...",
"password" : "...",
"accessType" : "ADMIN"
}