Interaction with SDI-Service

From Gcube Wiki
Revision as of 16:57, 31 August 2017 by Fabio.sinibaldi (Talk | contribs) (Exposed Interfaces)

Jump to: navigation, search

SDI-Service is a REST service aimed to offer a simplified interface to SDI administration over the infrastructure and to most common use cases in dealing with geospatial data. This page illustrates the interface exposed by the service and how to interact with it.

Interaction

Thanks to the SDI-Service application can gather details on SDI facilities offered by the infrastructure. Every response returned by the service is contextualized by the request's gcube-token meaning :

  • Configuration is related to the context (INFRASTRUCTURE, VO or VRE) of the request
  • Credentials and accessible data spaces are related to the current ROLES associated with the authenticated calling user

Invocations to SDI-Service may trigger on-the-fly initialization of SDI resources, where needed. Being a SmartGears service, it is automatically published in the infrastructure's Information System with coordinates :

  • Service Class : SDI
  • Service Name : sdi-service

Concepts

In this section some basic concepts are explained in order to guide users better exploit SDI-Service facilities.

Data Spaces

Every SDI application implements a feature that can be described as a Data Space, which is a categorization of the application content. Security and access policies are based on the notion of data space (which is implemented in different ways in the various SDI applications), so knowing where to publish data is a crucial factor in data-management.

GeoServer Data Spaces

GeoServer data spaces are implemented as workspaces and for each context the following workspaces are created / provided :

  • confidentialWorkspace : accessible only by CONTEXT_MANAGER accounts;
  • contextVisibilityWorkspace : accessible by users belonging to the context (CONTEXT_MANAGER, CONTEXT_USER and CKAN);
  • sharedWorkspace : accessible from other contexts;
  • publicWorkspace : publicly accessible;

GeoNetwork Data Spaces

GeoNetwork data spaces are implemented as groups (see here for further details on GeoNetwork security). Following groups are created / provided for each context :

  • contextGroup : accessible only by context users (CONTEXT_MANAGER, CONTEXT_USER and CKAN);
  • sharedGroup : accessible from other contexts;
  • publicGroup : publicly accessible;

Accounts

SDI-Service manages different kind of accounts and exposes them to the user depending on its ROLES in the infrastructure. Every account credential returned by the service has a type, which tells what kind of permissions that account has in its related application. Following is the list of possible Account Types :

  • CKAN : read only access to resources published in the current context;
  • CONTEXT_USER : read/write access to context data spaces;
  • CONTEXT_MANAGER : read/write access to context data spaces and confidential ones;
  • ADMIN: administration rights;

REST Invocation

SDI-Service is a SmartGears web application offering a REST interface, thus it can be invoked with simple HTTP requests. Every HTTP request to the service must contain a proper gcube-token property (as HTTP header or as query string parameter) in order to be authenticated and authorized. See #REST Interface for interface description.

JAVA Clients

For Java applications, a client library is distributed along with the service. The library facilitates the interaction with the service, automatically dealing with token and providing both an object model and a better fault management (see #Client library for more details). Such library is distributed as a maven artifact with the following coordinates

  <groupId>org.gcube.spatial.data</groupId>
  <artifactId>sdi-library</artifactId>

REST Interface

This section describes the interfaces exposed by SDI-Service and how to interact with it with HTTP requests. It is required that every request is authorized, meaning that it must contain a proper gcube token (see details here).

Exposed Interfaces

This section describes the interfaces exposed by SDI-Service, listing their methods and expected parameters. HTTP Response are returned and the content is represented in JSON.

The base path for every request , referred to as <BASE_PATH> from now on, is : https://<HOSTNAME>/sdi-service/gcube/service

SDI

  • PATH : <BASE_PATH>/SDI
  • METHOD : GET

This interface returns the complete configuration of the SDI in the caller's context. The following is a typical response from this interface:

  1. {
  2.   "contextName" : "...",
  3.   "geonetworkConfiguration" : {
  4.     "version" : {
  5.       "major" : 2,
  6.       "minor" : 6,
  7.       "build" : 0
  8.     },
  9.     "baseEndpoint" : "...",
  10.     "accessibleCredentials" : [ {
  11.       "username" : "...",
  12.       "password" : "...",
  13.       "accessType" : "CKAN"
  14.     }, {
  15.       "username" : "...",
  16.       "password" : "...",
  17.       "accessType" : "CONTEXT_USER"
  18.     }  ],
  19.     "contextGroup" : "...",
  20.     "sharedGroup" : "...",
  21.     "publicGroup" : "..."
  22.   },
  23.   "geoserverClusterConfiguration" : {
  24.     "availableInstances" : [ {
  25.       "version" : {
  26.         "major" : 2,
  27.         "minor" : 1,
  28.         "build" : 2
  29.       },
  30.       "baseEndpoint" : "...",
  31.       "accessibleCredentials" : [ {
  32.         "username" : "...",
  33.         "password" : "...",
  34.         "accessType" : "ADMIN"
  35.       } ],
  36.       "confidentialWorkspace" : ...,
  37.       "contextVisibilityWorkspace" : ...,
  38.       "sharedWorkspace" : ...,
  39.       "publicWorkspace" : ...
  40.     } ]
  41.   },
  42.   "threddsConfiguration" : ...
  43. }

GeoServer

This interface is dedicated to handling the GeoServer Cluster of the SDI.

  • PATH : <BASE_PATH>/GeoServer

Configuration

  • PATH : <BASE_PATH>/GeoServer/configuration/<HOST_NAME>
  • METHOD : GET

This interface exposes the same information as per #SDI, limiting it to only the GeoServer instance hosted in <HOST_NAME>. The following is a typical response :

  1. {
  2.       {
  3.   "version" : {
  4.     "major" : ..,
  5.     "minor" : ..,
  6.     "build" : ..
  7.   },
  8.   "baseEndpoint" : ...,
  9.   "accessibleCredentials" : [ {
  10.     "username" : "...",
  11.     "password" : "...",
  12.     "accessType" : "..."
  13.   } ],
  14.   "confidentialWorkspace" : ...,
  15.   "contextVisibilityWorkspace" : ...,
  16.   "sharedWorkspace" : ...,
  17.   "publicWorkspace" : ...
  18. }

Credentials

  • PATH : <BASE_PATH>/GeoServer/credentials/<HOST_NAME>
  • METHOD : GET

This interface exposes the same information as per #Configuration, limiting it to only accessible credentials. The following is a typical response :

  1. {
  2.         "username" : "...",
  3.         "password" : "...",
  4.         "accessType" : "ADMIN"
  5.     }


Register Service

  • PATH : <BASE_PATH>/GeoServer
  • METHOD : POST

This interface allows the registration of a SmartGears-enabled GeoServer already running in the caller's context. The following is an example of a Registration Request content :

  1. {
  2.   "hostname" : "some.place.org",
  3.   "majorVersion" : 2,
  4.   "minorVersion" : 10,
  5.   "releaseVersion" : 3,
  6.   "adminPassword" : "*****",
  7.   "properties" : [ {
  8.     "name" : "my own application property",
  9.     "value" : "some value"
  10.   } ],
  11.   "description" : "Dummy geoserver",
  12.   "name" : "My GeoServer",
  13.   "workspaces" : [ {
  14.     "name" : "myWS",
  15.     "access" : "PUBLIC"
  16.   } ]
  17. }

Import Service Registration

  • PATH : <BASE_PATH>/GeoServer/import/<HOST_NAME>?sourceToken=*****
  • METHOD : POST

This interface allows the registration of a SmartGears-enabled GeoServer already running in the caller's context by importing its registration from another context (accessed by exploiting the passed sourceToken).

Metadata

Typical use cases

Get global configuration

Get available GeoServers

Get credentials for a particular GeoServer

Client Library