GeoFence setup architectures
GeoFence is split in 2 main modules:
-
Core:
This is the server part.
It contains the model, the persistence logic and the service logic.
Implementation is at https://github.com/geoserver/geofence -
AccessManager:
This is the client part.
It converts the GeoFence Rule logic into the authorization objects required by GeoServer.
It is packaged in a GeoServer extension.
Implementation at https://github.com/geoserver/geoserver/tree/main/src/extension/geofence/geofence
GeoFence does not contain an UI for editing Rule. There used to be a GWT GUI to administer the authorization rules and the related objects, but it has been removed in GeoFence 3.7, since it relied on some obsolete libraries.
This is the architecture diagram of the standalone application setup:
GeoServer and GeoFence run as two different webapps.
GeoServer needs the geofence extension, which implements the GeoFenceAccessManager, which in turn calls GeoFence as an external service.
This is the architecture diagram of the embedded setup:
All of the GeoFence core logic runs inside the GeoServer webapp.
In this case GeoServer uses the geofence-server extension (there are different flavours of it, according to the choosen external DBMS), and the GeoFenceAccessManager is configure to call the GeoFence services as internal Spring beans.
The geofence-server extension also re-implements the REST API endpoints and a wicket interface, within the other GeoServer admin pages, to edit the GeoFence rules.