GeoServer has a robust security subsystem, modeled on Spring Security. Most of the security features are available through the Web Administration
interface. In the Security panel, you can find links to set user properties and bind data to security rules, as shown in the following screenshot:
The basic idea is that you create users and roles and combine them with data to enable specific access policies. You can also limit read and write access by role. We will go over these in detail in a later chapter.
From the Settings
panel, you can control general settings about security.
You can select a role. Roles are defined in the Users, Groups, and Roles
section and control security settings for the users.
The Encryption
settings let you choose how GeoServer will encrypt passwords. As you may note in the following screenshot after you install the software there is a warning about strong cryptography being available. You will learn how to fix this in a later chapter...