WFS Client

Author:

Jean-François Doyon

Contact:

jdoyon at nrcan.gc.ca

Author:

Jeff McKenna

Contact:

jmckenna at gatewaygeomatics.com

Last Updated:

2020-06-09

Introduction

MapServer can retrieve and display data from a WFS server. The following document explains how to display data from a WFS server using the MapServer CONNECTIONTYPE WFS.

WFS can also be accessed through OGR (CONNECTIONTYPE OGR). See the OGR Vector Layers Through MapServer documentation for datails.

A WFS ( Web Feature Service ) publishes feature-level geospatial data to the web. This means that it is possible to use this data as a data source to render a map. In effect, this is not unlike having a shapefile accessible over the web, only it’s not a shapefile, it’s XML-Encoded geospatial data (GML to be exact), including both geometry AND attribute information.

Software Requirements

In order to enable MapServer to serve WFS, it MUST be compiled against certain libraries:

  • PROJ: The reprojection library. Version 4.4.3 or greater is required.

  • GDAL/OGR: I/O support libraries. Version 1.1.8 or greater is required.

  • LibCURL: Used to help MapServer act as an HTTP client. Version 7.10 or greater is required.

Please see the MapServer UNIX Compilation and Installation HOWTO for detailed instructions on compiling mapserver with support for these libraries and features. For Windows users, look on the MapServer website to see if there are any binaries available that meet these requirements.

Setting up a WFS-client Mapfile

Storing Temporary Files

You must set the IMAGEPATH parameter in your mapfile since MapServer uses this directory to store temporary files downloaded from the remote WFS server. Windows users must specify a full path for IMAGEPATH, such as: IMAGEPATH “C:/tmp/ms_tmp/”

MAP
  ...
  WEB
    IMAGEPATH "/tmp/ms_tmp/"
    IMAGEURL ...
  END
  ...
END

Configuring for HTTPS Connections

Follow the Accessing OGC services over HTTPS document to make sure that your local server can connect through HTTPS secured connections.

WFS Layer

A WFS layer is a regular mapfile layer, which can use CLASS objects, with expressions, etc.

As of MapServer 4.4, the suggested method to define a WFS Client layer is through the CONNECTION parameter and the layer’s METADATA. The necessary mapfile parameters are defined below:

  • METADATA: The LAYER’s must contain a METADATA object with the following parameters:

    • wfs_connectiontimeout (optional): The maximum time to wait for a remote WFS layer to load, set in seconds (default is 30 seconds). This metadata can be added at the layer level so that it affects only that layer, or it can be added at the map level (in the web object) so that it affects all of the layers. Note that wfs_connectiontimeout at the layer level has priority over the map level.

    • wfs_filter: This can be included to include a filter encoding parameter in the getFeature request (see the Filter Encoding Howto for more information on filtering). The content of the wfs_filter is a valid filter encoding element.

      ...
      METADATA
        "wfs_filter"   "<PropertyIsGreaterThan><PropertyName>POP_RANGE</PropertyName>
                        <Literal>4</Literal></PropertyIsGreaterThan>"
      END
      ...
      
    • wfs_geometryname (optional): The name of the geometry column used for spatial filtering in the filter parameter (Geometry by default). This parameter is used for ArcGIS or GeoServer WFS services as several geometry column can be chosen (or with a different default name to Geometry).

    • wfs_latlongboundingbox (optional): The bounding box of this layer in geographic coordinates in the format “lon_min lat_min lon_max lat_max”. If it is set then MapServer will request the layer only when the map view overlaps that bounding box. You normally get this from the server’s capabilities output.

    • wfs_maxfeatures (optional): Limit the number of GML features to return. Sensible values are integers greater than 0. If 0 is specified, no features will be returned.

    • wfs_request_method (optional): Can be set to “GET” to do a Get request to WFS servers that do not support Post requests. The default method in MapServer is Post.

      ...
      METADATA
        "wfs_request_method"   "GET"
      END
      ...
      
    • wfs_typename (required): the <Name> of the layer found in the GetCapabilities. An example GetCapabilities request is: https://demo.mapserver.org/cgi-bin/wfs?SERVICE=WFS&VERSION=1.0.0&REQUEST=GetCapabilities

    • wfs_version (required): WFS version, currently “1.0.0”

Notitie

Each of the above metadata can also be referred to as ‘ows_*’ instead of ‘wfs_*’. MapServer tries the ‘wfs_*’ metadata first, and if not found it tries the corresponding ‘ows_*’ name. Using this reduces the amount of duplication in mapfiles that support multiple OGC interfaces since “ows_*” metadata can be used almost everywhere for common metadata items shared by multiple OGC interfaces.

Optional Layer Parameters and Metadata

  • “wfs_auth_username” metadata - msEncrypt-style authorization string. Empty strings are also accepted.

    METADATA
      "wfs_auth_username" "foo"
      "wfs_auth_password" "{FF88CFDAAE1A5E33}"
    END
    
  • “wfs_auth_type” metadata - Authorization type. Supported types include:

    • basic

    • digest

    • ntlm

    • any (the underlying http library picks the best among the options supported by the remote server)

    • anysafe (the underlying http library picks only safe methods among the options supported by the remote server)

    METADATA
      "wfs_auth_type" "ntlm"
    END
    
  • “wfs_connectiontimeout” metadata

    • the maximum time to wait for a remote WFS layer to load, set in seconds (default is 30 seconds). This metadata can be added at the layer level so that it affects only that layer, or it can be added at the map level (in the web object) so that it affects all of the layers. Note that wfs_connectiontimeout at the layer level has priority over the map level.

    METADATA
      ...
      "wfs_connectiontimeout" "60"
      ...
    END
    
  • “wfs_proxy_auth_type” metadata - the authorization type to use for a proxy connection. Supported types include:

    • basic

    • digest

    • ntlm

    • any (the underlying http library picks the best among the opotions supported by the remote server)

    • anysafe (the underlying http library picks only safe methods among the options supported by the remote server)

    METADATA
      "wfs_proxy_auth_type" "ntlm"
    END
    
  • “wfs_proxy_host” metadata - the hostname of the proxy to use, in “dot-quad” format, with an optional port component (e.g. ‘192.168.2.10:8080’).

    METADATA
      "wfs_proxy_host" "192.168.2.10"
    END
    
  • “wfs_proxy_port” metadata - the port to use for a proxy connection.

    METADATA
      "wfs_proxy_port" "8080"
    END
    
  • “wfs_proxy_type” metadata - the type of the proxy connection. Valid values are ‘http’ and ‘socks5’, which are case sensitive.

    METADATA
      "wfs_proxy_type" "http"
    END
    
  • “wfs_proxy_username” metadata - msEncrypt-style string for a proxy connection. Empty strings are also accepted.

    METADATA
      "wfs_proxy_username" "foo"
      "wfs_proxy_password" "{FF88CFDAAE1A5E33}"
    END
    

Example WFS Layer

LAYER
  NAME "continents"
  TYPE POLYGON
  STATUS ON
  CONNECTION "https://demo.mapserver.org/cgi-bin/wfs?"
  CONNECTIONTYPE WFS
  METADATA
    "wfs_typename"          "continents"
    "wfs_version"           "1.0.0"
    "wfs_connectiontimeout" "60"
    "wfs_maxfeatures"       "10"
  END
  PROJECTION
    "init=epsg:4326"
  END
  CLASS
    NAME "Continents"
    STYLE
      COLOR 255 128 128
      OUTLINECOLOR 96 96 96
    END
  END
END # Layer

Connection - deprecated

As of MapServer v4.4 the method of specifying all of the connection information in the CONNECTION parameter has beendeprecated. The preferred method is mentioned above. If the metadata is not provided, VERSION, SERVICE, and TYPENAME will be fetched from the CONNECTION, as shown below

CONNECTION    "https://demo.mapserver.org/cgi-bin/wfs?SERVICE=WFS&VERSION=1.0.0&TYPENAME=continents"

TODO / Known Limitations

  1. Temporary WFS (gml) files are written to the IMAGEPATH directory, but this could become a security concern since it makes the raw GML data downloadable by someone who could guess the gml filename. We should consider having a “wfs_cache_dir” metadata that, if it is set will define a directory where temp files should be written. The default would still be to use the value of IMAGEPATH if “wfs_tmpdir” is not set.