<div dir="ltr">Well yes, right now creating the same user on GeoNode too and marking it as superuser (or assigning it to admin group) should work.</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="font-size:12.8px">Best Regards,</div><div style="font-size:12.8px">Alessio Fabiani.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><div>==</div><div>GeoServer Professional Services from the experts!</div><div>Visit <a href="http://goo.gl/it488V" target="_blank">http://goo.gl/it488V</a> for more information.</div><div>==</div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Ing. Alessio Fabiani</div><div style="font-size:12.8px">@alfa7691</div><div style="font-size:12.8px"><a href="https://github.com/afabiani?tab=overview" style="font-size:12.8px" target="_blank">github</a><br></div><div style="font-size:12.8px">Founder/Technical Lead</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><div>GeoSolutions S.A.S.</div><div>Via di Montramito 3/A</div><div>55054 Massarosa (LU)</div><div>Italy</div><div>phone: +39 0584 962313</div><div>fax: +39 0584 1660272</div><div>mob: +39 <span style="font-size:12.8px">331 6233686</span></div><div><br></div><div><a href="http://www.geo-solutions.it/" target="_blank">http://www.geo-solutions.it</a></div><div><a href="http://twitter.com/geosolutions_it" target="_blank">http://twitter.com/geosolutions_it</a></div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">-------------------------------------------------------</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><p><span lang="IT"><font size="1"><b>AVVERTENZE AI SENSI DEL D.Lgs. 196/2003</b></font></span></p><p><span lang="IT"><font size="1">Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.</font></span></p><p><span lang="IT"><font size="1"> </font></span></p><p><font size="1">The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.</font></p><p><font size="1">---------------------------------------------------------------------</font></p></div></div></div></div>
<br><div class="gmail_quote">On Mon, Mar 6, 2017 at 8:16 PM, Paolo Corti <span dir="ltr"><<a href="mailto:pcorti@gmail.com" target="_blank">pcorti@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Oh I see. Thanks Alessio for the detailed explanation.<br>
<br>
>From what I can see, using the GeoServer administrative interface, I<br>
can create a GeoServer user that can access GeoServer with basic<br>
authentication: unfortunately, even assigning this user to the admin<br>
groups (ADMIN, GROUP_ADMIN), this user is not able to access layers<br>
marked as private in GeoNode.<br>
Is there a way to accomplish this? I would basically need to have a<br>
user that can read all of the virtual services of the layers (public<br>
and private) using basic authentication.<br>
<br>
Thanks for helping :)<br>
<br>
p<br>
<br>
<br>
On Mon, Mar 6, 2017 at 11:48 AM, Alessio Fabiani<br>
<div class="HOEnZb"><div class="h5"><<a href="mailto:alessio.fabiani@geo-solutions.it">alessio.fabiani@geo-<wbr>solutions.it</a>> wrote:<br>
> I see. Yes given this use case this is possible. GeoNode does not have code<br>
> to create users on GeoServer side.<br>
> While it allows you to login using oauth2 (through the admin group) it won't<br>
> be possible to access bia Basic Auth since that user is not recognized by<br>
> GeoServer.<br>
><br>
> To add this functionality we could either:<br>
><br>
> 1. Allow GeoNode to create users on GeoServer (those would be duplicated<br>
> though)<br>
><br>
> 2. Customize the Basic Auth Provider and GeoNode apis (most of the work has<br>
> been already done for OAuth2) in order to enable Basic Auth on GeoServer<br>
> too.<br>
><br>
> We need to discuss this thgouh, and a GNIP is required IMHO, since it is not<br>
> a trivial change.<br>
><br>
> It is also worth trying to make the Basic Auth Provider using the "GeoNode<br>
> REST Role Service", maybe this could be sufficient.<br>
><br>
><br>
> Best Regards,<br>
> Alessio Fabiani.<br>
><br>
> ==<br>
> GeoServer Professional Services from the experts!<br>
> Visit <a href="http://goo.gl/it488V" rel="noreferrer" target="_blank">http://goo.gl/it488V</a> for more information.<br>
> ==<br>
><br>
> Ing. Alessio Fabiani<br>
> @alfa7691<br>
> github<br>
> Founder/Technical Lead<br>
><br>
> GeoSolutions S.A.S.<br>
> Via di Montramito 3/A<br>
> 55054 Massarosa (LU)<br>
> Italy<br>
> phone: <a href="tel:%2B39%200584%20962313" value="+390584962313">+39 0584 962313</a><br>
> fax: <a href="tel:%2B39%200584%201660272" value="+3905841660272">+39 0584 1660272</a><br>
> mob: <a href="tel:%2B39%20331%206233686" value="+393316233686">+39 331 6233686</a><br>
><br>
> <a href="http://www.geo-solutions.it" rel="noreferrer" target="_blank">http://www.geo-solutions.it</a><br>
> <a href="http://twitter.com/geosolutions_it" rel="noreferrer" target="_blank">http://twitter.com/<wbr>geosolutions_it</a><br>
><br>
> ------------------------------<wbr>-------------------------<br>
><br>
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003<br>
><br>
> Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i<br>
> file/s allegato/i sono da considerarsi strettamente riservate. Il loro<br>
> utilizzo è consentito esclusivamente al destinatario del messaggio, per le<br>
> finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio<br>
> senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia<br>
> via e-mail e di procedere alla distruzione del messaggio stesso,<br>
> cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo<br>
> anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per<br>
> finalità diverse, costituisce comportamento contrario ai principi dettati<br>
> dal D.Lgs. 196/2003.<br>
><br>
><br>
><br>
> The information in this message and/or attachments, is intended solely for<br>
> the attention and use of the named addressee(s) and may be confidential or<br>
> proprietary in nature or covered by the provisions of privacy act<br>
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection<br>
> Code).Any use not in accord with its purpose, any disclosure, reproduction,<br>
> copying, distribution, or either dissemination, either whole or partial, is<br>
> strictly forbidden except previous formal approval of the named<br>
> addressee(s). If you are not the intended recipient, please contact<br>
> immediately the sender by telephone, fax or e-mail and delete the<br>
> information in this message that has been received in error. The sender does<br>
> not give any warranty or accept liability as the content, accuracy or<br>
> completeness of sent messages and accepts no responsibility for changes<br>
> made after they were sent or for other risks which arise as a result of<br>
> e-mail transmission, viruses, etc.<br>
><br>
> ------------------------------<wbr>------------------------------<wbr>---------<br>
><br>
><br>
> On Mon, Mar 6, 2017 at 5:41 PM, Paolo Corti <<a href="mailto:pcorti@gmail.com">pcorti@gmail.com</a>> wrote:<br>
>><br>
>> Hi Alessio<br>
>> I did not change anything in GeoServer, I am using the one that comes<br>
>> with GeoNode.<br>
>> If I create a superuser right now, using the Django administrative<br>
>> interface, I cannot login to the GeoServer admin interface using the<br>
>> credentials for this superuser.<br>
>> Which I believe it should be possible, if basic auth would be in place,<br>
>> no?<br>
>> I can use the default administrative GeoServer account though (the one<br>
>> with credentials: admin, geoserver).<br>
>> Same thing using owslib: I can't login with my new superuser, but I<br>
>> can using the administrative account.<br>
>> Thanks a lot<br>
>> p<br>
>><br>
>> On Mon, Mar 6, 2017 at 11:17 AM, Alessio Fabiani<br>
>> <<a href="mailto:alessio.fabiani@geo-solutions.it">alessio.fabiani@geo-<wbr>solutions.it</a>> wrote:<br>
>> > Hi Paolo,<br>
>> > the basic auth works since otherwise it would not be possible to upload<br>
>> > layers neither.<br>
>> ><br>
>> > Maybe the order of authentication providers is wrong on GeoServer or<br>
>> > your<br>
>> > user somehow has a different password and/or removed.<br>
>> ><br>
>> > Another possibility when accessing a layer could be that the security<br>
>> > settings on GeoFence do not allow you to access the latter.<br>
>> ><br>
>> > If possible rise up the log level of GeoServer and see what happens on<br>
>> > $GS_DATA_DIR/logs/geoserver.<wbr>log<br>
>> ><br>
>> ><br>
>> ><br>
>> > Best Regards,<br>
>> > Alessio Fabiani.<br>
>> ><br>
>> > ==<br>
>> > GeoServer Professional Services from the experts!<br>
>> > Visit <a href="http://goo.gl/it488V" rel="noreferrer" target="_blank">http://goo.gl/it488V</a> for more information.<br>
>> > ==<br>
>> ><br>
>> > Ing. Alessio Fabiani<br>
>> > @alfa7691<br>
>> > github<br>
>> > Founder/Technical Lead<br>
>> ><br>
>> > GeoSolutions S.A.S.<br>
>> > Via di Montramito 3/A<br>
>> > 55054 Massarosa (LU)<br>
>> > Italy<br>
>> > phone: <a href="tel:%2B39%200584%20962313" value="+390584962313">+39 0584 962313</a><br>
>> > fax: <a href="tel:%2B39%200584%201660272" value="+3905841660272">+39 0584 1660272</a><br>
>> > mob: <a href="tel:%2B39%20331%206233686" value="+393316233686">+39 331 6233686</a><br>
>> ><br>
>> > <a href="http://www.geo-solutions.it" rel="noreferrer" target="_blank">http://www.geo-solutions.it</a><br>
>> > <a href="http://twitter.com/geosolutions_it" rel="noreferrer" target="_blank">http://twitter.com/<wbr>geosolutions_it</a><br>
>> ><br>
>> > ------------------------------<wbr>-------------------------<br>
>> ><br>
>> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003<br>
>> ><br>
>> > Le informazioni contenute in questo messaggio di posta elettronica e/o<br>
>> > nel/i<br>
>> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro<br>
>> > utilizzo è consentito esclusivamente al destinatario del messaggio, per<br>
>> > le<br>
>> > finalità indicate nel messaggio stesso. Qualora riceviate questo<br>
>> > messaggio<br>
>> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene<br>
>> > notizia<br>
>> > via e-mail e di procedere alla distruzione del messaggio stesso,<br>
>> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,<br>
>> > divulgarlo<br>
>> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo<br>
>> > per<br>
>> > finalità diverse, costituisce comportamento contrario ai principi<br>
>> > dettati<br>
>> > dal D.Lgs. 196/2003.<br>
>> ><br>
>> ><br>
>> ><br>
>> > The information in this message and/or attachments, is intended solely<br>
>> > for<br>
>> > the attention and use of the named addressee(s) and may be confidential<br>
>> > or<br>
>> > proprietary in nature or covered by the provisions of privacy act<br>
>> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection<br>
>> > Code).Any use not in accord with its purpose, any disclosure,<br>
>> > reproduction,<br>
>> > copying, distribution, or either dissemination, either whole or partial,<br>
>> > is<br>
>> > strictly forbidden except previous formal approval of the named<br>
>> > addressee(s). If you are not the intended recipient, please contact<br>
>> > immediately the sender by telephone, fax or e-mail and delete the<br>
>> > information in this message that has been received in error. The sender<br>
>> > does<br>
>> > not give any warranty or accept liability as the content, accuracy or<br>
>> > completeness of sent messages and accepts no responsibility for changes<br>
>> > made after they were sent or for other risks which arise as a result of<br>
>> > e-mail transmission, viruses, etc.<br>
>> ><br>
>> > ------------------------------<wbr>------------------------------<wbr>---------<br>
>> ><br>
>> ><br>
>> > On Mon, Mar 6, 2017 at 4:52 PM, Paolo Corti <<a href="mailto:pcorti@gmail.com">pcorti@gmail.com</a>> wrote:<br>
>> >><br>
>> >> Hi devs<br>
>> >><br>
>> >> I am testing the trunk version of GeoNode, and I need to run some<br>
>> >> script on layers using basic authentication and owslib.<br>
>> >> This was working well with the old GeoServer authentication system of<br>
>> >> GeoNode (without GeoFence).<br>
>> >><br>
>> >> It should still working now as well, as I can see basic authentication<br>
>> >> is the first authentication provider in the authentication providers<br>
>> >> chain, followed by geofence and geonodeauthprovider.<br>
>> >><br>
>> >> Unfortunately basic authentication does not seem to work. I cannot<br>
>> >> login in the GeoServer admin interface with my credentials, and if I<br>
>> >> try to make requests using owslib and my credentials I get this error:<br>
>> >><br>
>> >> No AuthenticationProvider found for<br>
>> >><br>
>> >><br>
>> >> org.springframework.security.<wbr>authentication.<wbr>UsernamePasswordAuthentication<wbr>Token<br>
>> >><br>
>> >> Any idea here? Thanks in advance<br>
>> >> p<br>
>> >><br>
>> >> --<br>
>> >> Paolo Corti<br>
>> >> Geospatial software developer<br>
>> >> web: <a href="http://www.paolocorti.net" rel="noreferrer" target="_blank">http://www.paolocorti.net</a><br>
>> >> twitter: @capooti<br>
>> >> skype: capooti<br>
>> >> ______________________________<wbr>_________________<br>
>> >> geonode-devel mailing list<br>
>> >> <a href="mailto:geonode-devel@lists.osgeo.org">geonode-devel@lists.osgeo.org</a><br>
>> >> <a href="https://lists.osgeo.org/mailman/listinfo/geonode-devel" rel="noreferrer" target="_blank">https://lists.osgeo.org/<wbr>mailman/listinfo/geonode-devel</a><br>
>> ><br>
>> ><br>
>><br>
>><br>
>><br>
>> --<br>
>> Paolo Corti<br>
>> Geospatial software developer<br>
>> web: <a href="http://www.paolocorti.net" rel="noreferrer" target="_blank">http://www.paolocorti.net</a><br>
>> twitter: @capooti<br>
>> skype: capooti<br>
><br>
><br>
<br>
<br>
<br>
--<br>
Paolo Corti<br>
Geospatial software developer<br>
web: <a href="http://www.paolocorti.net" rel="noreferrer" target="_blank">http://www.paolocorti.net</a><br>
twitter: @capooti<br>
skype: capooti<br>
</div></div></blockquote></div><br></div>