[GeoNode-users] Severe layer permissions problem

Benjamin Ducke benducke at fastmail.fm
Wed Oct 12 04:30:19 PDT 2016 

Hi All,

I have still not been able to resolve the
permissions problem (see below).
But here is one more observation:

If I am logged into the GeoServer backend
as "admin", then permissions work on the
_same_ machine: I can log in using the same
browser session and a regular user account
and layer permissions work as expected.

But as soon as I log out of the GeoServer
backend, authentication breaks again.

GeoServer and GeoNode are running on the
same VM. Has anyone here experience similar
issues and could give me some hints on where
to start checking GeoServer authentication?

Cheers,

Ben


On 26/08/16 13:01, Benjamin Ducke wrote:
> On 26/08/16 11:51, Benjamin Ducke wrote:
>> Hi Dan --
>>
>> On 26/08/16 11:52, Daniel Berry wrote:
>>> Ben,
>>>
>>> It appears that your GeoServer is not seeing the  GeoNode (Django)
>>> sessionid. Did you configure the GeoNode Auth provider
>>> http://docs.geonode.org/en/master/tutorials/install_and_admin/geonode_install/install_geoserver_application.html#geonode-authentication-integration.
>>>
> 
> Ok, so I followed the instructions in the
> URL above, but unfortunately the problem
> remains. Note that:
> 
> - On a stock Ubuntu install, the "web.xml"
> config file is located in "/usr/share/geoserver/WEB-INF".
> - GeoNode and Geoserver are running on the same host
>   (so I set GEONODE_BASE_URL to localhost).
> - The problem affects all layers (raster & vector).
> 
> Still, I think that this narrows it down.
> There is definitely something going wrong
> with the handshaking between GeoNode and
> Geoserver. Within GeoNode, permissions
> and user IDs are working, because I can
> e.g. set metadata editing permissions and
> they work as expected.
> 
> Cheers,
> 
> Ben
> 
>>>
>>> Geoserver uses the sessionid to initiate a request to GeoNode to verify
>>> that the user is authorized to view the layer. If the layer is not
>>> granted anonymous access GeoServer will not expose the layer to the
>>> user, which is why you are seeing pink tiles.
>>
>> Thanks for the pointer!
>> I will check this. Most likely it is not
>> configured (correctly).
>>
>> If there is still a problem then I will
>> file a proper bug report.
>>
>> Cheers!
>>
>> Ben
>>
>>>
>>> Dan
>>>
>>>
>>> On Aug 26, 2016 08:39, "Jeffrey Johnson" <ortelius at gmail.com
>>> <mailto:ortelius at gmail.com>> wrote:
>>>
>>>     Benjamin, Can you file an issue for this in the issue tracker. One of
>>>     us will try to replicate on a fresh instance.
>>>
>>>     On Fri, Aug 26, 2016 at 12:17 AM, Benjamin Ducke
>>>     <benducke at fastmail.fm <mailto:benducke at fastmail.fm>> wrote:
>>>     > Dear All --
>>>     >
>>>     > I have a layer permissions problem that
>>>     > I cannot solve. The problem is that any
>>>     > vector layer which is not set to visible to
>>>     > "Anyone" cannot be viewed, not even by
>>>     > the layer's owner. It will be shown
>>>     > in the list of Layers if the user has
>>>     > viewing permissions, but clicking on it
>>>     > will produce just a pink box. The Geoserver
>>>     > log contains error messages complaining
>>>     > about a missing layer:
>>>     >
>>>     > Caused by: org.geoserver.platform.ServiceException: geonode:gisws_orte
>>>     > layer does not exist
>>>     >
>>>     > However, the layer does definitely exist
>>>     > and will be displayed if switched visible
>>>     > for "Anyone".
>>>     >
>>>     > This problem occurs with PostGIS-stored
>>>     > layers on a fresh installation of
>>>     > GeoNode 2.4.1 (official Ubuntu packages),
>>>     > with data migrated from a 2.0 install
>>>     > following these instructions:
>>>     >
>>>     >
>>>     https://github.com/capooti/geonode/tree/migration_from20_to_24/scripts/migrations/migrate20to24
>>>     <https://github.com/capooti/geonode/tree/migration_from20_to_24/scripts/migrations/migrate20to24>
>>>     >
>>>     > Any hints would be very much appreciated.
>>>     >
>>>     > Cheers,
>>>     >
>>>     > Ben
>>>     > _______________________________________________
>>>     > geonode-users mailing list
>>>     > geonode-users at lists.osgeo.org <mailto:geonode-users at lists.osgeo.org>
>>>     > http://lists.osgeo.org/mailman/listinfo/geonode-users
>>>     <http://lists.osgeo.org/mailman/listinfo/geonode-users>
>>>     _______________________________________________
>>>     geonode-users mailing list
>>>     geonode-users at lists.osgeo.org <mailto:geonode-users at lists.osgeo.org>
>>>     http://lists.osgeo.org/mailman/listinfo/geonode-users
>>>     <http://lists.osgeo.org/mailman/listinfo/geonode-users>
>>>
>>
>>
>>
> 
> 
> 



-- 
Dr. Benjamin Ducke
{*} Geospatial Consultant
{*} GIS Developer

Spatial technology for the masses, not the classes:
experience free and open source GIS at http://gvsigce.org

More information about the geonode-users mailing list