[GeoNode-users] Geonode 2.6c1, admin user is not automatically logged into geoserver
Eric Goddard
egoddard1010 at gmail.com
Tue Apr 18 06:51:21 PDT 2017
Hi Alessio,
Thanks again for the response.
I'm installing geonode on a fresh ubuntu 16.04 vm, so I don't have an
old configuration. I worked through the geonode security guide,
everything in my environment matched except the following:
Django OAuth Toolkit Applications
- Did not contain http://localhost:8080/geoserver entries; added
those above the public urls
- Skip authorization was checked; unchecked it
Geonode security settings:
- Active Role service was default, changed to geonode REST service
Geonode geofence Admin rules:
- Rules existed for User and admin; deleted those rules
After making those changes i tried uploading a layer, which still results in:
Tried to make a GET request to
https://geoportal.memphis.edu/geoserver/rest/workspaces/default.xml
but got a 404 status code:
using curl with the geoserver admin account also results in a 404:
curl -v -u admin:**** http://localhost:8080/geoserver/rest/workspaces
results in :
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'admin'
> GET /geoserver/rest/workspaces HTTP/1.1
> Host: localhost:8080
> Authorization: Basic
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Set-Cookie: JSESSIONID=59351DCBB625DAACFF50D69598123BA7;
Path=/geoserver/; HttpOnly
< Date: Tue, 18 Apr 2017 13:33:45 GMT
< Server: Noelios-Restlet-Engine/1.0..8
< Transfer-Encoding: chunked
using the public url also results in a 404. The geoserver log after
making the curl request contains:
2017-04-18 08:48:01,220 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/web/**'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/gwc/rest/web/**'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_security_check'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_security_check/'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_oauth2_geonode_login'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_oauth2_geonode_login/'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_security_logout'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_security_logout/'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_oauth2_geonode_logout'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/j_spring_oauth2_geonode_logout/'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path: /rest/workspaces/default.xml,
QueryString: null'; against '/rest/**'
2017-04-18 08:48:01,221 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Matched Path: /rest/workspaces/default.xml, QueryString: null with
/rest/**
2017-04-18 08:48:01,221 DEBUG [org.geoserver.security] -
AuthenticationCache found an entry for basic,
admin:20360581bd15fb4891bb083c8e2a69a0
2017-04-18 08:48:01,250 DEBUG [org.geoserver.security] - Inspecting
the http request looking for the GeoNode Session ID.
2017-04-18 08:48:01,250 DEBUG [org.geoserver.security] - Found no cookies!
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- Converted URL to lowercase, from: '/rest/workspaces/default.xml';
to: '/rest/workspaces/default.xml' and httpMethod= GET
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- ~~~~~~~~~~ antPath= /rest/process/batchdownload/download/*
methodList= [GET]
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- Candidate is: '/rest/workspaces/default.xml'; antPath is
/rest/process/batchdownload/download/*; matchedPath=false;
matchedMethods=true
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- ~~~~~~~~~~ antPath= /rest/printing/* methodList= [GET, POST]
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- Candidate is: '/rest/workspaces/default.xml'; antPath is
/rest/printing/*; matchedPath=false; matchedMethods=true
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- ~~~~~~~~~~ antPath= /** methodList= [GET]
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- Candidate is: '/rest/workspaces/default.xml'; antPath is /**;
matchedPath=true; matchedMethods=true
2017-04-18 08:48:01,250 DEBUG
[org.geoserver.security.RESTfulPathBasedFilterInvocationDefinitionMap]
- returning IS_AUTHENTICATED_ANONYMOUSLY
2017-04-18 08:48:01,251 TRACE [org.geoserver.ows.OWSHandlerMapping] -
No handler mapping found for [/rest/workspaces/default.xml]
2017-04-18 08:48:01,253 DEBUG
[org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1]
- SecurityContextHolder now cleared, as request processing completed
2017-04-18 08:48:06,724 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Checking match of request : 'Path:
/web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString:
53&lines=1000'; against '/web/**'
2017-04-18 08:48:06,725 DEBUG
[org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage,
QueryString: 53&lines=1000 with /web/**
2017-04-18 08:48:06,725 DEBUG [org.geoserver.security] - Inspecting
the http request looking for the GeoNode Session ID.
2017-04-18 08:48:06,725 DEBUG [org.geoserver.security] - Found 6 cookies!
2017-04-18 08:48:06,725 DEBUG [org.geoserver.security] - Found GeoNode
cookie: of0qsjhpb2ymio0ejfxcky0ace0vghz3
2017-04-18 08:48:06,728 TRACE [org.geoserver.ows.OWSHandlerMapping] -
No handler mapping found for
[/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]
2017-04-18 08:48:06,729 DEBUG [org.geoserver] - Thread 63 locking in mode WRITE
2017-04-18 08:48:06,730 DEBUG [org.geoserver] - Thread 63 got the lock
in mode WRITE
Looking at the upload directory, I can see that the files are uploaded.
On Tue, Apr 18, 2017 at 3:33 AM, Alessio Fabiani
<alessio.fabiani at geo-solutions.it> wrote:
> Hello Eric,
>
> the REST endpoints should be protected by default and accessible only
> through internal GeoServer admin user (which is different from GeoNode one;
> you can find it's credentials inside the "local_settings.py")
>
> e.g. using CURL you would need to query the REST endpoints as curl -u
> admin:***** ...
>
> The other errors are quite strange and currently I cannot say the cause
> without further details.
>
> If you started from an old GeoServer DATA DIR (2.7 maybe) you might need to
> do some changes manually in order to fix some issues with the Authentication
> Providers.
>
> Please, read carefully this guide
>
> http://docs.geonode.org/en/latest/tutorials/admin/geoserver_geonode_security/index.html
>
> which explains in details how GeoNode and GeoServer security interacts and
> how should be correctly configured.
>
> Let me know if you still have issues and, in that case, let's try to
> throubleshoot them somehow.
>
>
>
>
>
>
> Best Regards,
> Alessio Fabiani.
>
> ==
> GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
> @alfa7691
> github
> Founder/Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 331 6233686
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
> file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> utilizzo è consentito esclusivamente al destinatario del messaggio, per le
> finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio
> senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia
> via e-mail e di procedere alla distruzione del messaggio stesso,
> cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo
> anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per
> finalità diverse, costituisce comportamento contrario ai principi dettati
> dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender does
> not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> ---------------------------------------------------------------------
>
>
> On Fri, Apr 14, 2017 at 9:13 PM, Eric Goddard <egoddard1010 at gmail.com>
> wrote:
>>
>> Thanks Alessio, using the geonode button does work now. I missed that
>> addition and was expecting it to work the same as in 2.4.
>>
>> I can authenticate with Geoserver now, however when trying to upload a
>> layer through geonode it throws an error:
>>
>> (actual url replaced since it isn't ready yet)
>>
>> Tried to make a GET request to
>> https://geonode.example.com/geoserver/rest/workspaces/default.xml but
>> got a 404 status code:
>>
>> trying to access the rest endpoints directly gives an error message,
>> both over http and https so I don't think it is from the nginx/lets
>> encrypt config. However, When I'm in the geoserver admin,
>> clicking on any of the sidebar links such as Geoserver logs adds an
>> extra https// in the link: Even though hovering over the link displays
>> the correct link in the browser status bar, when you click on it I get
>>
>> https://https//geonode.example.com/geoserver/web/wicket/bookmarkable/org.geoserver.web.admin.StatusPage?8
>>
>> Thanks again,
>> Eric
>>
>> On Fri, Apr 14, 2017 at 4:01 AM, Alessio Fabiani
>> <alessio.fabiani at geo-solutions.it> wrote:
>> > It is normal.
>> >
>> > If you are using OAtuh2, the GeoServer Admin GUI won't be automatically
>> > logged. You need to authenticate through geonode icon or geoserver
>> > credentials.
>> >
>> > This is different for access to the layers. GeoNode generates an
>> > authentication token which is used to keep authentication.
>> >
>> > Alternatively you can get this token from session and use it to be
>> > automatically authetnicated on GeoServer Admin GUI too.
>> >
>> >
>> > Best Regards,
>> > Alessio Fabiani.
>> >
>> > ==
>> > GeoServer Professional Services from the experts!
>> > Visit http://goo.gl/it488V for more information.
>> > ==
>> >
>> > Ing. Alessio Fabiani
>> > @alfa7691
>> > github
>> > Founder/Technical Lead
>> >
>> > GeoSolutions S.A.S.
>> > Via di Montramito 3/A
>> > 55054 Massarosa (LU)
>> > Italy
>> > phone: +39 0584 962313
>> > fax: +39 0584 1660272
>> > mob: +39 331 6233686
>> >
>> > http://www.geo-solutions.it
>> > http://twitter.com/geosolutions_it
>> >
>> > -------------------------------------------------------
>> >
>> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>> >
>> > Le informazioni contenute in questo messaggio di posta elettronica e/o
>> > nel/i
>> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
>> > utilizzo è consentito esclusivamente al destinatario del messaggio, per
>> > le
>> > finalità indicate nel messaggio stesso. Qualora riceviate questo
>> > messaggio
>> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
>> > notizia
>> > via e-mail e di procedere alla distruzione del messaggio stesso,
>> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> > divulgarlo
>> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo
>> > per
>> > finalità diverse, costituisce comportamento contrario ai principi
>> > dettati
>> > dal D.Lgs. 196/2003.
>> >
>> >
>> >
>> > The information in this message and/or attachments, is intended solely
>> > for
>> > the attention and use of the named addressee(s) and may be confidential
>> > or
>> > proprietary in nature or covered by the provisions of privacy act
>> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> > Code).Any use not in accord with its purpose, any disclosure,
>> > reproduction,
>> > copying, distribution, or either dissemination, either whole or partial,
>> > is
>> > strictly forbidden except previous formal approval of the named
>> > addressee(s). If you are not the intended recipient, please contact
>> > immediately the sender by telephone, fax or e-mail and delete the
>> > information in this message that has been received in error. The sender
>> > does
>> > not give any warranty or accept liability as the content, accuracy or
>> > completeness of sent messages and accepts no responsibility for changes
>> > made after they were sent or for other risks which arise as a result of
>> > e-mail transmission, viruses, etc.
>> >
>> > ---------------------------------------------------------------------
>> >
>> >
>> > On Thu, Apr 13, 2017 at 10:35 PM, Eric Goddard <egoddard1010 at gmail.com>
>> > wrote:
>> >>
>> >> Hi all,
>> >>
>> >> I'm running Geonode 2.6c1 on Ubuntu 16.04 installed using Ansible
>> >> (with geoserver-2.9.x-oauth2). My geonode instance is served over
>> >> https with a LetsEncrypt certificate.
>> >>
>> >> After enabling ssl, I've gone through and changed the URLS for geonode
>> >> and geoserver everywhere that I can think of so that it uses the https
>> >> endpoint:
>> >>
>> >> /var/lib/tomcat8/webapps/geoserver/data/security/role/geonode REST
>> >> role service/config.xml
>> >>
>> >>
>> >> /var/lib/tomcat8/webapps/geoserver/data/security/auth/geonodeAuthProvider/config.xml
>> >>
>> >>
>> >> /var/lib/tomcat8/webapps/geoserver/data/security/filter/geonode-oauth2/config.xml
>> >> /var/lib/tomcat8/webapps/geoserver/data/global.xml
>> >>
>> >> GEOSERVER_LOCATION in local_settings.py has also been updated to the
>> >> https endpoint.
>> >>
>> >> I also changed the redirect uris in the GeoServer application entry in
>> >> the geonode admin panel under Django Oauth2 Toolkit > GeoServer to the
>> >> https endpoint.
>> >>
>> >>
>> >> The geoserver log after attempting to access geoserver from the logged
>> >> in admin account:
>> >>
>> >> 2017-04-13 15:13:14,757 DEBUG
>> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
>> >> Checking match of request : 'Path: /, QueryString: null'; against
>> >> '/web/**'
>> >> 2017-04-13 15:13:14,757 DEBUG
>> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
>> >> Checking match of request : 'Path: /, QueryString: null'; against
>> >> '/gwc/rest/web/**'
>> >> 2017-04-13 15:13:14,757 DEBUG
>> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
>> >> Checking match of request : 'Path: /, QueryString: null'; against '/'
>> >> 2017-04-13 15:13:14,758 DEBUG
>> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
>> >> Matched Path: /, QueryString: null with /
>> >> 2017-04-13 15:13:14,758 DEBUG [org.geoserver.security] - Inspecting
>> >> the http request looking for the GeoNode Session ID.
>> >> 2017-04-13 15:13:14,758 DEBUG [org.geoserver.security] - Found 9
>> >> cookies!
>> >> 2017-04-13 15:13:14,759 DEBUG [org.geoserver.security] - Found GeoNode
>> >> cookie: fgalnbhxuf3ynqazgs3bfm0uqqkk71l0
>> >> 2017-04-13 15:13:14,761 DEBUG [org.geoserver.security] -
>> >> preAuthenticatedPrincipal = null, trying to authenticate
>> >> 2017-04-13 15:13:14,768 TRACE [org.geoserver.ows.OWSHandlerMapping] -
>> >> No handler mapping found for [/]
>> >> 2017-04-13 15:13:14,769 DEBUG
>> >>
>> >>
>> >> [org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1]
>> >> - SecurityContextHolder now cleared, as request processing completed
>> >> 2017-04-13 15:13:14,944 DEBUG
>> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
>> >> Checking match of request : 'Path: /web/, QueryString: null'; against
>> >> '/web/**'
>> >> 2017-04-13 15:13:14,944 DEBUG
>> >> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] -
>> >> Matched Path: /web/, QueryString: null with /web/**
>> >> 2017-04-13 15:13:14,944 DEBUG [org.geoserver.security] - Inspecting
>> >> the http request looking for the GeoNode Session ID.
>> >> 2017-04-13 15:13:14,944 DEBUG [org.geoserver.security] - Found 9
>> >> cookies!
>> >> 2017-04-13 15:13:14,945 DEBUG [org.geoserver.security] - Found GeoNode
>> >> cookie: fgalnbhxuf3ynqazgs3bfm0uqqkk71l0
>> >> 2017-04-13 15:13:14,946 DEBUG [org.geoserver.security] -
>> >> preAuthenticatedPrincipal = null, trying to authenticate
>> >> 2017-04-13 15:13:14,953 TRACE [org.geoserver.ows.OWSHandlerMapping] -
>> >> No handler mapping found for [/web/]
>> >> 2017-04-13 15:13:15,021 DEBUG [org.geoserver.filters] - Compressing
>> >> output for mimetype: text/html;charset=UTF-8
>> >> 2017-04-13 15:13:15,028 DEBUG
>> >>
>> >>
>> >> [org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1]
>> >> - SecurityContextHolder now cleared, as request processing completed
>> >>
>> >>
>> >> I'm not really sure where go from here with troubleshooting, so any
>> >> help is greatly appreciated. I've tried to include everything that
>> >> that would be relevant to this issue, but if there is some other
>> >> information that's needed please let me know.
>> >>
>> >> Thanks!
>> >>
>> >> Eric
>> >> _______________________________________________
>> >> geonode-users mailing list
>> >> geonode-users at lists.osgeo.org
>> >> https://lists.osgeo.org/mailman/listinfo/geonode-users
>> >
>> >
>
>
More information about the geonode-users
mailing list