[GeoNode-users] geoserver authentication in multi-geosites

Eugenio Trumpy frippe12573 at hotmail.com
Tue Apr 18 02:52:26 PDT 2017 

Hi all,


I think I made some good steps toward a solution.

Following-up the attempts I listed in the previous emails, now I have:

  *   a 2.9.x geoserver running version donloaded from: http://build.geonode.org/geoserver/latest/geoserver-2.9.x.war
  *   a 2.9 data dir downloaded from: http://build.geonode.org/geoserver/latest/data-2.9.x.zip and running
  *   my backup data running in the data dir pointed above

then I have added in web.xml:
<context-param>
    <param-name>GEONODE_BASE_URL</param-name>
    <param-value>http://the_name_server_of_the_master_site/</param-value>
</context-param>

and in config.xml under ./data/security/auth/GeonodeAuthenticationProvider
<baseUrl>http://the_name_server_of_the_master_site/<http://the_name_server_of_the_master_site/></baseUrl>

In this way I can access in geoserver in an authenticated session (once I login in geonode).
Unfortunately this is not possible from each geosite.

If I remove the url from <baseUrl> I cannot access geoserver in an authenticated session also from the master site.

How can I sort out this issue?

Best

Eugenio

________________________________
Da: Eugenio Trumpy <frippe12573 at hotmail.com>
Inviato: mercoledì 12 aprile 2017 15.32
A: Francesco Bartoli
Cc: Alessio Fabiani; Simone Dalmasso; geonode-users at lists.osgeo.org
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites


Hi Francesco and all,


I have just tried to add some comments and possible suggestions on the readme file releted to gonode multi-tenancy. It was the first time for me I don't know if I did well.

https://github.com/GeoNode/geonode/commit/740af85ab5654cee3d27b6611b74c39687a4187c#diff-587dce94ba79af7b86f22f9bb4b031d1R22


Regarding the suggestion you gave me about the authentication, I started from scratch, so:

  1.  I downloaded geoserver<http://build.geonode.org/geoserver/latest/geoserver-2.9.x.war>-2.9.x.war and data-2.9.x.zip<http://build.geonode.org/geoserver/latest/data-2.9.x.zip>
  2.  I copied and renamed in my tomcat container geoserver<http://build.geonode.org/geoserver/latest/geoserver-2.9.x.war>-2.9.x.war as geoserver2.war, I restarted tomcat and I checked if geoserver2 was running, and it was.
  3.  I modified geoserver/WEB-INF/web.xls adding
<context-param>
    <param-name>GEONODE_BASE_URL</param-name>
    <param-value>http://localhost/</param-value>
</context-param>
where I replaced localhost with the server name I have in the virtualhost set for the master-site. Restarted tomcat and geoserver was running.
  4.
I stopped again tomcat and I replaced the created data dir with the one downloaded and unzipped, I restarted again tomcat, checked, and geoserver was not running:

here the errors in catalina.log:
https://pastebin.com/Mp7s5MTW
whereas errors in localhost.log are here:
https://pastebin.com/mEfNsQ1q

Am I right? Is it right to replace the data dir downloaded with the one generated by deploying geoserver.war?

I home in fruitful hints from you,

best

Eugenio


________________________________

Da: Francesco Bartoli <xbartolone at gmail.com>
Inviato: domenica 9 aprile 2017 13.05
A: Eugenio Trumpy
Cc: Alessio Fabiani; Simone Dalmasso; geonode-users at lists.osgeo.org
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites

Hi Eugenio,

if you are not able to send the modifications packaged in a pull request then you can go through editing files directly from github. You need just an account there and then follow the files on this page https://github.com/GeoNode/geonode/search?l=Text&q=geosites&type=&utf8=%E2%9C%93<https://github.com/GeoNode/geonode/search?l=Text&q=geosites&type=&utf8=?> where geosites is referenced in the documentation. Feel free to propose your changes, after saving them a pull request will be automatically generated for you.


Also consider that some of your achievements require a huge knowledge of developing django applications and exploiting geoserver features, mostly the authentication part. I’ve never used geosites but please double check the geoserver build that you have got since there are two different ones for 2.9.x and 2.4 should work only against geoserver-2.9.x.war<http://build.geonode.org/geoserver/latest/geoserver-2.9.x.war> and the associated data directory data-2.9.x.zip<http://build.geonode.org/geoserver/latest/data-2.9.x.zip>

Ciao
Francesco

Il giorno 07/apr/2017, alle ore 16:05, Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> ha scritto:


Dear Francesco,


I had no problem with geonode classical installation and I was able to configure also geosites thanks to the help of this mailing list. Unfortunately I had to update geoserver to a newer version respect the one distributed with geonode, since I had some issues with nodata areas produced by the reprojecting procedures of the raster layers. The mailing list suggested me to upgrade geoserver. Almost everything works fine with the geoserver-2.9 except the authentication both in the master site and in the geosites I have.


If I leave the master URL name in <baseurl> in config.xml in security/auth/geonodeauthprovider/ I'm able to authanticate as admin in geoserver only from the master site, but not from the geosites. If I follow the instruction to leave <baseurl> in config.xml in security/auth/geonodeauthprovider/ empty as decribed in https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md I cannot authenticate neither from the master site nor in the geosites.

I guess I have something wrong somewhere.


Probably my last email was a bit confused, due to the fact that I tried to change many times the configuration without positive results, and I was a bit frustrated.


That said I'm ready to help the community as I can, I can write some lines from my notes about how to setup a geosite from a normal geonode installation, or if you prefer suggest which point in the documentation have to be updated, but consider I'm not a developer.


Thanks


Eugenio



________________________________
Da: Francesco Bartoli <xbartolone at gmail.com<mailto:xbartolone at gmail.com>>
Inviato: giovedì 6 aprile 2017 17.46
A: Eugenio Trumpy
Cc: Alessio Fabiani; Simone Dalmasso; geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites

Dear Eugenio,

since the master is not working and there is a plenty of documentation how a plain geonode 2.4 should be configured even for the old authentication mechanism I'd rather you did not claim help early for more complex features like multi tenancy authentication as opposed to challenging yourself to solve the easiest.

That said I'd encourage again to keep notes of everything that could be helpful to improve our documentation for geosites and give back to the community with pull requests.
Your project can be very useful in such a sense because what you are going to achieve is not common so far and in case of a successful integration (I'm quite sure of this) all the community can also further benefit.

Many thanks
Ciao
Francesco

Sent from Nylas Pro<https://link.nylas.com/link/43o9gzlmd58gqwkxv3di3wjcc/local-22b04220-62bf/0?redirect=https%3A%2F%2Fnylas.com%2Fnylas-pro%3Fref%3Dn1&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>, the most powerful email app for work


On apr 6 2017, at 4:40 pm, Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:
Unfortunately I have to come back again on this topic, that seemed to be almost solved yesterday, because this morning I realized that in my running configuration I cannot view any layer (i.e. in the info page I see the pink tiles) if I'm not logged in geoserver as admin, and since the authentication via geonode dosen't currently work fine that is a problem.
This happen both from the master and from geosites.
I think there still is some problem on geoserver configuration.
No useful info on logs.


________________________________
Da: Simone Dalmasso <simone.dalmasso at gmail.com<mailto:simone.dalmasso at gmail.com>>
Inviato: mercoledì 5 aprile 2017 15.39
A: Eugenio Trumpy
Cc: geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
Oggetto: Re: geoserver authentication in multi-geosites

Eugenio, I don't see wrong config. It is ok I guess to leave the master site host in the gs config as well as I think it is ok that you cannot log in directly into gs from a child site. That said, when geosites was developed, the geoserver ext was modified to make sure that geoserver pings the same host that made the http request for authentication instead of relying on the base url parameter. So ideally it should work as you would expect.


2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>>:
Hi,

I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7, java8).
I had to upgrade geoserver from 2.7.x version up to 2.9.x.
In the system I configured geonode to work as multi-geosites.
The master site is the normal geonode site, I mean it use the local_setting.py I have in /geonode/geonode
The geosites are in /geonode/geonode/contrib/geosites, and they use the relative config files.

The documentation: https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md<https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>
indicates to leave empty <baseurl> in config.xml in security/auth/geonodeauthprovider/
In that way I have this error:

java.lang.IllegalArgumentException: host parameter is null
        org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
        org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
        org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
        org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
        org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
        org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
        org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
        org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
        org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
        org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
        org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
        org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
        org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
        org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
        org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
        org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
        org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
        org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
        org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
        org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
        org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
        org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
        org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
        org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

both if I use the geoserver link in the menu (once logged in) and if I call geoserver by using the geoserver url in the browser address bar.

If set the doman name of the master site in <baseurl> in config.xml in security/auth/geonodeauthprovider/
I'm able to enter in geoserver as admin from the menu, by the way doing the same operation from a geosite
I got the geoserverage but not logged.

The master site virtualhost as well as those of the geosites have the proxypass and reverse pointing to http://localhost:8080/geoserver<http://localhost:8080/geoserver&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>
The same in /geonode/geonode/contrib/geosites/local_setting.py and pre-setting.py I have http://localhost:8080/geoserver<http://localhost:8080/geoserver&r=ZnJpcHBlMTI1NzNAaG90bWFpbC5jb20=>

Is there a wrong configuration?
Any hints?





--
Simone

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170418/84176e22/attachment-0001.html>

More information about the geonode-users mailing list