[GeoNode-users] geoserver authentication in multi-geosites

Alessio Fabiani alessio.fabiani at gmail.com
Wed May 31 06:45:22 PDT 2017 

Hello Eugenio,
so, just do a quick test... if the layer is public, go to
http://geothoponode.igg.cnr.it/geoserver2 and, as anonymous user, try to
hit Layer Preview.

If you don't see your layer listed here, that means that the security (at
least on that geoserver2 instance) does not allow you to access it as an
anonymous user.

On Wed, May 31, 2017 at 3:20 PM, Eugenio Trumpy <frippe12573 at hotmail.com>
wrote:

> Hi Alessio,
>
>
> the raster layer is a public layer. It can be seen by anyone (check box
> marked). There is also my name among the users. The same for download
> capabilities.
>
> I saw this information in the 'Change layer permissions' panel.
>
> What do you mean with "Is the geotiff present and configured on the
> second instance too"? If you mean that the raster layer is listed also in
> the child site,
>
> the answer is yes.
>
> I don't know how to catch the request, however the geoserver log output is:
>
> https://pastebin.com/W0K9LHde
>
>
> any hints?
>
>
> E.
>
>
>
> ------------------------------
> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
> *Inviato:* mercoledì 24 maggio 2017 15.50
> *A:* Eugenio Trumpy
> *Cc:* geonode-users; Simone Dalmasso
> *Oggetto:* Re: [GeoNode-users] geoserver authentication in multi-geosites
>
> Is the geotiff present and configured on the second instance too? Is it
> private or publicly accessible? Can you somehow intercept the requests and
> send them here?
>
> On May 20, 2017 15:20, "Eugenio Trumpy" <frippe12573 at hotmail.com> wrote:
>
>> Hi all,
>>
>>
>> unfortunately I was not able to solve the issue raised in this thread. I
>> was just living in the situation described.
>>
>> However, today I have to face a consequent, I guess, issue.
>>
>> From a child site I'm not able to download a raster layer (uploaded as
>> tif) in geotiff format (i.e. in the download menu there is not the item
>> 'Geotiff').
>>
>> If I try to download the same raster layer from the master site it is
>> possible (i.e. in the download menu there is the item 'Geotiff').
>>
>> I think is a matter of geoserver configuration/authentication in
>> geonode-multitenancy environment.
>>
>>
>> Have you got any suggestion?
>>
>>
>> E.
>>
>>
>> ------------------------------
>> *Da:* Simone Dalmasso <simone.dalmasso at gmail.com>
>> *Inviato:* mercoledì 5 aprile 2017 15.39
>> *A:* Eugenio Trumpy
>> *Cc:* geonode-users at lists.osgeo.org
>> *Oggetto:* Re: geoserver authentication in multi-geosites
>>
>> Eugenio, I don't see wrong config. It is ok I guess to leave the master
>> site host in the gs config as well as I think it is ok that you cannot log
>> in directly into gs from a child site. That said, when geosites was
>> developed, the geoserver ext was modified to make sure that geoserver pings
>> the same host that made the http request for authentication instead of
>> relying on the base url parameter. So ideally it should work as you would
>> expect.
>>
>>
>> 2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com>:
>>
>>> Hi,
>>>
>>>
>>> I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7, java8).
>>>
>>> I had to upgrade geoserver from 2.7.x version up to 2.9.x.
>>>
>>> In the system I configured geonode to work as multi-geosites.
>>>
>>> The master site is the normal geonode site, I mean it use the
>>> local_setting.py I have in /geonode/geonode
>>>
>>> The geosites are in /geonode/geonode/contrib/geosites, and they use the
>>> relative config files.
>>>
>>>
>>> The documentation: https://github.com/terranodo/geosites-project
>>> /blob/master/GEOSITES-README.md
>>>
>>> indicates to leave empty <baseurl> in config.xml in
>>> security/auth/geonodeauthprovider/
>>>
>>> In that way I have this error:
>>>
>>> java.lang.IllegalArgumentException: host parameter is null
>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
>>> 	org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
>>> 	org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
>>> 	org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
>>> 	org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
>>> 	org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
>>> 	org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
>>> 	org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
>>> 	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
>>> 	org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
>>> 	org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
>>> 	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
>>> 	org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
>>> 	org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>> 	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
>>> 	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
>>> 	org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
>>> 	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>>> 	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
>>> 	org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
>>> 	org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
>>> 	org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
>>> 	org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
>>> 	org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
>>> 	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>>>
>>> both if I use the geoserver link in the menu (once logged in) and if I
>>> call geoserver by using the geoserver url in the browser address bar.
>>>
>>>
>>> If set the doman name of the master site in <baseurl> in config.xml in
>>> security/auth/geonodeauthprovider/
>>>
>>> I'm able to enter in geoserver as admin from the menu, by the way doing
>>> the same operation from a geosite
>>>
>>> I got the geoserverage but not logged.
>>>
>>>
>>> The master site virtualhost as well as those of the geosites have the
>>> proxypass and reverse pointing to http://localhost:8080/geoserver
>>>
>>> The same in /geonode/geonode/contrib/geosites/local_setting.py and
>>> pre-setting.py I have http://localhost:8080/geoserver
>>>
>>>
>>> Is there a wrong configuration?
>>>
>>> Any hints?
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Simone
>>
>> _______________________________________________
>> geonode-users mailing list
>> geonode-users at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170531/43765cb7/attachment.html>

More information about the geonode-users mailing list