[GeoNode-users] geoserver authentication in multi-geosites

Simone Dalmasso simone.dalmasso at gmail.com
Wed May 31 07:02:00 PDT 2017 

Ciao guys, just to point out that I think Eugenio is the first one using
the new oauth2 with geosites, none of us ever tested it I think :) we
should though to make sure everything is still working. Eugenio thanks for
the feedbacks so far.

2017-05-31 15:55 GMT+02:00 Alessio Fabiani <alessio.fabiani at gmail.com>:

> I guess I got the problem, you configured the layer as a cascade WMS.
>
> However, sorry... what was exactly the issue?
>
> On Wed, May 31, 2017 at 3:52 PM, Eugenio Trumpy <frippe12573 at hotmail.com>
> wrote:
>
>> I see that layer as anonymous user.
>>
>>
>> E.
>>
>>
>> ------------------------------
>> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
>> *Inviato:* mercoledì 31 maggio 2017 15:45
>>
>> *A:* Eugenio Trumpy
>> *Cc:* geonode-users; Simone Dalmasso
>> *Oggetto:* Re: [GeoNode-users] geoserver authentication in multi-geosites
>>
>> Hello Eugenio,
>> so, just do a quick test... if the layer is public, go to
>> http://geothoponode.igg.cnr.it/geoserver2 and, as anonymous user, try to
>> hit Layer Preview.
>>
>> If you don't see your layer listed here, that means that the security (at
>> least on that geoserver2 instance) does not allow you to access it as an
>> anonymous user.
>>
>> On Wed, May 31, 2017 at 3:20 PM, Eugenio Trumpy <frippe12573 at hotmail.com>
>> wrote:
>>
>>> Hi Alessio,
>>>
>>>
>>> the raster layer is a public layer. It can be seen by anyone (check box
>>> marked). There is also my name among the users. The same for download
>>> capabilities.
>>>
>>> I saw this information in the 'Change layer permissions' panel.
>>>
>>> What do you mean with "Is the geotiff present and configured on the
>>> second instance too"? If you mean that the raster layer is listed also
>>> in the child site,
>>>
>>> the answer is yes.
>>>
>>> I don't know how to catch the request, however the geoserver log output
>>> is:
>>>
>>> https://pastebin.com/W0K9LHde
>>>
>>>
>>> any hints?
>>>
>>>
>>> E.
>>>
>>>
>>>
>>> ------------------------------
>>> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
>>> *Inviato:* mercoledì 24 maggio 2017 15.50
>>> *A:* Eugenio Trumpy
>>> *Cc:* geonode-users; Simone Dalmasso
>>> *Oggetto:* Re: [GeoNode-users] geoserver authentication in
>>> multi-geosites
>>>
>>> Is the geotiff present and configured on the second instance too? Is it
>>> private or publicly accessible? Can you somehow intercept the requests and
>>> send them here?
>>>
>>> On May 20, 2017 15:20, "Eugenio Trumpy" <frippe12573 at hotmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>>
>>>> unfortunately I was not able to solve the issue raised in this thread.
>>>> I was just living in the situation described.
>>>>
>>>> However, today I have to face a consequent, I guess, issue.
>>>>
>>>> From a child site I'm not able to download a raster layer (uploaded as
>>>> tif) in geotiff format (i.e. in the download menu there is not the item
>>>> 'Geotiff').
>>>>
>>>> If I try to download the same raster layer from the master site it is
>>>> possible (i.e. in the download menu there is the item 'Geotiff').
>>>>
>>>> I think is a matter of geoserver configuration/authentication in
>>>> geonode-multitenancy environment.
>>>>
>>>>
>>>> Have you got any suggestion?
>>>>
>>>>
>>>> E.
>>>>
>>>>
>>>> ------------------------------
>>>> *Da:* Simone Dalmasso <simone.dalmasso at gmail.com>
>>>> *Inviato:* mercoledì 5 aprile 2017 15.39
>>>> *A:* Eugenio Trumpy
>>>> *Cc:* geonode-users at lists.osgeo.org
>>>> *Oggetto:* Re: geoserver authentication in multi-geosites
>>>>
>>>> Eugenio, I don't see wrong config. It is ok I guess to leave the master
>>>> site host in the gs config as well as I think it is ok that you cannot log
>>>> in directly into gs from a child site. That said, when geosites was
>>>> developed, the geoserver ext was modified to make sure that geoserver pings
>>>> the same host that made the http request for authentication instead of
>>>> relying on the base url parameter. So ideally it should work as you would
>>>> expect.
>>>>
>>>>
>>>> 2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com>:
>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7,
>>>>> java8).
>>>>>
>>>>> I had to upgrade geoserver from 2.7.x version up to 2.9.x.
>>>>>
>>>>> In the system I configured geonode to work as multi-geosites.
>>>>>
>>>>> The master site is the normal geonode site, I mean it use the
>>>>> local_setting.py I have in /geonode/geonode
>>>>>
>>>>> The geosites are in /geonode/geonode/contrib/geosites, and they use
>>>>> the relative config files.
>>>>>
>>>>>
>>>>> The documentation: https://github.com/terranodo/geosites-project
>>>>> /blob/master/GEOSITES-README.md
>>>>>
>>>>> indicates to leave empty <baseurl> in config.xml in
>>>>> security/auth/geonodeauthprovider/
>>>>>
>>>>> In that way I have this error:
>>>>>
>>>>> java.lang.IllegalArgumentException: host parameter is null
>>>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
>>>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
>>>>> 	org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
>>>>> 	org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
>>>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
>>>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
>>>>> 	org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
>>>>> 	org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
>>>>> 	org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
>>>>> 	org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
>>>>> 	org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
>>>>> 	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
>>>>> 	org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
>>>>> 	org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
>>>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
>>>>> 	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
>>>>> 	org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
>>>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>>>> 	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
>>>>> 	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
>>>>> 	org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
>>>>> 	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>>>>> 	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
>>>>> 	org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
>>>>> 	org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
>>>>> 	org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
>>>>> 	org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
>>>>> 	org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
>>>>> 	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>>>>>
>>>>> both if I use the geoserver link in the menu (once logged in) and if I
>>>>> call geoserver by using the geoserver url in the browser address bar.
>>>>>
>>>>>
>>>>> If set the doman name of the master site in <baseurl> in config.xml
>>>>> in security/auth/geonodeauthprovider/
>>>>>
>>>>> I'm able to enter in geoserver as admin from the menu, by the way
>>>>> doing the same operation from a geosite
>>>>>
>>>>> I got the geoserverage but not logged.
>>>>>
>>>>>
>>>>> The master site virtualhost as well as those of the geosites have the
>>>>> proxypass and reverse pointing to http://localhost:8080/geoserver
>>>>>
>>>>> The same in /geonode/geonode/contrib/geosites/local_setting.py and
>>>>> pre-setting.py I have http://localhost:8080/geoserver
>>>>>
>>>>>
>>>>> Is there a wrong configuration?
>>>>>
>>>>> Any hints?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Simone
>>>>
>>>> _______________________________________________
>>>> geonode-users mailing list
>>>> geonode-users at lists.osgeo.org
>>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>
>>>>
>>
>


-- 
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170531/65041993/attachment-0001.html>

More information about the geonode-users mailing list