[GeoNode-devel] GeoServer basic authentication not working anymore?

Alessio Fabiani alessio.fabiani at geo-solutions.it
Mon Mar 6 08:48:56 PST 2017


I see. Yes given this use case this is possible. GeoNode does not have code
to create users on GeoServer side.
While it allows you to login using oauth2 (through the admin group) it
won't be possible to access bia Basic Auth since that user is not
recognized by GeoServer.

To add this functionality we could either:

1. Allow GeoNode to create users on GeoServer (those would be duplicated
though)

2. Customize the Basic Auth Provider and GeoNode apis (most of the work has
been already done for OAuth2) in order to enable Basic Auth on GeoServer
too.

We need to discuss this thgouh, and a GNIP is required IMHO, since it is
not a trivial change.

It is also worth trying to make the Basic Auth Provider using the "GeoNode
REST Role Service", maybe this could be sufficient.


Best Regards,
Alessio Fabiani.

==
GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani
@alfa7691
github <https://github.com/afabiani?tab=overview>
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.



The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility  for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

---------------------------------------------------------------------

On Mon, Mar 6, 2017 at 5:41 PM, Paolo Corti <pcorti at gmail.com> wrote:

> Hi Alessio
> I did not change anything in GeoServer, I am using the one that comes
> with GeoNode.
> If I create a superuser right now, using the Django administrative
> interface, I cannot login to the GeoServer admin interface using the
> credentials for this superuser.
> Which I believe it should be possible, if basic auth would be in place, no?
> I can use the default administrative GeoServer account though (the one
> with credentials: admin, geoserver).
> Same thing using owslib: I can't login with my new superuser, but I
> can using the administrative account.
> Thanks a lot
> p
>
> On Mon, Mar 6, 2017 at 11:17 AM, Alessio Fabiani
> <alessio.fabiani at geo-solutions.it> wrote:
> > Hi Paolo,
> > the basic auth works since otherwise it would not be possible to upload
> > layers neither.
> >
> > Maybe the order of authentication providers is wrong on GeoServer or your
> > user somehow has a different password and/or removed.
> >
> > Another possibility when accessing a layer could be that the security
> > settings on GeoFence do not allow you to access the latter.
> >
> > If possible rise up the log level of GeoServer and see what happens on
> > $GS_DATA_DIR/logs/geoserver.log
> >
> >
> >
> > Best Regards,
> > Alessio Fabiani.
> >
> > ==
> > GeoServer Professional Services from the experts!
> > Visit http://goo.gl/it488V for more information.
> > ==
> >
> > Ing. Alessio Fabiani
> > @alfa7691
> > github
> > Founder/Technical Lead
> >
> > GeoSolutions S.A.S.
> > Via di Montramito 3/A
> > 55054  Massarosa (LU)
> > Italy
> > phone: +39 0584 962313
> > fax:     +39 0584 1660272
> > mob:   +39 331 6233686
> >
> > http://www.geo-solutions.it
> > http://twitter.com/geosolutions_it
> >
> > -------------------------------------------------------
> >
> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> >
> > Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i
> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> > utilizzo è consentito esclusivamente al destinatario del messaggio, per
> le
> > finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio
> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
> notizia
> > via e-mail e di procedere alla distruzione del messaggio stesso,
> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo
> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo
> per
> > finalità diverse, costituisce comportamento contrario ai principi dettati
> > dal D.Lgs. 196/2003.
> >
> >
> >
> > The information in this message and/or attachments, is intended solely
> for
> > the attention and use of the named addressee(s) and may be confidential
> or
> > proprietary in nature or covered by the provisions of privacy act
> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> > Code).Any use not in accord with its purpose, any disclosure,
> reproduction,
> > copying, distribution, or either dissemination, either whole or partial,
> is
> > strictly forbidden except previous formal approval of the named
> > addressee(s). If you are not the intended recipient, please contact
> > immediately the sender by telephone, fax or e-mail and delete the
> > information in this message that has been received in error. The sender
> does
> > not give any warranty or accept liability as the content, accuracy or
> > completeness of sent messages and accepts no responsibility  for changes
> > made after they were sent or for other risks which arise as a result of
> > e-mail transmission, viruses, etc.
> >
> > ---------------------------------------------------------------------
> >
> >
> > On Mon, Mar 6, 2017 at 4:52 PM, Paolo Corti <pcorti at gmail.com> wrote:
> >>
> >> Hi devs
> >>
> >> I am testing the trunk version of GeoNode, and I need to run some
> >> script on layers using basic authentication and owslib.
> >> This was working well with the old GeoServer authentication system of
> >> GeoNode (without GeoFence).
> >>
> >> It should still working now as well, as I can see basic authentication
> >> is the first authentication provider in the authentication providers
> >> chain, followed by geofence and geonodeauthprovider.
> >>
> >> Unfortunately basic authentication does not seem to work. I cannot
> >> login in the GeoServer admin interface with my credentials, and if I
> >> try to make requests using owslib and my credentials I get this error:
> >>
> >> No AuthenticationProvider found for
> >>
> >> org.springframework.security.authentication.
> UsernamePasswordAuthenticationToken
> >>
> >> Any idea here? Thanks in advance
> >> p
> >>
> >> --
> >> Paolo Corti
> >> Geospatial software developer
> >> web: http://www.paolocorti.net
> >> twitter: @capooti
> >> skype: capooti
> >> _______________________________________________
> >> geonode-devel mailing list
> >> geonode-devel at lists.osgeo.org
> >> https://lists.osgeo.org/mailman/listinfo/geonode-devel
> >
> >
>
>
>
> --
> Paolo Corti
> Geospatial software developer
> web: http://www.paolocorti.net
> twitter: @capooti
> skype: capooti
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20170306/9869b68a/attachment-0001.html>


More information about the geonode-devel mailing list