[GeoNode-devel] GeoServer basic authentication not working anymore?

Paolo Corti pcorti at gmail.com
Mon Mar 6 11:16:01 PST 2017


Oh I see. Thanks Alessio for the detailed explanation.

>From what I can see, using the GeoServer administrative interface, I
can create a GeoServer user that can access GeoServer with basic
authentication: unfortunately, even assigning this user to the admin
groups (ADMIN, GROUP_ADMIN), this user is not able to access layers
marked as private in GeoNode.
Is there a way to accomplish this? I would basically need to have a
user that can read all of the virtual services of the layers (public
and private) using basic authentication.

Thanks for helping :)

p


On Mon, Mar 6, 2017 at 11:48 AM, Alessio Fabiani
<alessio.fabiani at geo-solutions.it> wrote:
> I see. Yes given this use case this is possible. GeoNode does not have code
> to create users on GeoServer side.
> While it allows you to login using oauth2 (through the admin group) it won't
> be possible to access bia Basic Auth since that user is not recognized by
> GeoServer.
>
> To add this functionality we could either:
>
> 1. Allow GeoNode to create users on GeoServer (those would be duplicated
> though)
>
> 2. Customize the Basic Auth Provider and GeoNode apis (most of the work has
> been already done for OAuth2) in order to enable Basic Auth on GeoServer
> too.
>
> We need to discuss this thgouh, and a GNIP is required IMHO, since it is not
> a trivial change.
>
> It is also worth trying to make the Basic Auth Provider using the "GeoNode
> REST Role Service", maybe this could be sufficient.
>
>
> Best Regards,
> Alessio Fabiani.
>
> ==
> GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
> @alfa7691
> github
> Founder/Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054  Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax:     +39 0584 1660272
> mob:   +39 331 6233686
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i
> file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> utilizzo è consentito esclusivamente al destinatario del messaggio, per le
> finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio
> senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia
> via e-mail e di procedere alla distruzione del messaggio stesso,
> cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo
> anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per
> finalità diverse, costituisce comportamento contrario ai principi dettati
> dal D.Lgs. 196/2003.
>
>
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender does
> not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility  for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> ---------------------------------------------------------------------
>
>
> On Mon, Mar 6, 2017 at 5:41 PM, Paolo Corti <pcorti at gmail.com> wrote:
>>
>> Hi Alessio
>> I did not change anything in GeoServer, I am using the one that comes
>> with GeoNode.
>> If I create a superuser right now, using the Django administrative
>> interface, I cannot login to the GeoServer admin interface using the
>> credentials for this superuser.
>> Which I believe it should be possible, if basic auth would be in place,
>> no?
>> I can use the default administrative GeoServer account though (the one
>> with credentials: admin, geoserver).
>> Same thing using owslib: I can't login with my new superuser, but I
>> can using the administrative account.
>> Thanks a lot
>> p
>>
>> On Mon, Mar 6, 2017 at 11:17 AM, Alessio Fabiani
>> <alessio.fabiani at geo-solutions.it> wrote:
>> > Hi Paolo,
>> > the basic auth works since otherwise it would not be possible to upload
>> > layers neither.
>> >
>> > Maybe the order of authentication providers is wrong on GeoServer or
>> > your
>> > user somehow has a different password and/or removed.
>> >
>> > Another possibility when accessing a layer could be that the security
>> > settings on GeoFence do not allow you to access the latter.
>> >
>> > If possible rise up the log level of GeoServer and see what happens on
>> > $GS_DATA_DIR/logs/geoserver.log
>> >
>> >
>> >
>> > Best Regards,
>> > Alessio Fabiani.
>> >
>> > ==
>> > GeoServer Professional Services from the experts!
>> > Visit http://goo.gl/it488V for more information.
>> > ==
>> >
>> > Ing. Alessio Fabiani
>> > @alfa7691
>> > github
>> > Founder/Technical Lead
>> >
>> > GeoSolutions S.A.S.
>> > Via di Montramito 3/A
>> > 55054  Massarosa (LU)
>> > Italy
>> > phone: +39 0584 962313
>> > fax:     +39 0584 1660272
>> > mob:   +39 331 6233686
>> >
>> > http://www.geo-solutions.it
>> > http://twitter.com/geosolutions_it
>> >
>> > -------------------------------------------------------
>> >
>> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>> >
>> > Le informazioni contenute in questo messaggio di posta elettronica e/o
>> > nel/i
>> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
>> > utilizzo è consentito esclusivamente al destinatario del messaggio, per
>> > le
>> > finalità indicate nel messaggio stesso. Qualora riceviate questo
>> > messaggio
>> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
>> > notizia
>> > via e-mail e di procedere alla distruzione del messaggio stesso,
>> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> > divulgarlo
>> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo
>> > per
>> > finalità diverse, costituisce comportamento contrario ai principi
>> > dettati
>> > dal D.Lgs. 196/2003.
>> >
>> >
>> >
>> > The information in this message and/or attachments, is intended solely
>> > for
>> > the attention and use of the named addressee(s) and may be confidential
>> > or
>> > proprietary in nature or covered by the provisions of privacy act
>> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> > Code).Any use not in accord with its purpose, any disclosure,
>> > reproduction,
>> > copying, distribution, or either dissemination, either whole or partial,
>> > is
>> > strictly forbidden except previous formal approval of the named
>> > addressee(s). If you are not the intended recipient, please contact
>> > immediately the sender by telephone, fax or e-mail and delete the
>> > information in this message that has been received in error. The sender
>> > does
>> > not give any warranty or accept liability as the content, accuracy or
>> > completeness of sent messages and accepts no responsibility  for changes
>> > made after they were sent or for other risks which arise as a result of
>> > e-mail transmission, viruses, etc.
>> >
>> > ---------------------------------------------------------------------
>> >
>> >
>> > On Mon, Mar 6, 2017 at 4:52 PM, Paolo Corti <pcorti at gmail.com> wrote:
>> >>
>> >> Hi devs
>> >>
>> >> I am testing the trunk version of GeoNode, and I need to run some
>> >> script on layers using basic authentication and owslib.
>> >> This was working well with the old GeoServer authentication system of
>> >> GeoNode (without GeoFence).
>> >>
>> >> It should still working now as well, as I can see basic authentication
>> >> is the first authentication provider in the authentication providers
>> >> chain, followed by geofence and geonodeauthprovider.
>> >>
>> >> Unfortunately basic authentication does not seem to work. I cannot
>> >> login in the GeoServer admin interface with my credentials, and if I
>> >> try to make requests using owslib and my credentials I get this error:
>> >>
>> >> No AuthenticationProvider found for
>> >>
>> >>
>> >> org.springframework.security.authentication.UsernamePasswordAuthenticationToken
>> >>
>> >> Any idea here? Thanks in advance
>> >> p
>> >>
>> >> --
>> >> Paolo Corti
>> >> Geospatial software developer
>> >> web: http://www.paolocorti.net
>> >> twitter: @capooti
>> >> skype: capooti
>> >> _______________________________________________
>> >> geonode-devel mailing list
>> >> geonode-devel at lists.osgeo.org
>> >> https://lists.osgeo.org/mailman/listinfo/geonode-devel
>> >
>> >
>>
>>
>>
>> --
>> Paolo Corti
>> Geospatial software developer
>> web: http://www.paolocorti.net
>> twitter: @capooti
>> skype: capooti
>
>



-- 
Paolo Corti
Geospatial software developer
web: http://www.paolocorti.net
twitter: @capooti
skype: capooti


More information about the geonode-devel mailing list