[GeoNode-devel] GeoServer basic authentication not working anymore?
Alessio Fabiani
alessio.fabiani at geo-solutions.it
Tue Mar 7 00:44:36 PST 2017
Well yes, right now creating the same user on GeoNode too and marking it as
superuser (or assigning it to admin group) should work.
Best Regards,
Alessio Fabiani.
==
GeoServer Professional Services from the experts!
Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani
@alfa7691
github <https://github.com/afabiani?tab=overview>
Founder/Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
---------------------------------------------------------------------
On Mon, Mar 6, 2017 at 8:16 PM, Paolo Corti <pcorti at gmail.com> wrote:
> Oh I see. Thanks Alessio for the detailed explanation.
>
> From what I can see, using the GeoServer administrative interface, I
> can create a GeoServer user that can access GeoServer with basic
> authentication: unfortunately, even assigning this user to the admin
> groups (ADMIN, GROUP_ADMIN), this user is not able to access layers
> marked as private in GeoNode.
> Is there a way to accomplish this? I would basically need to have a
> user that can read all of the virtual services of the layers (public
> and private) using basic authentication.
>
> Thanks for helping :)
>
> p
>
>
> On Mon, Mar 6, 2017 at 11:48 AM, Alessio Fabiani
> <alessio.fabiani at geo-solutions.it> wrote:
> > I see. Yes given this use case this is possible. GeoNode does not have
> code
> > to create users on GeoServer side.
> > While it allows you to login using oauth2 (through the admin group) it
> won't
> > be possible to access bia Basic Auth since that user is not recognized by
> > GeoServer.
> >
> > To add this functionality we could either:
> >
> > 1. Allow GeoNode to create users on GeoServer (those would be duplicated
> > though)
> >
> > 2. Customize the Basic Auth Provider and GeoNode apis (most of the work
> has
> > been already done for OAuth2) in order to enable Basic Auth on GeoServer
> > too.
> >
> > We need to discuss this thgouh, and a GNIP is required IMHO, since it is
> not
> > a trivial change.
> >
> > It is also worth trying to make the Basic Auth Provider using the
> "GeoNode
> > REST Role Service", maybe this could be sufficient.
> >
> >
> > Best Regards,
> > Alessio Fabiani.
> >
> > ==
> > GeoServer Professional Services from the experts!
> > Visit http://goo.gl/it488V for more information.
> > ==
> >
> > Ing. Alessio Fabiani
> > @alfa7691
> > github
> > Founder/Technical Lead
> >
> > GeoSolutions S.A.S.
> > Via di Montramito 3/A
> > 55054 Massarosa (LU)
> > Italy
> > phone: +39 0584 962313
> > fax: +39 0584 1660272
> > mob: +39 331 6233686
> >
> > http://www.geo-solutions.it
> > http://twitter.com/geosolutions_it
> >
> > -------------------------------------------------------
> >
> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> >
> > Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i
> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> > utilizzo è consentito esclusivamente al destinatario del messaggio, per
> le
> > finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio
> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
> notizia
> > via e-mail e di procedere alla distruzione del messaggio stesso,
> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo
> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo
> per
> > finalità diverse, costituisce comportamento contrario ai principi dettati
> > dal D.Lgs. 196/2003.
> >
> >
> >
> > The information in this message and/or attachments, is intended solely
> for
> > the attention and use of the named addressee(s) and may be confidential
> or
> > proprietary in nature or covered by the provisions of privacy act
> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> > Code).Any use not in accord with its purpose, any disclosure,
> reproduction,
> > copying, distribution, or either dissemination, either whole or partial,
> is
> > strictly forbidden except previous formal approval of the named
> > addressee(s). If you are not the intended recipient, please contact
> > immediately the sender by telephone, fax or e-mail and delete the
> > information in this message that has been received in error. The sender
> does
> > not give any warranty or accept liability as the content, accuracy or
> > completeness of sent messages and accepts no responsibility for changes
> > made after they were sent or for other risks which arise as a result of
> > e-mail transmission, viruses, etc.
> >
> > ---------------------------------------------------------------------
> >
> >
> > On Mon, Mar 6, 2017 at 5:41 PM, Paolo Corti <pcorti at gmail.com> wrote:
> >>
> >> Hi Alessio
> >> I did not change anything in GeoServer, I am using the one that comes
> >> with GeoNode.
> >> If I create a superuser right now, using the Django administrative
> >> interface, I cannot login to the GeoServer admin interface using the
> >> credentials for this superuser.
> >> Which I believe it should be possible, if basic auth would be in place,
> >> no?
> >> I can use the default administrative GeoServer account though (the one
> >> with credentials: admin, geoserver).
> >> Same thing using owslib: I can't login with my new superuser, but I
> >> can using the administrative account.
> >> Thanks a lot
> >> p
> >>
> >> On Mon, Mar 6, 2017 at 11:17 AM, Alessio Fabiani
> >> <alessio.fabiani at geo-solutions.it> wrote:
> >> > Hi Paolo,
> >> > the basic auth works since otherwise it would not be possible to
> upload
> >> > layers neither.
> >> >
> >> > Maybe the order of authentication providers is wrong on GeoServer or
> >> > your
> >> > user somehow has a different password and/or removed.
> >> >
> >> > Another possibility when accessing a layer could be that the security
> >> > settings on GeoFence do not allow you to access the latter.
> >> >
> >> > If possible rise up the log level of GeoServer and see what happens on
> >> > $GS_DATA_DIR/logs/geoserver.log
> >> >
> >> >
> >> >
> >> > Best Regards,
> >> > Alessio Fabiani.
> >> >
> >> > ==
> >> > GeoServer Professional Services from the experts!
> >> > Visit http://goo.gl/it488V for more information.
> >> > ==
> >> >
> >> > Ing. Alessio Fabiani
> >> > @alfa7691
> >> > github
> >> > Founder/Technical Lead
> >> >
> >> > GeoSolutions S.A.S.
> >> > Via di Montramito 3/A
> >> > 55054 Massarosa (LU)
> >> > Italy
> >> > phone: +39 0584 962313
> >> > fax: +39 0584 1660272
> >> > mob: +39 331 6233686
> >> >
> >> > http://www.geo-solutions.it
> >> > http://twitter.com/geosolutions_it
> >> >
> >> > -------------------------------------------------------
> >> >
> >> > AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> >> >
> >> > Le informazioni contenute in questo messaggio di posta elettronica e/o
> >> > nel/i
> >> > file/s allegato/i sono da considerarsi strettamente riservate. Il loro
> >> > utilizzo è consentito esclusivamente al destinatario del messaggio,
> per
> >> > le
> >> > finalità indicate nel messaggio stesso. Qualora riceviate questo
> >> > messaggio
> >> > senza esserne il destinatario, Vi preghiamo cortesemente di darcene
> >> > notizia
> >> > via e-mail e di procedere alla distruzione del messaggio stesso,
> >> > cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> >> > divulgarlo
> >> > anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo
> >> > per
> >> > finalità diverse, costituisce comportamento contrario ai principi
> >> > dettati
> >> > dal D.Lgs. 196/2003.
> >> >
> >> >
> >> >
> >> > The information in this message and/or attachments, is intended solely
> >> > for
> >> > the attention and use of the named addressee(s) and may be
> confidential
> >> > or
> >> > proprietary in nature or covered by the provisions of privacy act
> >> > (Legislative Decree June, 30 2003, no.196 - Italy's New Data
> Protection
> >> > Code).Any use not in accord with its purpose, any disclosure,
> >> > reproduction,
> >> > copying, distribution, or either dissemination, either whole or
> partial,
> >> > is
> >> > strictly forbidden except previous formal approval of the named
> >> > addressee(s). If you are not the intended recipient, please contact
> >> > immediately the sender by telephone, fax or e-mail and delete the
> >> > information in this message that has been received in error. The
> sender
> >> > does
> >> > not give any warranty or accept liability as the content, accuracy or
> >> > completeness of sent messages and accepts no responsibility for
> changes
> >> > made after they were sent or for other risks which arise as a result
> of
> >> > e-mail transmission, viruses, etc.
> >> >
> >> > ---------------------------------------------------------------------
> >> >
> >> >
> >> > On Mon, Mar 6, 2017 at 4:52 PM, Paolo Corti <pcorti at gmail.com> wrote:
> >> >>
> >> >> Hi devs
> >> >>
> >> >> I am testing the trunk version of GeoNode, and I need to run some
> >> >> script on layers using basic authentication and owslib.
> >> >> This was working well with the old GeoServer authentication system of
> >> >> GeoNode (without GeoFence).
> >> >>
> >> >> It should still working now as well, as I can see basic
> authentication
> >> >> is the first authentication provider in the authentication providers
> >> >> chain, followed by geofence and geonodeauthprovider.
> >> >>
> >> >> Unfortunately basic authentication does not seem to work. I cannot
> >> >> login in the GeoServer admin interface with my credentials, and if I
> >> >> try to make requests using owslib and my credentials I get this
> error:
> >> >>
> >> >> No AuthenticationProvider found for
> >> >>
> >> >>
> >> >> org.springframework.security.authentication.
> UsernamePasswordAuthenticationToken
> >> >>
> >> >> Any idea here? Thanks in advance
> >> >> p
> >> >>
> >> >> --
> >> >> Paolo Corti
> >> >> Geospatial software developer
> >> >> web: http://www.paolocorti.net
> >> >> twitter: @capooti
> >> >> skype: capooti
> >> >> _______________________________________________
> >> >> geonode-devel mailing list
> >> >> geonode-devel at lists.osgeo.org
> >> >> https://lists.osgeo.org/mailman/listinfo/geonode-devel
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Paolo Corti
> >> Geospatial software developer
> >> web: http://www.paolocorti.net
> >> twitter: @capooti
> >> skype: capooti
> >
> >
>
>
>
> --
> Paolo Corti
> Geospatial software developer
> web: http://www.paolocorti.net
> twitter: @capooti
> skype: capooti
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20170307/23fc1a9f/attachment-0001.html>
More information about the geonode-devel
mailing list