[GeoNode-devel] geonode REST role service - Adminstrator role dropdown empty
Olivier Dalang
olivier.dalang at gmail.com
Wed Jan 10 13:07:39 PST 2018
Hi !
I have a similar problem than the original one. I made sure /api/roles is
accessible from geoserver, but now when I try to open the admin page of my
new "geonode REST role service", the page doesn't load. This is what I get
from Geoserver's logs :
10 Jan 20:51:18 WARN [wicket.Localizer] - Tried to retrieve a localized
string for a component that has not yet been added to the page. This can
sometimes lead to an invalid or no localized resource returned. Make sure
you are not calling Component#getString() inside your Component's
constructor. Offending component: [GeoServerRestRoleServicePanel [Component
id = dummy]]
2018-01-10 20:51:18.381:WARN:oejs.ServletHandler:qtp758705033-46:
org.springframework.web.util.NestedServletException: Handler dispatch
failed; nested exception is java.lang.NoClassDefFoundError: Could not
initialize class net.minidev.json.JSONValue
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:978)
...
at java.lang.Thread.run(Thread.java:745)
Caused by:
java.lang.NoClassDefFoundError: Could not initialize class
net.minidev.json.JSONValue
at
com.jayway.jsonpath.spi.json.JsonSmartJsonProvider.<init>(JsonSmartJsonProvider.java:39)
...
at java.lang.Thread.run(Thread.java:745)
Is this a Geoserver bug ? Or am I missing some components ? Anyone had
success following
http://docs.geonode.org/en/master/tutorials/admin/geoserver_geonode_security/
on geoserver 2.12 ?
Also, from what I understood
<http://docs.geonode.org/en/master/tutorials/advanced/geonode_production/production.html#security-integration-optimization>,
the recommended way is actually to use a database level connection to get
geonode's auth in geoserver rather than OAuth2. Is this still true ?
The explanation is very short. It just says this must be added to
/etc/tomcat6/Catalina/localhost/geoserver.xml :
<Context path="/geoserver"
antiResourceLocking="false" >
<Parameter name="org.geonode.security.databaseSecurityClient.url"
value="jdbc:postgresql://localhost:5432/DATABASE?user=USER&password=PASSWORD"/>
</Context>
But since I'd prefer to use the integrated Jetty server (as anyways
everything will run behind nginx), that file of course doesn't exist, and I
couldn't figure out how to translate that instruction to Jetty.
Thank you in advance !!
Olivier
On Wed, Jan 10, 2018 at 3:32 AM, Alessio Fabiani <
alessio.fabiani at geo-solutions.it> wrote:
> Hello,
> actually the best thing you can do without too much effort and/or any
> customization, is to retrieve the valid "access_token" from any Layer link,
> once authenticated to GeoNode, and attach it to the getcapabilities URL as
> a query param.
>
> 1)
>
> [image: Immagine incorporata 1]
>
>
> 2) get the *access_token=... *from the klink
>
> 3) attach it to the request
>
> *http://localhost/geoserver/geonode/wms?request=getcapabilities&access_token=123456667
> <http://localhost/geoserver/geonode/wms?request=getcapabilities&access_token=123456667>*
>
>
> Regards,
>
> Alessio Fabiani
>
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/it488V for more information.
> ==
>
> Ing. Alessio Fabiani
>
> @alfa7691
> Founder/Technical Lead
>
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313 <+39%200584%20962313>
> fax: +39 0584 1660272 <+39%200584%20166%200272>
> mob: +39 331 6233686 <+39%20331%20623%203686>
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
> 2018-01-08 17:15 GMT+01:00 Peter Marlow <Peter.Marlow at scisys.co.uk>:
>
>> Thanks for the reply Alessio. Are you able to shed some light on a
>> similar post I’ve created regarding the oauth2 config here
>> http://osgeo-org.1560.x6.nabble.com/oauth2-Issue-managing-
>> layer-access-td5348371.html ?
>>
>>
>>
>> Thanks,
>>
>> Pete
>>
>>
>>
>> *From:* Alessio Fabiani [mailto:alessio.fabiani at geo-solutions.it]
>> *Sent:* 08 January 2018 12:11
>> *To:* Peter Marlow
>> *Cc:* Alessio Fabiani; geonode-devel at lists.osgeo.org
>> *Subject:* Re: [GeoNode-devel] geonode REST role service - Adminstrator
>> role dropdown empty
>>
>>
>>
>> Very interesting,
>>
>> thanks Peter. Yes your findings need to be tackled down on GeoNode core
>> too.
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <0584%20962313>
>> fax: +39 0584 1660272 <0584%20166%200272>
>> mob: +39 331 6233686 <331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>>
>>
>> 2018-01-02 18:07 GMT+01:00 Peter Marlow <Peter.Marlow at scisys.co.uk>:
>>
>> I think I’ve partially resolved this issue.
>>
>>
>>
>> The problem was because I had configured my GeoNode instance as locked
>> down, i.e.
>>
>>
>>
>>
>>
>> LOCKDOWN_GEONODE = True
>>
>> if LOCKDOWN_GEONODE:
>>
>> MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + \
>>
>> ('geonode.security.middleware.LoginRequiredMiddleware',)
>>
>>
>>
>>
>>
>>
>>
>> And the default list of AUTH_EXEMPT_URLS isn’t sufficient – I’ve had to
>> add ‘/o/*’ to the list so it becomes:
>>
>>
>>
>>
>>
>> AUTH_EXEMPT_URLS = ('/api/o/*', '/api/roles', '/api/adminRole',
>> '/api/users', '/o/*')
>>
>>
>>
>>
>>
>>
>>
>> So now the GeoNode login button within GeoServer works and the dropdowns
>> are populated with ROLE_ADMIN for the *geonode REST role service*.
>>
>>
>>
>> Is the above a bug? It feels like it to me.
>>
>>
>>
>>
>>
>>
>>
>> The follow on issue I’ve not encountered is that I’ve configured a WMS
>> layer to be accessible to a specific geonode user via the geonode GUI, I’ve
>> also checked that the correct rule has been subsequently generated in
>> geofence, however when I attempt to access the getCapabilities for the WMS
>> (using QGIS) as the specific geonode user using basic authentication I get
>> a security error. Is there something else I need to configure to get this
>> to work? My expectation was that geoserver would validate the given
>> username/password against geonode (using the REST service) and determine
>> that the user is a valid geonode user and has access to the WMS layer in
>> question?
>>
>>
>>
>>
>>
>> *From:* Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit
>> <alessio.fabiani at geo-solutions.it>]
>> *Sent:* 20 December 2017 17:16
>> *To:* Peter Marlow
>> *Cc:* Alessio Fabiani; geonode-devel at lists.osgeo.org
>> *Subject:* Re: [GeoNode-devel] geonode REST role service - Adminstrator
>> role dropdown empty
>>
>>
>>
>> It seems to me that is more a GeoNode issue than a GeoServer one.
>>
>>
>>
>> 404 error means that that endpoint cannot be found.
>>
>>
>>
>> However you should use GeoServer + OAUth2 from at least GeoNode 2.6.3 and
>> above. For the previous versions better to use this version of GeoServer
>> (old A&A system)
>>
>>
>>
>> http://build.geonode.org/geoserver/latest/geoserver-2.9.x.war
>>
>>
>>
>>
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <0584%20962313>
>> fax: +39 0584 1660272 <0584%20166%200272>
>> mob: +39 331 6233686 <331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>>
>>
>> On Wed, Dec 20, 2017 at 5:25 PM, Peter Marlow <Peter.Marlow at scisys.co.uk>
>> wrote:
>>
>> I’ve tried with the 2.9 version of geoserver using the default data
>> directory and tweaked the urls from localhost:8000 to just localhost for
>> the oauth config but I get the same problem. Which leads me to believe it
>> is an issue with GeoNode. I thought maybe I should remove my override of
>> the SITEURL parameter in settings.py which set it to http://localhost/
>> so that it uses the default SITEURL parameter of http://localhost:8000/,
>> however I’ve done this and restarted apache but doing a *curl -X GET
>> "http://localhost:8000/api/roles <http://localhost:8000/api/roles>"*
>> still returns a 404 so I’m not sure why geonode has not fallen back to the
>> default URL…
>>
>>
>>
>> I’m currently out of ideas on what to try next…
>>
>>
>>
>> Is there anywhere that states which versions of geonode/geoserver are
>> compatible? Or known to work regarding the oauth setup that I’m trying to
>> get working at the moment?
>>
>>
>>
>> Thanks,
>>
>> Pete
>>
>>
>>
>> *From:* Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit
>> <alessio.fabiani at geo-solutions.it>]
>>
>> *Sent:* 20 December 2017 14:02
>>
>>
>> *To:* Peter Marlow
>> *Cc:* Alessio Fabiani; geonode-devel at lists.osgeo.org
>> *Subject:* Re: [GeoNode-devel] geonode REST role service - Adminstrator
>> role dropdown empty
>>
>>
>>
>> Nope it is not correct, you should be redirected to the GeoNode login
>> page instead of the GeoServer one and once the GeoNode login is successfull
>> it will redirect you back to GeoServer automatically.
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <0584%20962313>
>> fax: +39 0584 1660272 <0584%20166%200272>
>> mob: +39 331 6233686 <331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>>
>>
>> On Wed, Dec 20, 2017 at 2:42 PM, Peter Marlow <Peter.Marlow at scisys.co.uk>
>> wrote:
>>
>> The geoserver WAR is being retrieved from here:
>> http://build.geonode.org/geoserver/latest/geoserver-2.12.x.war
>>
>>
>>
>> I’ve found the geonode button in geoserver – when I select it I get a
>> page saying authorise geoserver, when I click ‘Authorize’ I’m just taken
>> back to the geoserver login page with a ‘code’ parameter passed in the URI,
>> is that correct? Or should that have taken me to geonode? I’ve viewed the
>> dropdown lists after using this authorize button but they are still empty.
>>
>>
>>
>> I’ll try using GeoServer 2.9 as you suggest, thanks for your help so far
>> Alessio.
>>
>>
>>
>> Thanks,
>>
>> Pete
>>
>>
>>
>> *From:* Alessio Fabiani [mailto:alessio.fabiani at geo-solutions.it]
>> *Sent:* 20 December 2017 12:17
>> *To:* Peter Marlow
>> *Cc:* Alessio Fabiani; geonode-devel at lists.osgeo.org
>> *Subject:* Re: [GeoNode-devel] geonode REST role service - Adminstrator
>> role dropdown empty
>>
>>
>>
>> Mmm, yes the configuration looks ok.
>>
>>
>>
>> The button appears if you logout from GeoServer (at least it should
>> appear).
>>
>>
>>
>> Sorry, don't remember if I already asked, where did you get the geoserver
>> WAR and it's default DATA DIR?
>>
>>
>>
>> However I never tested GeoServer 2.12.x with GeoNode 2.6.3.
>>
>>
>>
>> Maybe you can try to go back to GeoServer 2.9 from here
>>
>>
>>
>> http://build.geonode.org/geoserver/latest/
>>
>>
>>
>>
>>
>>
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <0584%20962313>
>> fax: +39 0584 1660272 <0584%20166%200272>
>> mob: +39 331 6233686 <331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>>
>>
>> On Wed, Dec 20, 2017 at 1:02 PM, Peter Marlow <Peter.Marlow at scisys.co.uk>
>> wrote:
>>
>> GeoServer is present at http://localhost:8080/geoserver but can also be
>> accessed via http://localhost/geoserver
>>
>>
>>
>> This my geonode config:
>>
>>
>>
>>
>>
>> This is my geoserver config:
>>
>>
>>
>> That all looks to be correct to me…?
>>
>>
>>
>> I can’t see any button within GeoServer that logs me into GeoNode,
>> whereabouts should I see this button?
>>
>>
>>
>> Thanks,
>>
>> Pete
>>
>>
>>
>> *From:* Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit
>> <alessio.fabiani at geo-solutions.it>]
>>
>> *Sent:* 20 December 2017 11:37
>> *To:* Peter Marlow
>> *Cc:* Alessio Fabiani; geonode-devel at lists.osgeo.org
>> *Subject:* Re: [GeoNode-devel] geonode REST role service - Adminstrator
>> role dropdown empty
>>
>>
>>
>> Where GeoServer is exposed?
>>
>>
>>
>> http://localhost/geoserver/ ? Or something else?
>>
>>
>>
>> Make sure you have all the redirect uris configured on GeoNode Admin
>>
>>
>>
>> [image: Inline image 1]
>>
>>
>>
>> And also on GeoServer geonode-oauth2 plugin make sure all the addresses
>> point to the goenode base (in your case should be http://localhost
>> instead of http://localhost:8000) except for the redirect uri which must
>> be the GeoServer endpoint.
>>
>>
>>
>>
>>
>> However if you can login by clicking the geonode button on GeoServer GUI,
>> the configuration is good.
>>
>>
>>
>>
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions SA.S.
>>
>>
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <0584%20962313>
>> fax: +39 0584 1660272 <0584%20166%200272>
>> mob: +39 331 6233686 <331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it <http://twittercom/geosolutions_it>
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>>
>>
>> On Wed, Dec 20, 2017 at 12:15 PM, Peter Marlow <Peter.Marlow at scisys.co.uk>
>> wrote:
>>
>> I’ve restarted Apache and Tomcat.
>>
>>
>>
>> I’ve taken a tcpdump to see the connections going from geoserver to
>> geonode
>>
>>
>>
>> 10:55:53.913021 IP localhost.55298 > localhost.http: Flags [P.], seq
>> 206:432, ack 361, win 350, options [nop,nop,TS val 10620058 ecr 10620058],
>> length 226: HTTP: GET /account/login/?next=/api/roles HTTP/1.1
>>
>> 10:55:53.951452 IP localhost.http > localhost.55298: Flags [.], ack 432,
>> win 359, options [nop,nop,TS val 10620068 ecr 10620058], length 0
>>
>> 10:55:54.004726 IP localhost.http > localhost.55298: Flags [P.], seq
>> 361:5375, ack 432, win 359, options [nop,nop,TS val 10620081 ecr 10620058],
>> length 5014: HTTP: HTTP/1.1 200 OK
>>
>> 10:55:54.004807 IP localhost.55298 > localhost.http: Flags [.], ack 5375,
>> win 1373, options [nop,nop,TS val 10620081 ecr 10620081], length 0
>>
>> 10:55:54.007690 IP localhost.55298 > localhost.http: Flags [P.], seq
>> 432:637, ack 5375, win 1373, options [nop,nop,TS val 10620082 ecr
>> 10620081], length 205: HTTP: GET /api/roles HTTP/1.1
>>
>> 10:55:54.007699 IP localhost.http > localhost.55298: Flags [.], ack 637,
>> win 367, options [nop,nop,TS val 10620082 ecr 10620082], length 0
>>
>> 10:55:54.012633 IP localhost.http > localhost.55298: Flags [P.], seq
>> 5375:5734, ack 637, win 367, options [nop,nop,TS val 10620083 ecr
>> 10620082], length 359: HTTP: HTTP/1.1 302 FOUND
>>
>> 10:55:54.013317 IP localhost.55298 > localhost.http: Flags [P.], seq
>> 637:863, ack 5734, win 1452, options [nop,nop,TS val 10620083 ecr
>> 10620083], length 226: HTTP: GET /account/login/?next=/api/roles HTTP/1.1
>>
>>
>>
>> It looks like it is calling out to geonode ok but is being redirected to
>> the login page…? Suggests the authentication between geoserver and geonode
>> is incorrect.
>>
>>
>>
>> I’ve setup the Client ID and Client Secret within GeoNode and GeoServer
>> as described in the tutorial though - http://docs.geonode.org/en/mas
>> ter/tutorials/admin/geoserver_geonode_security/
>>
>>
>>
>> Are there any other checks I can perform to determine whether geoserver
>> is passing the correct security details to geonode?
>>
>>
>>
>> Thanks,
>>
>> Pete
>>
>>
>>
>> *From:* Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit
>> <alessio.fabiani at geo-solutions.it>]
>>
>> *Sent:* 20 December 2017 10:37
>> *To:* Peter Marlow
>> *Cc:* Alessio Fabiani; geonode-devel at lists.osgeo.org
>> *Subject:* Re: [GeoNode-devel] geonode REST role service - Adminstrator
>> role dropdown empty
>>
>>
>>
>> Nope the geonode address is not a problem, you can use whatever is
>> accessible.
>>
>>
>>
>> Did you also restarted GeoServer / Tomcat ?
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <0584%20962313>
>> fax: +39 0584 1660272 <0584%20166%200272>
>> mob: +39 331 6233686 <331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>>
>>
>> On Wed, Dec 20, 2017 at 11:32 AM, Peter Marlow <Peter.Marlow at scisys.co.uk>
>> wrote:
>>
>> Hi Alessio,
>>
>>
>>
>> Thanks for the reply!
>>
>>
>>
>> It looks like the /api endpoint on my geonode is accessible at
>> http://localhost/ and not at http://localhost:8000/. Is this a problem?
>>
>>
>>
>> I’ve configured the base URL of the Role Service to be just
>> http://localhost/ but I still don’t see the ROLE_ADMIN user in the
>> dropdowns.
>>
>>
>>
>> GeoNode has a superuser configured with the username ‘admin’, it doesn’t
>> have any groups though, do I need to create a group?
>>
>>
>>
>> If I open up port 8000 in my apache2 config how would I go about changing
>> the GeoNode api to be on port 8000? (is that actually necessary?)
>>
>>
>>
>> Thanks,
>>
>> Pete
>>
>>
>>
>> *From:* Alessio Fabiani [mailto:alessio.fabiani at geo-solutionsit
>> <alessio.fabiani at geo-solutions.it>]
>>
>> *Sent:* 20 December 2017 09:18
>> *To:* Peter Marlow
>> *Cc:* geonode-devel at lists.osgeo.org
>> *Subject:* Re: [GeoNode-devel] geonode REST role service - Adminstrator
>> role dropdown empty
>>
>>
>>
>> Hi,
>>
>> the roles are taken from GeoNode.
>>
>>
>>
>> You need to be sure that:
>>
>>
>>
>> 1. GeoServer can reach GeoNode
>>
>> 2. the base url of the role service is correctly pointing to GeoNode
>>
>> 3. GeoNode has either an admin user configured and groups
>>
>>
>>
>> If still not working you can try to do some curl requests to GeoNode and
>> see if it is correctly responding.
>>
>>
>>
>> curl -X GET "http://localhost:8000/api/roles"
>>
>>
>>
>>
>>
>>
>> Regards,
>>
>> Alessio Fabiani
>>
>> ==
>> GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information.
>> ==
>>
>> Ing. Alessio Fabiani
>>
>> @alfa7691
>> Founder/Technical Lead
>>
>>
>> GeoSolutions S.A.S.
>> Via di Montramito 3/A
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> 55054 Massarosa
>> <https://maps.google.com/?q=Via+di+Montramito+3/A+%0D+55054+%C2%A0Massarosa&entry=gmail&source=g>
>> (LU)
>> Italy
>> phone: +39 0584 962313 <0584%20962313>
>> fax: +39 0584 1660272 <0584%20166%200272>
>> mob: +39 331 6233686 <331%20623%203686>
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
>>
>> Le informazioni contenute in questo messaggio di posta elettronica e/o
>> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
>> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
>> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
>> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
>> darcene notizia via e-mail e di procedere alla distruzione del messaggio
>> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
>> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
>> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
>> principi dettati dal D.Lgs. 196/2003.
>>
>> The information in this message and/or attachments, is intended solely
>> for the attention and use of the named addressee(s) and may be confidential
>> or proprietary in nature or covered by the provisions of privacy act
>> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
>> Code).Any use not in accord with its purpose, any disclosure, reproduction,
>> copying, distribution, or either dissemination, either whole or partial, is
>> strictly forbidden except previous formal approval of the named
>> addressee(s). If you are not the intended recipient, please contact
>> immediately the sender by telephone, fax or e-mail and delete the
>> information in this message that has been received in error. The sender
>> does not give any warranty or accept liability as the content, accuracy or
>> completeness of sent messages and accepts no responsibility for changes
>> made after they were sent or for other risks which arise as a result of
>> e-mail transmission, viruses, etc.
>>
>>
>>
>> On Tue, Dec 19, 2017 at 6:14 PM, Peter Marlow <Peter.Marlow at scisys.co.uk>
>> wrote:
>>
>> Hi all,
>>
>>
>>
>> I’m configuring geonode/geoserver security using the tutorial here -
>> http://docs.geonode.org/en/master/tutorials/admin/geoserver_
>> geonode_security/
>>
>>
>>
>> The problem I have is that when I create the ‘geonode REST role service’
>> both the ‘Administrator role’ and ‘Group administrator role’ dropdowns are
>> empty – the tutorial suggests they should contain the value ROLE_ADMIN.
>>
>>
>>
>> Any ideas where this ROLE_ADMIN should be configured in order to make it
>> available in the dropdowns?
>>
>>
>>
>> GEOSERVER VERSION – 2.12-SNAPSHOT
>>
>> GEONODE VERSION – 2.6.3
>>
>>
>>
>> Thanks,
>> Pete
>>
>>
>>
>>
>>
>> SCISYS UK Limited. Registered in England and Wales No. 4373530.
>>
>> Registered Office: Methuen Park, Chippenham, Wiltshire SN14 0GB, UK.
>>
>>
>>
>> Before printing, please think about the environment.
>>
>>
>> _______________________________________________
>> geonode-devel mailing list
>> geonode-devel at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/geonode-devel
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> _______________________________________________
> geonode-devel mailing list
> geonode-devel at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180111/7362d9cf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 29479 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180111/7362d9cf/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 18449 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180111/7362d9cf/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 24584 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180111/7362d9cf/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 20690 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20180111/7362d9cf/attachment-0007.png>
More information about the geonode-devel
mailing list