[GeoNode-users] geoserver authentication in multi-geosites

Francesco Bartoli xbartolone at gmail.com
Sun Apr 9 04:05:11 PDT 2017

Hi Eugenio,

if you are not able to send the modifications packaged in a pull request then you can go through editing files directly from github. You need just an account there and then follow the files on this page https://github.com/GeoNode/geonode/search?l=Text&q=geosites&type=&utf8=%E2%9C%93 where geosites is referenced in the documentation. Feel free to propose your changes, after saving them a pull request will be automatically generated for you.

Also consider that some of your achievements require a huge knowledge of developing django applications and exploiting geoserver features, mostly the authentication part. I’ve never used geosites but please double check the geoserver build that you have got since there are two different ones for 2.9.x and 2.4 should work only against geoserver-2.9.x.war and the associated data directory data-2.9.x.zip


Il giorno 07/apr/2017, alle ore 16:05, Eugenio Trumpy <frippe12573 at hotmail.com> ha scritto:

> Dear Francesco,
> I had no problem with geonode classical installation and I was able to configure also geosites thanks to the help of this mailing list. Unfortunately I had to update geoserver to a newer version respect the one distributed with geonode, since I had some issues with nodata areas produced by the reprojecting procedures of the raster layers. The mailing list suggested me to upgrade geoserver. Almost everything works fine with the geoserver-2.9 except the authentication both in the master site and in the geosites I have.
> If I leave the master URL name in <baseurl> in config.xml in security/auth/geonodeauthprovider/ I'm able to authanticate as admin in geoserver only from the master site, but not from the geosites. If I follow the instruction to leave <baseurl> in config.xml in security/auth/geonodeauthprovider/ empty as decribed in https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md I cannot authenticate neither from the master site nor in the geosites.
> I guess I have something wrong somewhere.
> Probably my last email was a bit confused, due to the fact that I tried to change many times the configuration without positive results, and I was a bit frustrated.
> That said I'm ready to help the community as I can, I can write some lines from my notes about how to setup a geosite from a normal geonode installation, or if you prefer suggest which point in the documentation have to be updated, but consider I'm not a developer.
> Thanks
> Eugenio 
> Da: Francesco Bartoli <xbartolone at gmail.com>
> Inviato: giovedì 6 aprile 2017 17.46
> A: Eugenio Trumpy
> Cc: Alessio Fabiani; Simone Dalmasso; geonode-users at lists.osgeo.org
> Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites
> Dear Eugenio,
> since the master is not working and there is a plenty of documentation how a plain geonode 2.4 should be configured even for the old authentication mechanism I'd rather you did not claim help early for more complex features like multi tenancy authentication as opposed to challenging yourself to solve the easiest.
> That said I'd encourage again to keep notes of everything that could be helpful to improve our documentation for geosites and give back to the community with pull requests.
> Your project can be very useful in such a sense because what you are going to achieve is not common so far and in case of a successful integration (I'm quite sure of this) all the community can also further benefit.
> Many thanks
> Ciao
> Francesco   
> Sent from Nylas Pro, the most powerful email app for work
> On apr 6 2017, at 4:40 pm, Eugenio Trumpy <frippe12573 at hotmail.com> wrote: 
> Unfortunately I have to come back again on this topic, that seemed to be almost solved yesterday, because this morning I realized that in my running configuration I cannot view any layer (i.e. in the info page I see the pink tiles) if I'm not logged in geoserver as admin, and since the authentication via geonode dosen't currently work fine that is a problem. 
> This happen both from the master and from geosites.
> I think there still is some problem on geoserver configuration.
> No useful info on logs.
> Da: Simone Dalmasso <simone.dalmasso at gmail.com>
> Inviato: mercoledì 5 aprile 2017 15.39
> A: Eugenio Trumpy
> Cc: geonode-users at lists.osgeo.org
> Oggetto: Re: geoserver authentication in multi-geosites
> Eugenio, I don't see wrong config. It is ok I guess to leave the master site host in the gs config as well as I think it is ok that you cannot log in directly into gs from a child site. That said, when geosites was developed, the geoserver ext was modified to make sure that geoserver pings the same host that made the http request for authentication instead of relying on the base url parameter. So ideally it should work as you would expect. 
> 2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com>:
> Hi,
> I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7, java8).
> I had to upgrade geoserver from 2.7.x version up to 2.9.x.
> In the system I configured geonode to work as multi-geosites.
> The master site is the normal geonode site, I mean it use the local_setting.py I have in /geonode/geonode
> The geosites are in /geonode/geonode/contrib/geosites, and they use the relative config files.
> The documentation: https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md
> indicates to leave empty <baseurl> in config.xml in security/auth/geonodeauthprovider/
> In that way I have this error:
> java.lang.IllegalArgumentException: host parameter is null
> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
> 	org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
> 	org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
> 	org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
> 	org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
> 	org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
> 	org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
> 	org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
> 	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
> 	org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
> 	org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
> 	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
> 	org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
> 	org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> 	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
> 	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
> 	org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
> 	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> 	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
> 	org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
> 	org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
> 	org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
> 	org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
> 	org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
> 	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> both if I use the geoserver link in the menu (once logged in) and if I call geoserver by using the geoserver url in the browser address bar.
> If set the doman name of the master site in <baseurl> in config.xml in security/auth/geonodeauthprovider/
> I'm able to enter in geoserver as admin from the menu, by the way doing the same operation from a geosite
> I got the geoserverage but not logged.
> The master site virtualhost as well as those of the geosites have the proxypass and reverse pointing to http://localhost:8080/geoserver
> The same in /geonode/geonode/contrib/geosites/local_setting.py and pre-setting.py I have http://localhost:8080/geoserver
> Is there a wrong configuration?
> Any hints?
> -- 
> Simone 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170409/20ade74b/attachment-0001.html>

More information about the geonode-users mailing list