[GeoNode-users] Layer Security Geonode/Geoserver

John, Steffen s.john at atenekom.eu
Tue Jun 13 01:10:56 PDT 2017


Hi!

thanks for hints. Unfortunately, creating a new geonode layer which refers to layer group does not work.
The problem is that layer needs a datastore and layer groups don't have a layer store.

Anyways, isn't there a possibility to adjust the security setting (filterchains and provider chain) in such a way, that the geoserver mechanism of security is used, whenever there is no authentification via Geonode?

cheers,
Steffen

Am Freitag, den 09.06.2017, 06:55 -0700 schrieb geonode-users-request at lists.osgeo.org:

Send geonode-users mailing list submissions to
        geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.osgeo.org/mailman/listinfo/geonode-users
or, via email, send a message with subject or body 'help' to
        geonode-users-request at lists.osgeo.org<mailto:geonode-users-request at lists.osgeo.org>

You can reach the person managing the list at
        geonode-users-owner at lists.osgeo.org<mailto:geonode-users-owner at lists.osgeo.org>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of geonode-users digest..."


Today's Topics:

   1. Layer Security Geonode/Geoserver (John, Steffen)
   2. Re: Layer Security Geonode/Geoserver (Alessio Fabiani)
   3. Re: Layer Editing Error (Naresh N)


----------------------------------------------------------------------

Message: 1
Date: Fri, 9 Jun 2017 13:17:57 +0000
From: "John, Steffen" <s.john at atenekom.eu<mailto:s.john at atenekom.eu>>
To: "geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>" <geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>>
Subject: [GeoNode-users] Layer Security Geonode/Geoserver
Message-ID: <1497014277.26822.1.camel at atenekom.eu<mailto:1497014277.26822.1.camel at atenekom.eu>>
Content-Type: text/plain; charset="utf-8"

Hi!
I'm using Geonode 2.4 with Geoserver 2.7. I'm actually not sure whether this question belongs to GeoNode or GeoServer mailing list.
Here what I want to do:

I added a layer group to Geoserver and want to add this as a backgroundlayer to the geonode maps (for example at creating a new map). Since layer groups are not supported from Geonode, I added this layergroup as "external" WMS by appending its properties to MAP_BASELAYERS in settings.py.

The Problem:
This works fine as long as a user is logged in in Geonode. Anonymous Users get red tiles. Since I can't add the layer to Geonode I also can't set the permission for it.

I thought it must be possible to grant access for anonymous users from the Geoserver security for only this layer. I tried all the Geoserver security tutorials, read about filter and provider chains, modified layers.properties and tried somehow changing the authentification filters, but none of it worked. It is very complex and I still didn't understood it, completely.

I was actually wondering, because the layers and service security is both set to *.*, meaning that access to all services and layers is granted to all roles. But this doesn't seem to be the case.

To summarize:

I want to grant access for anonymous users for a specific layer group in Geoserver. Other layers should be secured as normal.
Ideally, the access is not granted to everyone, but only to requests with a specific referer information in the request, but I'm not sure if this is even possible.

Any hints are highly appreciated.
Thanks a lot!

Steffen


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170609/2edba2b2/attachment-0001.html>

------------------------------

Message: 2
Date: Fri, 9 Jun 2017 15:25:41 +0200
From: Alessio Fabiani <alessio.fabiani at geo-solutions.it<mailto:alessio.fabiani at geo-solutions.it>>
To: "John, Steffen" <s.john at atenekom.eu<mailto:s.john at atenekom.eu>>
Cc: "geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>" <geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>>
Subject: Re: [GeoNode-users] Layer Security Geonode/Geoserver
Message-ID:
        <CAM7ZvL+y7bZNqbM3DcTLMXRy9iQpvt8HvjJiBO_7k6Jf+0JnQA at mail.gmail.com<mailto:CAM7ZvL+y7bZNqbM3DcTLMXRy9iQpvt8HvjJiBO_7k6Jf+0JnQA at mail.gmail.com>>
Content-Type: text/plain; charset="utf-8"

Hello,

for version GeoNode 2.4 + GeoServer 2.7 could be not so straight.
A possible solutions (not sure if actually works) could be to create a new
"Layer" on GeoNode referring to the GeoServer LayerGroup (you can use
another existing Layer as template for the values) and set permissions to
"Anonymous" from GeoNode.

This is because GeoNode 2.4 uses a REST API with the list of allowed layers
in order to allow GeoServer understand which ones are accessible or not.

Make a try and let me know if it works.



Best Regards,
Alessio Fabiani.

==

GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani
@alfa7691
github <https://github.com/afabiani?tab=overview>
Founder/Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313 <0584%20962313>
fax:     +39 0584 1660272 <0584%20166%200272>

http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility  for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
---------------------------------------------------------------------

On Fri, Jun 9, 2017 at 3:17 PM, John, Steffen <s.john at atenekom.eu<mailto:s.john at atenekom.eu>> wrote:



Hi!
I'm using Geonode 2.4 with Geoserver 2.7. I'm actually not sure whether
this question belongs to GeoNode or GeoServer mailing list.
Here what I want to do:

I added a layer group to Geoserver and want to add this as a
backgroundlayer to the geonode maps (for example at creating a new map).
Since layer groups are not supported from Geonode, I added this layergroup
as "external" WMS by appending its properties to MAP_BASELAYERS in
settings.py.

The Problem:
This works fine as long as a user is logged in in Geonode. Anonymous Users
get red tiles. Since I can't add the layer to Geonode I also can't set the
permission for it.

I thought it must be possible to grant access for anonymous users from the
Geoserver security for only this layer. I tried all the Geoserver security
tutorials, read about filter and provider chains, modified
layers.properties and tried somehow changing the authentification filters,
but none of it worked. It is very complex and I still didn't understood it,
completely.

I was actually wondering, because the layers and service security is both
set to *.*, meaning that access to all services and layers is granted to
all roles. But this doesn't seem to be the case.

To summarize:

I want to grant access for anonymous users for a specific layer group in
Geoserver. Other layers should be secured as normal.
Ideally, the access is not granted to everyone, but only to requests with
a specific referer information in the request, but I'm not sure if this is
even possible.

Any hints are highly appreciated.
Thanks a lot!

Steffen



_______________________________________________
geonode-users mailing list
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-users




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170609/3d55e9e4/attachment-0001.html>

------------------------------

Message: 3
Date: Fri, 9 Jun 2017 19:25:54 +0530
From: Naresh N <naresh919 at gmail.com<mailto:naresh919 at gmail.com>>
To: Francesco Bartoli <xbartolone at gmail.com<mailto:xbartolone at gmail.com>>
Cc: Simone Dalmasso <simone.dalmasso at gmail.com<mailto:simone.dalmasso at gmail.com>>,
        "geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>" <geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>>
Subject: Re: [GeoNode-users] Layer Editing Error
Message-ID:
        <CAKAPXzMiK4N0RP6wbuOY=AePFK7Z3ztHMzZg6P3_-qUHZyDkPw at mail.gmail.com<mailto:CAKAPXzMiK4N0RP6wbuOY=AePFK7Z3ztHMzZg6P3_-qUHZyDkPw at mail.gmail.com>>
Content-Type: text/plain; charset="utf-8"

Dear ALL,
 Although all the functionalities of GeoNode working except permissions of
Layers. Please kindly help me to resolve the issue.
1. Layers Uploaded with  Username: XXXXX  with password:XXXX and permission
for visualize is given to specific user. But with layer name and layer url
with out credentials layer is loading.

 Please help me how to over come the issue. As I mentioned in my earlier
mail I am configured GeoNode2.4.x  in RHEL 7.2 64 bit machine.
 Since I could not able find geoserver.war file in geonode2.4.zip file ,I
have  downloaded  Geoserver2.7.4 war from Geoserver official site and
followed the rest of the steps.

 Thanks,
Naresh



On Fri, Jun 9, 2017 at 2:21 PM, Naresh N <naresh919 at gmail.com<mailto:naresh919 at gmail.com>> wrote:



Dear Bartoli,Simone,
 Thanks for the helping. Downloaded Geosever2.7.4 war from Geoserver
official site and replaced  with Geoserver2.11.1, the layer editing
functionality is worked. Now i understand that basically issue is with
Geoserver version . Now I am checking all other functionalities, hoping  I
will not get any unexpected error/behaviour.

Thanks again........

Thanks,
Naresh

On Fri, Jun 9, 2017 at 1:12 PM, Francesco Bartoli <xbartolone at gmail.com<mailto:xbartolone at gmail.com>>
wrote:



Naresh,

the same command suggested by Simone should download the correct
GeoServer version which relies on the old authentication system.

Francesco

Il giorno 09/giu/2017, alle ore 09:39, Naresh N <naresh919 at gmail.com<mailto:naresh919 at gmail.com>> ha
scritto:

Dear Simone,
I have deployed GeoNode 2.4 version. I think there is no concept of oauth
in GeoNode 2.4 version.I am facing the issue with GeoNode 2.4. Please
suggest how to overcome the issue in GeoNode2.4 version

Thanks,
Naresh

On Fri, Jun 9, 2017 at 12:57 PM, Simone Dalmasso <
simone.dalmasso at gmail.com<mailto:simone.dalmasso at gmail.com>> wrote:



Running "paver setup" in your geonode virtualenv will download it into
the "downloaded folder" Then you will have to configure the oauth2
mechanism http://docs.geonode.org/en/master/tutorials/admin/
geoserver_geonode_security/index.html#geonode-and-geoserver-
a-a-interaction

2017-06-09 9:19 GMT+02:00 Naresh N <naresh919 at gmail.com<mailto:naresh919 at gmail.com>>:



Dear Simone,
 Thanks for the response.
 But I have configured GeoNode2.4 in my RHEL machine. In downloaded
GeoNode Zip Geoserver.war file is not available. How to get shipped
geoserver.war file in case of GeoNode deployment in Linux.

Thanks,
Naresh

On Fri, Jun 9, 2017 at 12:44 PM, Simone Dalmasso <
simone.dalmasso at gmail.com<mailto:simone.dalmasso at gmail.com>> wrote:



Hi,
GeoNode requires it's own Geoserver. It is shipped with it and is
version 2.9. Security and permissions won't work otherwise.

2017-06-09 8:58 GMT+02:00 Naresh N <naresh919 at gmail.com<mailto:naresh919 at gmail.com>>:



Dear ALL,


When I am editing the layer it is showing following error. Please
suggest to fix

<ows:ExceptionReport xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ows="http://www.opengis.net/ows" xmlns:xsi="http://www.w3.org/2
001/XMLSchema-instance" version="1.0.0" xsi:schemaLocation="
http://www.opengis.net/ows http://192.168.198.209/geoserv
er/schemas/ows/1.0.0/owsExceptionReport.xsd">
  <ows:Exception exceptionCode="NoApplicableCode">
    <ows:ExceptionText>{http://192.168.198.209/geoserver/cite}_6
_9_2017_9657073 is read-only</ows:ExceptionText>
  </ows:Exception>
</ows:ExceptionReport>

System Details : Geo Node is configured in RHEL7.2 64 bit machine
                         Geoserver version 2.11.1
                            jre version is 1.8


* Note:  If login the geoserver with admin credential in another tab
and layer editing functionality is working*


*Please kindly suggest any layer security settings need to update in
Geoserver2.11.1*

*Thanks,*

*Naresh*

_______________________________________________
geonode-users mailing list
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-users






--
Simone









--
Simone




_______________________________________________
geonode-users mailing list
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-users








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170609/9d8f6486/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
geonode-users mailing list
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-users


------------------------------

End of geonode-users Digest, Vol 29, Issue 28
*********************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170613/19fa2e8f/attachment-0001.html>


More information about the geonode-users mailing list