[GeoNode-users] geoserver authentication in multi-geosites

Alessio Fabiani alessio.fabiani at gmail.com
Wed May 31 07:06:11 PDT 2017


Hi Simone,
as far as I have seen Eugenio is still using the old A&A method based on
cookies not OAuth2 yet.

The problem of download the raster layer is due to the fact the that layer
has been configured as a cascaded WMS, which is currently not handled by
GeoNode.

On Wed, May 31, 2017 at 4:02 PM, Simone Dalmasso <simone.dalmasso at gmail.com>
wrote:

> Ciao guys, just to point out that I think Eugenio is the first one using
> the new oauth2 with geosites, none of us ever tested it I think :) we
> should though to make sure everything is still working. Eugenio thanks for
> the feedbacks so far.
>
> 2017-05-31 15:55 GMT+02:00 Alessio Fabiani <alessio.fabiani at gmail.com>:
>
>> I guess I got the problem, you configured the layer as a cascade WMS.
>>
>> However, sorry... what was exactly the issue?
>>
>> On Wed, May 31, 2017 at 3:52 PM, Eugenio Trumpy <frippe12573 at hotmail.com>
>> wrote:
>>
>>> I see that layer as anonymous user.
>>>
>>>
>>> E.
>>>
>>>
>>> ------------------------------
>>> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
>>> *Inviato:* mercoledì 31 maggio 2017 15:45
>>>
>>> *A:* Eugenio Trumpy
>>> *Cc:* geonode-users; Simone Dalmasso
>>> *Oggetto:* Re: [GeoNode-users] geoserver authentication in
>>> multi-geosites
>>>
>>> Hello Eugenio,
>>> so, just do a quick test... if the layer is public, go to
>>> http://geothoponode.igg.cnr.it/geoserver2 and, as anonymous user, try
>>> to hit Layer Preview.
>>>
>>> If you don't see your layer listed here, that means that the security
>>> (at least on that geoserver2 instance) does not allow you to access it as
>>> an anonymous user.
>>>
>>> On Wed, May 31, 2017 at 3:20 PM, Eugenio Trumpy <frippe12573 at hotmail.com
>>> > wrote:
>>>
>>>> Hi Alessio,
>>>>
>>>>
>>>> the raster layer is a public layer. It can be seen by anyone (check box
>>>> marked). There is also my name among the users. The same for download
>>>> capabilities.
>>>>
>>>> I saw this information in the 'Change layer permissions' panel.
>>>>
>>>> What do you mean with "Is the geotiff present and configured on the
>>>> second instance too"? If you mean that the raster layer is listed also
>>>> in the child site,
>>>>
>>>> the answer is yes.
>>>>
>>>> I don't know how to catch the request, however the geoserver log output
>>>> is:
>>>>
>>>> https://pastebin.com/W0K9LHde
>>>>
>>>>
>>>> any hints?
>>>>
>>>>
>>>> E.
>>>>
>>>>
>>>>
>>>> ------------------------------
>>>> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
>>>> *Inviato:* mercoledì 24 maggio 2017 15.50
>>>> *A:* Eugenio Trumpy
>>>> *Cc:* geonode-users; Simone Dalmasso
>>>> *Oggetto:* Re: [GeoNode-users] geoserver authentication in
>>>> multi-geosites
>>>>
>>>> Is the geotiff present and configured on the second instance too? Is it
>>>> private or publicly accessible? Can you somehow intercept the requests and
>>>> send them here?
>>>>
>>>> On May 20, 2017 15:20, "Eugenio Trumpy" <frippe12573 at hotmail.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>>
>>>>> unfortunately I was not able to solve the issue raised in this thread.
>>>>> I was just living in the situation described.
>>>>>
>>>>> However, today I have to face a consequent, I guess, issue.
>>>>>
>>>>> From a child site I'm not able to download a raster layer (uploaded as
>>>>> tif) in geotiff format (i.e. in the download menu there is not the item
>>>>> 'Geotiff').
>>>>>
>>>>> If I try to download the same raster layer from the master site it is
>>>>> possible (i.e. in the download menu there is the item 'Geotiff').
>>>>>
>>>>> I think is a matter of geoserver configuration/authentication in
>>>>> geonode-multitenancy environment.
>>>>>
>>>>>
>>>>> Have you got any suggestion?
>>>>>
>>>>>
>>>>> E.
>>>>>
>>>>>
>>>>> ------------------------------
>>>>> *Da:* Simone Dalmasso <simone.dalmasso at gmail.com>
>>>>> *Inviato:* mercoledì 5 aprile 2017 15.39
>>>>> *A:* Eugenio Trumpy
>>>>> *Cc:* geonode-users at lists.osgeo.org
>>>>> *Oggetto:* Re: geoserver authentication in multi-geosites
>>>>>
>>>>> Eugenio, I don't see wrong config. It is ok I guess to leave the
>>>>> master site host in the gs config as well as I think it is ok that you
>>>>> cannot log in directly into gs from a child site. That said, when geosites
>>>>> was developed, the geoserver ext was modified to make sure that geoserver
>>>>> pings the same host that made the http request for authentication instead
>>>>> of relying on the base url parameter. So ideally it should work as you
>>>>> would expect.
>>>>>
>>>>>
>>>>> 2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com>:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7,
>>>>>> java8).
>>>>>>
>>>>>> I had to upgrade geoserver from 2.7.x version up to 2.9.x.
>>>>>>
>>>>>> In the system I configured geonode to work as multi-geosites.
>>>>>>
>>>>>> The master site is the normal geonode site, I mean it use the
>>>>>> local_setting.py I have in /geonode/geonode
>>>>>>
>>>>>> The geosites are in /geonode/geonode/contrib/geosites, and they use
>>>>>> the relative config files.
>>>>>>
>>>>>>
>>>>>> The documentation: https://github.com/terranodo/geosites-project
>>>>>> /blob/master/GEOSITES-README.md
>>>>>>
>>>>>> indicates to leave empty <baseurl> in config.xml in
>>>>>> security/auth/geonodeauthprovider/
>>>>>>
>>>>>> In that way I have this error:
>>>>>>
>>>>>> java.lang.IllegalArgumentException: host parameter is null
>>>>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
>>>>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
>>>>>> 	org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
>>>>>> 	org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
>>>>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
>>>>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
>>>>>> 	org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
>>>>>> 	org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
>>>>>> 	org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
>>>>>> 	org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
>>>>>> 	org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
>>>>>> 	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
>>>>>> 	org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
>>>>>> 	org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
>>>>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
>>>>>> 	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
>>>>>> 	org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
>>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
>>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
>>>>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>>>>> 	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
>>>>>> 	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
>>>>>> 	org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
>>>>>> 	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>>>>>> 	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
>>>>>> 	org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
>>>>>> 	org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
>>>>>> 	org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
>>>>>> 	org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
>>>>>> 	org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
>>>>>> 	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>>>>>>
>>>>>> both if I use the geoserver link in the menu (once logged in) and if
>>>>>> I call geoserver by using the geoserver url in the browser address bar.
>>>>>>
>>>>>>
>>>>>> If set the doman name of the master site in <baseurl> in config.xml
>>>>>> in security/auth/geonodeauthprovider/
>>>>>>
>>>>>> I'm able to enter in geoserver as admin from the menu, by the way
>>>>>> doing the same operation from a geosite
>>>>>>
>>>>>> I got the geoserverage but not logged.
>>>>>>
>>>>>>
>>>>>> The master site virtualhost as well as those of the geosites have the
>>>>>> proxypass and reverse pointing to http://localhost:8080/geoserver
>>>>>>
>>>>>> The same in /geonode/geonode/contrib/geosites/local_setting.py and
>>>>>> pre-setting.py I have http://localhost:8080/geoserver
>>>>>>
>>>>>>
>>>>>> Is there a wrong configuration?
>>>>>>
>>>>>> Any hints?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Simone
>>>>>
>>>>> _______________________________________________
>>>>> geonode-users mailing list
>>>>> geonode-users at lists.osgeo.org
>>>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>>
>>>>>
>>>
>>
>
>
> --
> Simone
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170531/913af6ee/attachment-0001.html>


More information about the geonode-users mailing list