[GeoNode-users] geoserver authentication in multi-geosites

Simone Dalmasso simone.dalmasso at gmail.com
Wed May 31 07:09:25 PDT 2017


Oh, sorry. Another thing to test then.

2017-05-31 16:07 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com>:

> Hi all,
>
>
> Alessio is right. Even if I'm using the old system unfortunately I still
> have problems.
>
>
> E.
>
>
> ------------------------------
> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
> *Inviato:* mercoledì 31 maggio 2017 16:06
> *A:* Simone Dalmasso
> *Cc:* Eugenio Trumpy; geonode-users
>
> *Oggetto:* Re: [GeoNode-users] geoserver authentication in multi-geosites
>
> Hi Simone,
> as far as I have seen Eugenio is still using the old A&A method based on
> cookies not OAuth2 yet.
>
> The problem of download the raster layer is due to the fact the that layer
> has been configured as a cascaded WMS, which is currently not handled by
> GeoNode.
>
> On Wed, May 31, 2017 at 4:02 PM, Simone Dalmasso <
> simone.dalmasso at gmail.com> wrote:
>
>> Ciao guys, just to point out that I think Eugenio is the first one using
>> the new oauth2 with geosites, none of us ever tested it I think :) we
>> should though to make sure everything is still working. Eugenio thanks for
>> the feedbacks so far.
>>
>> 2017-05-31 15:55 GMT+02:00 Alessio Fabiani <alessio.fabiani at gmail.com>:
>>
>>> I guess I got the problem, you configured the layer as a cascade WMS.
>>>
>>> However, sorry... what was exactly the issue?
>>>
>>> On Wed, May 31, 2017 at 3:52 PM, Eugenio Trumpy <frippe12573 at hotmail.com
>>> > wrote:
>>>
>>>> I see that layer as anonymous user.
>>>>
>>>>
>>>> E.
>>>>
>>>>
>>>> ------------------------------
>>>> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
>>>> *Inviato:* mercoledì 31 maggio 2017 15:45
>>>>
>>>> *A:* Eugenio Trumpy
>>>> *Cc:* geonode-users; Simone Dalmasso
>>>> *Oggetto:* Re: [GeoNode-users] geoserver authentication in
>>>> multi-geosites
>>>>
>>>> Hello Eugenio,
>>>> so, just do a quick test... if the layer is public, go to
>>>> http://geothoponode.igg.cnr.it/geoserver2 and, as anonymous user, try
>>>> to hit Layer Preview.
>>>>
>>>> If you don't see your layer listed here, that means that the security
>>>> (at least on that geoserver2 instance) does not allow you to access it as
>>>> an anonymous user.
>>>>
>>>> On Wed, May 31, 2017 at 3:20 PM, Eugenio Trumpy <
>>>> frippe12573 at hotmail.com> wrote:
>>>>
>>>>> Hi Alessio,
>>>>>
>>>>>
>>>>> the raster layer is a public layer. It can be seen by anyone (check
>>>>> box marked). There is also my name among the users. The same for download
>>>>> capabilities.
>>>>>
>>>>> I saw this information in the 'Change layer permissions' panel.
>>>>>
>>>>> What do you mean with "Is the geotiff present and configured on the
>>>>> second instance too"? If you mean that the raster layer is listed
>>>>> also in the child site,
>>>>>
>>>>> the answer is yes.
>>>>>
>>>>> I don't know how to catch the request, however the geoserver
>>>>> log output is:
>>>>>
>>>>> https://pastebin.com/W0K9LHde
>>>>>
>>>>>
>>>>> any hints?
>>>>>
>>>>>
>>>>> E.
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------
>>>>> *Da:* Alessio Fabiani <alessio.fabiani at gmail.com>
>>>>> *Inviato:* mercoledì 24 maggio 2017 15.50
>>>>> *A:* Eugenio Trumpy
>>>>> *Cc:* geonode-users; Simone Dalmasso
>>>>> *Oggetto:* Re: [GeoNode-users] geoserver authentication in
>>>>> multi-geosites
>>>>>
>>>>> Is the geotiff present and configured on the second instance too? Is
>>>>> it private or publicly accessible? Can you somehow intercept the requests
>>>>> and send them here?
>>>>>
>>>>> On May 20, 2017 15:20, "Eugenio Trumpy" <frippe12573 at hotmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>>
>>>>>> unfortunately I was not able to solve the issue raised in this
>>>>>> thread. I was just living in the situation described.
>>>>>>
>>>>>> However, today I have to face a consequent, I guess, issue.
>>>>>>
>>>>>> From a child site I'm not able to download a raster layer (uploaded
>>>>>> as tif) in geotiff format (i.e. in the download menu there is not the item
>>>>>> 'Geotiff').
>>>>>>
>>>>>> If I try to download the same raster layer from the master site it is
>>>>>> possible (i.e. in the download menu there is the item 'Geotiff').
>>>>>>
>>>>>> I think is a matter of geoserver configuration/authentication in
>>>>>> geonode-multitenancy environment.
>>>>>>
>>>>>>
>>>>>> Have you got any suggestion?
>>>>>>
>>>>>>
>>>>>> E.
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>> *Da:* Simone Dalmasso <simone.dalmasso at gmail.com>
>>>>>> *Inviato:* mercoledì 5 aprile 2017 15.39
>>>>>> *A:* Eugenio Trumpy
>>>>>> *Cc:* geonode-users at lists.osgeo.org
>>>>>> *Oggetto:* Re: geoserver authentication in multi-geosites
>>>>>>
>>>>>> Eugenio, I don't see wrong config. It is ok I guess to leave the
>>>>>> master site host in the gs config as well as I think it is ok that you
>>>>>> cannot log in directly into gs from a child site. That said, when geosites
>>>>>> was developed, the geoserver ext was modified to make sure that geoserver
>>>>>> pings the same host that made the http request for authentication instead
>>>>>> of relying on the base url parameter. So ideally it should work as you
>>>>>> would expect.
>>>>>>
>>>>>>
>>>>>> 2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com>:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>> I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7,
>>>>>>> java8).
>>>>>>>
>>>>>>> I had to upgrade geoserver from 2.7.x version up to 2.9.x.
>>>>>>>
>>>>>>> In the system I configured geonode to work as multi-geosites.
>>>>>>>
>>>>>>> The master site is the normal geonode site, I mean it use the
>>>>>>> local_setting.py I have in /geonode/geonode
>>>>>>>
>>>>>>> The geosites are in /geonode/geonode/contrib/geosites, and they use
>>>>>>> the relative config files.
>>>>>>>
>>>>>>>
>>>>>>> The documentation: https://github.com/terranodo/geosites-project
>>>>>>> /blob/master/GEOSITES-README.md
>>>>>>>
>>>>>>> indicates to leave empty <baseurl> in config.xml in
>>>>>>> security/auth/geonodeauthprovider/
>>>>>>>
>>>>>>> In that way I have this error:
>>>>>>>
>>>>>>> java.lang.IllegalArgumentException: host parameter is null
>>>>>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
>>>>>>> 	org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
>>>>>>> 	org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
>>>>>>> 	org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
>>>>>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
>>>>>>> 	org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
>>>>>>> 	org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
>>>>>>> 	org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
>>>>>>> 	org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
>>>>>>> 	org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
>>>>>>> 	org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
>>>>>>> 	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
>>>>>>> 	org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
>>>>>>> 	org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
>>>>>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
>>>>>>> 	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
>>>>>>> 	org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
>>>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
>>>>>>> 	org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
>>>>>>> 	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
>>>>>>> 	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
>>>>>>> 	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
>>>>>>> 	org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
>>>>>>> 	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
>>>>>>> 	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
>>>>>>> 	org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
>>>>>>> 	org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
>>>>>>> 	org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
>>>>>>> 	org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
>>>>>>> 	org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
>>>>>>> 	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
>>>>>>>
>>>>>>> both if I use the geoserver link in the menu (once logged in) and if
>>>>>>> I call geoserver by using the geoserver url in the browser address bar.
>>>>>>>
>>>>>>>
>>>>>>> If set the doman name of the master site in <baseurl> in config.xml
>>>>>>> in security/auth/geonodeauthprovider/
>>>>>>>
>>>>>>> I'm able to enter in geoserver as admin from the menu, by the way
>>>>>>> doing the same operation from a geosite
>>>>>>>
>>>>>>> I got the geoserverage but not logged.
>>>>>>>
>>>>>>>
>>>>>>> The master site virtualhost as well as those of the geosites have
>>>>>>> the proxypass and reverse pointing to http://localhost:8080/geoserve
>>>>>>> r
>>>>>>>
>>>>>>> The same in /geonode/geonode/contrib/geosites/local_setting.py and
>>>>>>> pre-setting.py I have http://localhost:8080/geoserver
>>>>>>>
>>>>>>>
>>>>>>> Is there a wrong configuration?
>>>>>>>
>>>>>>> Any hints?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Simone
>>>>>>
>>>>>> _______________________________________________
>>>>>> geonode-users mailing list
>>>>>> geonode-users at lists.osgeo.org
>>>>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>>>
>>>>>>
>>>>
>>>
>>
>>
>> --
>> Simone
>>
>
>


-- 
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170531/cf51d0ef/attachment-0001.html>


More information about the geonode-users mailing list