[GeoNode-users] geoserver authentication in multi-geosites
Eugenio Trumpy
frippe12573 at hotmail.com
Wed May 31 07:07:58 PDT 2017
Hi all,
Alessio is right. Even if I'm using the old system unfortunately I still have problems.
E.
________________________________
Da: Alessio Fabiani <alessio.fabiani at gmail.com>
Inviato: mercoledì 31 maggio 2017 16:06
A: Simone Dalmasso
Cc: Eugenio Trumpy; geonode-users
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites
Hi Simone,
as far as I have seen Eugenio is still using the old A&A method based on cookies not OAuth2 yet.
The problem of download the raster layer is due to the fact the that layer has been configured as a cascaded WMS, which is currently not handled by GeoNode.
On Wed, May 31, 2017 at 4:02 PM, Simone Dalmasso <simone.dalmasso at gmail.com<mailto:simone.dalmasso at gmail.com>> wrote:
Ciao guys, just to point out that I think Eugenio is the first one using the new oauth2 with geosites, none of us ever tested it I think :) we should though to make sure everything is still working. Eugenio thanks for the feedbacks so far.
2017-05-31 15:55 GMT+02:00 Alessio Fabiani <alessio.fabiani at gmail.com<mailto:alessio.fabiani at gmail.com>>:
I guess I got the problem, you configured the layer as a cascade WMS.
However, sorry... what was exactly the issue?
On Wed, May 31, 2017 at 3:52 PM, Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:
I see that layer as anonymous user.
E.
________________________________
Da: Alessio Fabiani <alessio.fabiani at gmail.com<mailto:alessio.fabiani at gmail.com>>
Inviato: mercoledì 31 maggio 2017 15:45
A: Eugenio Trumpy
Cc: geonode-users; Simone Dalmasso
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites
Hello Eugenio,
so, just do a quick test... if the layer is public, go to http://geothoponode.igg.cnr.it/geoserver2 and, as anonymous user, try to hit Layer Preview.
If you don't see your layer listed here, that means that the security (at least on that geoserver2 instance) does not allow you to access it as an anonymous user.
On Wed, May 31, 2017 at 3:20 PM, Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:
Hi Alessio,
the raster layer is a public layer. It can be seen by anyone (check box marked). There is also my name among the users. The same for download capabilities.
I saw this information in the 'Change layer permissions' panel.
What do you mean with "Is the geotiff present and configured on the second instance too"? If you mean that the raster layer is listed also in the child site,
the answer is yes.
I don't know how to catch the request, however the geoserver log output is:
https://pastebin.com/W0K9LHde
any hints?
E.
________________________________
Da: Alessio Fabiani <alessio.fabiani at gmail.com<mailto:alessio.fabiani at gmail.com>>
Inviato: mercoledì 24 maggio 2017 15.50
A: Eugenio Trumpy
Cc: geonode-users; Simone Dalmasso
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites
Is the geotiff present and configured on the second instance too? Is it private or publicly accessible? Can you somehow intercept the requests and send them here?
On May 20, 2017 15:20, "Eugenio Trumpy" <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:
Hi all,
unfortunately I was not able to solve the issue raised in this thread. I was just living in the situation described.
However, today I have to face a consequent, I guess, issue.
>From a child site I'm not able to download a raster layer (uploaded as tif) in geotiff format (i.e. in the download menu there is not the item 'Geotiff').
If I try to download the same raster layer from the master site it is possible (i.e. in the download menu there is the item 'Geotiff').
I think is a matter of geoserver configuration/authentication in geonode-multitenancy environment.
Have you got any suggestion?
E.
________________________________
Da: Simone Dalmasso <simone.dalmasso at gmail.com<mailto:simone.dalmasso at gmail.com>>
Inviato: mercoledì 5 aprile 2017 15.39
A: Eugenio Trumpy
Cc: geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
Oggetto: Re: geoserver authentication in multi-geosites
Eugenio, I don't see wrong config. It is ok I guess to leave the master site host in the gs config as well as I think it is ok that you cannot log in directly into gs from a child site. That said, when geosites was developed, the geoserver ext was modified to make sure that geoserver pings the same host that made the http request for authentication instead of relying on the base url parameter. So ideally it should work as you would expect.
2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>>:
Hi,
I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7, java8).
I had to upgrade geoserver from 2.7.x version up to 2.9.x.
In the system I configured geonode to work as multi-geosites.
The master site is the normal geonode site, I mean it use the local_setting.py I have in /geonode/geonode
The geosites are in /geonode/geonode/contrib/geosites, and they use the relative config files.
The documentation: https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md
indicates to leave empty <baseurl> in config.xml in security/auth/geonodeauthprovider/
In that way I have this error:
java.lang.IllegalArgumentException: host parameter is null
org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
both if I use the geoserver link in the menu (once logged in) and if I call geoserver by using the geoserver url in the browser address bar.
If set the doman name of the master site in <baseurl> in config.xml in security/auth/geonodeauthprovider/
I'm able to enter in geoserver as admin from the menu, by the way doing the same operation from a geosite
I got the geoserverage but not logged.
The master site virtualhost as well as those of the geosites have the proxypass and reverse pointing to http://localhost:8080/geoserver
The same in /geonode/geonode/contrib/geosites/local_setting.py and pre-setting.py I have http://localhost:8080/geoserver
Is there a wrong configuration?
Any hints?
--
Simone
_______________________________________________
geonode-users mailing list
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-users
--
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170531/e08b1b54/attachment-0001.html>
More information about the geonode-users
mailing list