[GeoNode-users] geoserver authentication in multi-geosites

Eugenio Trumpy frippe12573 at hotmail.com
Wed May 31 07:51:59 PDT 2017


I don't know why, but once I downloaded the layer in geotiff format from geoserver as anonymous user, now I'm able to see the geotiff item as choice for download in geonode. That's is strange! But this does not solve the problem. I have just tested with a new uploaded raster layer but I got no positive results.


E.


________________________________
Da: Alessio Fabiani <alessio.fabiani at gmail.com>
Inviato: mercoledì 31 maggio 2017 16:17
A: Eugenio Trumpy
Cc: geonode-users; Simone Dalmasso
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites

In that case I guess there are two possible causes (I would need some time to investigate more on this thoguh):

1. Download Links (somehow) are not generated on your GeoNode DB; this is the most probable cause. Currently there is no other solution than create the manually or either create a simple script that does it for you automatically.

2. GeoNode does not recognize the store type of the Resource.



On Wed, May 31, 2017 at 4:13 PM, Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:

This layer was uploaded directly from the child site. The original layer was in tif format,

so that geoserver stored it as geotiff store.


The issue was that such layer cannot be downloaded as geotiff.

As download choice I have only JPEG, PDF, PNG, KML, View in Google Earth, Tiles

instead of the complete list:
JPEG, PDF, PNG, ArcGrid, GeoTIFF, Gtopo30, ImageMosaic, KML, View in Google Earth, Tiles

E.

________________________________
Da: Alessio Fabiani <alessio.fabiani at gmail.com<mailto:alessio.fabiani at gmail.com>>
Inviato: mercoledì 31 maggio 2017 15:55

A: Eugenio Trumpy
Cc: geonode-users; Simone Dalmasso
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites

I guess I got the problem, you configured the layer as a cascade WMS.

However, sorry... what was exactly the issue?

On Wed, May 31, 2017 at 3:52 PM, Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:

I see that layer as anonymous user.


E.


________________________________
Da: Alessio Fabiani <alessio.fabiani at gmail.com<mailto:alessio.fabiani at gmail.com>>
Inviato: mercoledì 31 maggio 2017 15:45

A: Eugenio Trumpy
Cc: geonode-users; Simone Dalmasso
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites

Hello Eugenio,
so, just do a quick test... if the layer is public, go to http://geothoponode.igg.cnr.it/geoserver2 and, as anonymous user, try to hit Layer Preview.

If you don't see your layer listed here, that means that the security (at least on that geoserver2 instance) does not allow you to access it as an anonymous user.

On Wed, May 31, 2017 at 3:20 PM, Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:

Hi Alessio,


the raster layer is a public layer. It can be seen by anyone (check box marked). There is also my name among the users. The same for download capabilities.

I saw this information in the 'Change layer permissions' panel.

What do you mean with "Is the geotiff present and configured on the second instance too"? If you mean that the raster layer is listed also in the child site,

the answer is yes.

I don't know how to catch the request, however the geoserver log output is:

https://pastebin.com/W0K9LHde


any hints?


E.



________________________________
Da: Alessio Fabiani <alessio.fabiani at gmail.com<mailto:alessio.fabiani at gmail.com>>
Inviato: mercoledì 24 maggio 2017 15.50
A: Eugenio Trumpy
Cc: geonode-users; Simone Dalmasso
Oggetto: Re: [GeoNode-users] geoserver authentication in multi-geosites

Is the geotiff present and configured on the second instance too? Is it private or publicly accessible? Can you somehow intercept the requests and send them here?

On May 20, 2017 15:20, "Eugenio Trumpy" <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>> wrote:

Hi all,


unfortunately I was not able to solve the issue raised in this thread. I was just living in the situation described.

However, today I have to face a consequent, I guess, issue.

>From a child site I'm not able to download a raster layer (uploaded as tif) in geotiff format (i.e. in the download menu there is not the item 'Geotiff').

If I try to download the same raster layer from the master site it is possible (i.e. in the download menu there is the item 'Geotiff').

I think is a matter of geoserver configuration/authentication in geonode-multitenancy environment.


Have you got any suggestion?


E.


________________________________
Da: Simone Dalmasso <simone.dalmasso at gmail.com<mailto:simone.dalmasso at gmail.com>>
Inviato: mercoledì 5 aprile 2017 15.39
A: Eugenio Trumpy
Cc: geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
Oggetto: Re: geoserver authentication in multi-geosites

Eugenio, I don't see wrong config. It is ok I guess to leave the master site host in the gs config as well as I think it is ok that you cannot log in directly into gs from a child site. That said, when geosites was developed, the geoserver ext was modified to make sure that geoserver pings the same host that made the http request for authentication instead of relying on the base url parameter. So ideally it should work as you would expect.


2017-04-05 14:39 GMT+02:00 Eugenio Trumpy <frippe12573 at hotmail.com<mailto:frippe12573 at hotmail.com>>:

Hi,


I'm working on geonode 2.4 in a Ubuntu server 14.04LTS (tomcat7, java8).

I had to upgrade geoserver from 2.7.x version up to 2.9.x.

In the system I configured geonode to work as multi-geosites.

The master site is the normal geonode site, I mean it use the local_setting.py I have in /geonode/geonode

The geosites are in /geonode/geonode/contrib/geosites, and they use the relative config files.


The documentation: https://github.com/terranodo/geosites-project/blob/master/GEOSITES-README.md

indicates to leave empty <baseurl> in config.xml in security/auth/geonodeauthprovider/

In that way I have this error:

java.lang.IllegalArgumentException: host parameter is null
        org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:206)
        org.apache.commons.httpclient.HttpConnection.<init>(HttpConnection.java:155)
        org.apache.commons.httpclient.SimpleHttpConnectionManager.getConnectionWithTimeout(SimpleHttpConnectionManager.java:175)
        org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:153)
        org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
        org.geonode.security.HTTPClient.sendGET(HTTPClient.java:89)
        org.geonode.security.DefaultSecurityClient.authenticate(DefaultSecurityClient.java:185)
        org.geonode.security.DefaultSecurityClient.authenticateCookie(DefaultSecurityClient.java:116)
        org.geonode.security.GeoNodeAuthenticationProvider.authenticate(GeoNodeAuthenticationProvider.java:66)
        org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)
        org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
        org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:323)
        org.geonode.security.GeoNodeCookieProcessingFilter.doFilter(GeoNodeCookieProcessingFilter.java:94)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)
        org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
        org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)
        org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)
        org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
        org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
        org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
        org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
        org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)
        org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
        org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)
        org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)
        org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)
        org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)
        org.springframework.web.filter.CharacterEncodingFilter.doFilterIntaernal(CharacterEncodingFilter.java:121)
        org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

both if I use the geoserver link in the menu (once logged in) and if I call geoserver by using the geoserver url in the browser address bar.


If set the doman name of the master site in <baseurl> in config.xml in security/auth/geonodeauthprovider/

I'm able to enter in geoserver as admin from the menu, by the way doing the same operation from a geosite

I got the geoserverage but not logged.


The master site virtualhost as well as those of the geosites have the proxypass and reverse pointing to http://localhost:8080/geoserver

The same in /geonode/geonode/contrib/geosites/local_setting.py and pre-setting.py I have http://localhost:8080/geoserver


Is there a wrong configuration?

Any hints?





--
Simone

_______________________________________________
geonode-users mailing list
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-users




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170531/8660593e/attachment-0001.html>


More information about the geonode-users mailing list