[GeoNode-users] geonode-users Digest, Vol 45, Issue 84
John, Steffen
s.john at atenekom.eu
Thu Oct 25 03:05:29 PDT 2018
OK, I found the reason myself...
The Chainfilter "basic" of the Filter-Chain "default" was on second place behind geonode-oauth2. moving "basic" to first place makes it now possible to request the capabilities with basic auth.
I'm just wondering, why the basic auth was not checked before.. I thought the chain-filters are used in the order they are defined and if one filter could not authenticate the user, the next filter is used.
is that correct?
Steffen
Am Donnerstag, den 25.10.2018, 02:47 -0700 schrieb geonode-users-request at lists.osgeo.org:
Send geonode-users mailing list submissions to
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.osgeo.org/mailman/listinfo/geonode-users
or, via email, send a message with subject or body 'help' to
geonode-users-request at lists.osgeo.org<mailto:geonode-users-request at lists.osgeo.org>
You can reach the person managing the list at
geonode-users-owner at lists.osgeo.org<mailto:geonode-users-owner at lists.osgeo.org>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of geonode-users digest..."
Today's Topics:
1. Geoserver Basic Auth not working (John, Steffen)
----------------------------------------------------------------------
Message: 1
Date: Thu, 25 Oct 2018 09:47:16 +0000
From: "John, Steffen" <s.john at atenekom.eu<mailto:s.john at atenekom.eu>>
To: "geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>" <geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>>
Subject: [GeoNode-users] Geoserver Basic Auth not working
Message-ID:
<9be16c210685c16eef029abb429f696e6808615d.camel at atenekom.eu<mailto:9be16c210685c16eef029abb429f696e6808615d.camel at atenekom.eu>>
Content-Type: text/plain; charset="utf-8"
Hi!
I'm using GeoNode 2.10rc4 together with GeoServer 2.14 and I seem to have an Authentication Issue.
I need to send a GetCapabilities-Request to geonode/geoserver/ows? from an external app, which uses basis authentication. I'm using the credentials of the Geoserver Admin User but GeoServer doesn't seem to check the Basic Authentication and does not include layers in the Capabilities which are not accessible by everyone.
I included the GeoServer Log of this request at the end of this mail. Do you have any idea what is wrong or need to be changed in GeoServer?
thanks for your help.
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/web/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/gwc/rest/web/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_check'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_check/'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_login'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_login/'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_logout'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_logout/'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_logout'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_logout/'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/rest/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/gwc/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/geofence/rest/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/geofence/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities with /**
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security] - Inspecting the http request looking for the Custom Session ID.
2018-10-25 09:32:11,938 DEBUG [org.geoserver.security] - Found 2 cookies!
2018-10-25 09:32:11,974 DEBUG [org.geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate
2018-10-25 09:32:11,975 DEBUG [org.geoserver.monitor.OpenSessionInViewFilter] - Using SessionFactory 'hibSessionFactory' for OpenSessionInViewFilter
2018-10-25 09:32:11,975 DEBUG [org.geoserver.monitor.OpenSessionInViewFilter] - Opening single Hibernate Session in OpenSessionInViewFilter
2018-10-25 09:32:11,975 DEBUG [org.geoserver.monitor] - Testing /wms for monitor filtering
2018-10-25 09:32:11,994 DEBUG [org.geoserver.gwc.controller.GwcWmtsRestUrlHandlerMapping] - Looking up handler method for path /wms
2018-10-25 09:32:11,994 DEBUG [org.geoserver.gwc.controller.GwcWmtsRestUrlHandlerMapping] - Did not find handler method for [/wms]
2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]
2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]
2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]
2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]
2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]
2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]
2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]
2018-10-25 09:32:11,994 DEBUG [org.geoserver.ows.OWSHandlerMapping] - Mapping [/wms] to HandlerExecutionChain with handler [org.geoserver.ows.Dispatcher at 7a6b2128<mailto:org.geoserver.ows.Dispatcher at 7a6b2128>] and 1 interceptor
2018-10-25 09:32:11,998 INFO [org.geoserver.wms] -
Request: getServiceInfo
2018-10-25 09:32:11,999 INFO [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] starting, processing through flow controllers
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller BasicOWSController(wfs.getfeature.=application/msexcel,org.geoserver.flow.controller.SimpleThreadBlocker at 59ed6e35<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 59ed6e35>)
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller BasicOWSController(wfs.getfeature.=application/msexcel,org.geoserver.flow.controller.SimpleThreadBlocker at 59ed6e35<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 59ed6e35>)
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller org.geoserver.flow.controller.UserConcurrentFlowController at 34ca61af<mailto:org.geoserver.flow.controller.UserConcurrentFlowController at 34ca61af>
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - UserFlowController(6,GS_CFLOW_-7151e4b2:166875a40f3:-7ff8) queue size 1
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - UserFlowController(6,GS_CFLOW_-7151e4b2:166875a40f3:-7ff8) total queues 1
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller org.geoserver.flow.controller.UserConcurrentFlowController at 34ca61af<mailto:org.geoserver.flow.controller.UserConcurrentFlowController at 34ca61af>
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller BasicOWSController(wms.getmap,org.geoserver.flow.controller.SimpleThreadBlocker at 8d6e42f<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 8d6e42f>)
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller BasicOWSController(wms.getmap,org.geoserver.flow.controller.SimpleThreadBlocker at 8d6e42f<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 8d6e42f>)
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller BasicOWSController(gwc,org.geoserver.flow.controller.SimpleThreadBlocker at 2b97e67c<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 2b97e67c>)
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller BasicOWSController(gwc,org.geoserver.flow.controller.SimpleThreadBlocker at 2b97e67c<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 2b97e67c>)
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller GlobalFlowController(org.geoserver.flow.controller.SimpleThreadBlocker at 1939b9fd<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 1939b9fd>)
2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller GlobalFlowController(org.geoserver.flow.controller.SimpleThreadBlocker at 1939b9fd<mailto:org.geoserver.flow.controller.SimpleThreadBlocker at 1939b9fd>)
2018-10-25 09:32:11,999 INFO [org.geoserver.flow] - Request control-flow performed, running requests: 1, blocked requests: 0
2018-10-25 09:32:12,000 INFO [org.geoserver.wms] -
Request: getCapabilities
BaseUrl = http://geonode:80/geoserver/
Get = false
Namespace = null
RawKvp = {REQUEST=GetCapabilities, SERVICE=WMS}
Request = GetCapabilities
RequestCharset = null
UpdateSequence = null
Version = 1.3.0
2018-10-25 09:32:12,007 DEBUG [org.geoserver.wms.capabilities] - producing a capabilities document for GetCapabilities [service: WMS, version: 1.3.0]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Layer layer2
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Resource layer2
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - ResourceInfo filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer2"+]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer2"+]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning mode HIDE for resource FeatureTypeInfoImpl[layer2]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning VectorAccessLimits [readAttributes=null, writeAttributes=null, writeFilter=Filter.EXCLUDE, readFilter=Filter.EXCLUDE, mode=HIDE] for layer geonode:layer2 and user null
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for workspace geonode
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting admin auth for Workspace geonode
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - AdminAuth filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - AdminAuth Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Admin auth for User: Workspace:geonode: false
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Layer layer1
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Resource layer1
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - ResourceInfo filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer1"+]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer1"+]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning mode HIDE for resource FeatureTypeInfoImpl[layer1]
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning VectorAccessLimits [readAttributes=null, writeAttributes=null, writeFilter=Filter.EXCLUDE, readFilter=Filter.EXCLUDE, mode=HIDE] for layer geonode:layer1 and user null
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for workspace geonode
2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting admin auth for Workspace geonode
2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence] - AdminAuth filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]
2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence.cache] - AdminAuth Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]
2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence] - Admin auth for User: Workspace:geonode: false
2018-10-25 09:32:12,010 DEBUG [org.geoserver.wms.capabilities] - Collecting summarized latlonbbox and common SRS...
2018-10-25 09:32:12,010 DEBUG [org.geoserver.wms.capabilities] - Summarized LatLonBBox is Env[0.0 : -1.0, 0.0 : -1.0]
2018-10-25 09:32:12,018 DEBUG [org.geoserver.filters] - Compressing output for mimetype: text/xml
2018-10-25 09:32:12,023 INFO [org.geoserver.flow] - releasing flow controllers for [WMS 1.3.0 GetCapabilities]
2018-10-25 09:32:12,023 INFO [org.geoserver.flow] - Request completed, running requests: 0, blocked requests: 0
2018-10-25 09:32:12,024 DEBUG [org.geoserver.monitor.OpenSessionInViewFilter] - Closing single Hibernate Session in OpenSessionInViewFilter
2018-10-25 09:32:12,024 DEBUG [org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed
2018-10-25 09:32:48,595 DEBUG [org.geoserver.wps] - Removing statuses matching [[[ NOT [ completionTime IS NULL ] ] AND [ completionTime Before 2018-10-25T09:12Z ]] AND [[ NOT [ lastUpdated IS NULL ] ] AND [ lastUpdated Before 2018-10-25T09:12Z ]]]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20181025/da0f74fc/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
geonode-users mailing list
geonode-users at lists.osgeo.org<mailto:geonode-users at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/geonode-users
------------------------------
End of geonode-users Digest, Vol 45, Issue 84
*********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20181025/ad258b6c/attachment-0001.html>
More information about the geonode-users
mailing list