[GeoNode-users] Geoserver Basic Auth not working
Alessio Fabiani
alessio.fabiani at geo-solutions.it
Thu Oct 25 03:43:43 PDT 2018
Hello,
you should pass through GeoNode proxies in order to authenticate on
GeoServer correctly.
Currently there exist several methods.
This is for anonymous/public (no auth) requests -> http://geonode/gs/ows
Those are for protected requests ->
http://geonode/gs/wms
http://geonode/gs/wfs
http://geonode/gs/wcs
Il giorno gio 25 ott 2018 alle ore 11:47 John, Steffen <s.john at atenekom.eu>
ha scritto:
> Hi!
>
> I'm using GeoNode 2.10rc4 together with GeoServer 2.14 and I seem to have
> an Authentication Issue.
>
> I need to send a GetCapabilities-Request to geonode/geoserver/ows? from an
> external app, which uses basis authentication. I'm using the credentials of
> the Geoserver Admin User but GeoServer doesn't seem to check the Basic
> Authentication and does not include layers in the Capabilities which are
> not accessible by everyone.
>
> I included the GeoServer Log of this request at the end of this mail. Do
> you have any idea what is wrong or need to be changed in GeoServer?
>
> thanks for your help.
>
>
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/web/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/gwc/rest/web/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_check'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_check/'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against
> '/j_spring_oauth2_geonode_login'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against
> '/j_spring_oauth2_geonode_login/'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_logout'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_logout/'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against
> '/j_spring_oauth2_geonode_logout'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against
> '/j_spring_oauth2_geonode_logout/'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/rest/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/gwc/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/geofence/rest/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/geofence/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking
> match of request : 'Path: /wms, QueryString:
> SERVICE=WMS&request=GetCapabilities'; against '/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Request
> matched by universal pattern '/**'
> 2018-10-25 09:32:11,938 DEBUG
> [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Matched
> Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities with /**
> 2018-10-25 09:32:11,938 DEBUG [org.geoserver.security] - Inspecting the
> http request looking for the Custom Session ID.
> 2018-10-25 09:32:11,938 DEBUG [org.geoserver.security] - Found 2 cookies!
> 2018-10-25 09:32:11,974 DEBUG [org.geoserver.security] -
> preAuthenticatedPrincipal = null, trying to authenticate
> 2018-10-25 09:32:11,975 DEBUG
> [org.geoserver.monitor.OpenSessionInViewFilter] - Using SessionFactory
> 'hibSessionFactory' for OpenSessionInViewFilter
> 2018-10-25 09:32:11,975 DEBUG
> [org.geoserver.monitor.OpenSessionInViewFilter] - Opening single Hibernate
> Session in OpenSessionInViewFilter
> 2018-10-25 09:32:11,975 DEBUG [org.geoserver.monitor] - Testing /wms for
> monitor filtering
> 2018-10-25 09:32:11,994 DEBUG
> [org.geoserver.gwc.controller.GwcWmtsRestUrlHandlerMapping] - Looking up
> handler method for path /wms
> 2018-10-25 09:32:11,994 DEBUG
> [org.geoserver.gwc.controller.GwcWmtsRestUrlHandlerMapping] - Did not find
> handler method for [/wms]
> 2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No
> handler mapping found for [/wms]
> 2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No
> handler mapping found for [/wms]
> 2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No
> handler mapping found for [/wms]
> 2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No
> handler mapping found for [/wms]
> 2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No
> handler mapping found for [/wms]
> 2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No
> handler mapping found for [/wms]
> 2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No
> handler mapping found for [/wms]
> 2018-10-25 09:32:11,994 DEBUG [org.geoserver.ows.OWSHandlerMapping] -
> Mapping [/wms] to HandlerExecutionChain with handler [
> org.geoserver.ows.Dispatcher at 7a6b2128] and 1 interceptor
> 2018-10-25 09:32:11,998 INFO [org.geoserver.wms] -
> Request: getServiceInfo
> 2018-10-25 09:32:11,999 INFO [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] starting, processing through flow controllers
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] checking flow controller
> BasicOWSController(wfs.getfeature.=application/msexcel,
> org.geoserver.flow.controller.SimpleThreadBlocker at 59ed6e35)
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] passed flow controller
> BasicOWSController(wfs.getfeature.=application/msexcel,
> org.geoserver.flow.controller.SimpleThreadBlocker at 59ed6e35)
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] checking flow controller
> org.geoserver.flow.controller.UserConcurrentFlowController at 34ca61af
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] -
> UserFlowController(6,GS_CFLOW_-7151e4b2:166875a40f3:-7ff8) queue size 1
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] -
> UserFlowController(6,GS_CFLOW_-7151e4b2:166875a40f3:-7ff8) total queues 1
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] passed flow controller
> org.geoserver.flow.controller.UserConcurrentFlowController at 34ca61af
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] checking flow controller BasicOWSController(wms.getmap,
> org.geoserver.flow.controller.SimpleThreadBlocker at 8d6e42f)
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] passed flow controller BasicOWSController(wms.getmap,
> org.geoserver.flow.controller.SimpleThreadBlocker at 8d6e42f)
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] checking flow controller BasicOWSController(gwc,
> org.geoserver.flow.controller.SimpleThreadBlocker at 2b97e67c)
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] passed flow controller BasicOWSController(gwc,
> org.geoserver.flow.controller.SimpleThreadBlocker at 2b97e67c)
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] checking flow controller GlobalFlowController(
> org.geoserver.flow.controller.SimpleThreadBlocker at 1939b9fd)
> 2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0
> GetCapabilities] passed flow controller GlobalFlowController(
> org.geoserver.flow.controller.SimpleThreadBlocker at 1939b9fd)
> 2018-10-25 09:32:11,999 INFO [org.geoserver.flow] - Request control-flow
> performed, running requests: 1, blocked requests: 0
> 2018-10-25 09:32:12,000 INFO [org.geoserver.wms] -
> Request: getCapabilities
> BaseUrl = http://geonode:80/geoserver/
> Get = false
> Namespace = null
> RawKvp = {REQUEST=GetCapabilities, SERVICE=WMS}
> Request = GetCapabilities
> RequestCharset = null
> UpdateSequence = null
> Version = 1.3.0
> 2018-10-25 09:32:12,007 DEBUG [org.geoserver.wms.capabilities] - producing
> a capabilities document for GetCapabilities [service: WMS, version: 1.3.0]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access
> limits for Layer layer2
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access
> limits for Resource layer2
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - ResourceInfo
> filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs
> ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+
> layer:"layer2"+]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - Request for
> RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+
> serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer2"+]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning mode
> HIDE for resource FeatureTypeInfoImpl[layer2]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning
> VectorAccessLimits [readAttributes=null, writeAttributes=null,
> writeFilter=Filter.EXCLUDE, readFilter=Filter.EXCLUDE, mode=HIDE] for layer
> geonode:layer2 and user null
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access
> limits for workspace geonode
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting admin
> auth for Workspace geonode
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - AdminAuth filter:
> RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+
> serv:ANY req:ANY ws:"geonode"+ layer:ANY]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - AdminAuth
> Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs
> ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Admin auth for
> User: Workspace:geonode: false
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access
> limits for Layer layer1
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access
> limits for Resource layer1
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - ResourceInfo
> filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs
> ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+
> layer:"layer1"+]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - Request for
> RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+
> serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer1"+]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning mode
> HIDE for resource FeatureTypeInfoImpl[layer1]
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning
> VectorAccessLimits [readAttributes=null, writeAttributes=null,
> writeFilter=Filter.EXCLUDE, readFilter=Filter.EXCLUDE, mode=HIDE] for layer
> geonode:layer1 and user null
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access
> limits for workspace geonode
> 2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting admin
> auth for Workspace geonode
> 2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence] - AdminAuth filter:
> RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+
> serv:ANY req:ANY ws:"geonode"+ layer:ANY]
> 2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence.cache] - AdminAuth
> Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs
> ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]
> 2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence] - Admin auth for
> User: Workspace:geonode: false
> 2018-10-25 09:32:12,010 DEBUG [org.geoserver.wms.capabilities] -
> Collecting summarized latlonbbox and common SRS...
> 2018-10-25 09:32:12,010 DEBUG [org.geoserver.wms.capabilities] -
> Summarized LatLonBBox is Env[0.0 : -1.0, 0.0 : -1.0]
> 2018-10-25 09:32:12,018 DEBUG [org.geoserver.filters] - Compressing output
> for mimetype: text/xml
> 2018-10-25 09:32:12,023 INFO [org.geoserver.flow] - releasing flow
> controllers for [WMS 1.3.0 GetCapabilities]
> 2018-10-25 09:32:12,023 INFO [org.geoserver.flow] - Request completed,
> running requests: 0, blocked requests: 0
> 2018-10-25 09:32:12,024 DEBUG
> [org.geoserver.monitor.OpenSessionInViewFilter] - Closing single Hibernate
> Session in OpenSessionInViewFilter
> 2018-10-25 09:32:12,024 DEBUG
> [org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1]
> - SecurityContextHolder now cleared, as request processing completed
> 2018-10-25 09:32:48,595 DEBUG [org.geoserver.wps] - Removing statuses
> matching [[[ NOT [ completionTime IS NULL ] ] AND [ completionTime Before
> 2018-10-25T09:12Z ]] AND [[ NOT [ lastUpdated IS NULL ] ] AND [ lastUpdated
> Before 2018-10-25T09:12Z ]]]
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
--
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information.
==
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A - 55054 Massarosa (LU) - Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20181025/61e59443/attachment-0001.html>
More information about the geonode-users
mailing list