<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="text-align:left; direction:ltr;">
<div>Hi!</div>
<div><br>
</div>
<div>I'm using GeoNode 2.10rc4 together with GeoServer 2.14 and I seem to have an Authentication Issue.</div>
<div><br>
</div>
<div>I need to send a GetCapabilities-Request to geonode/geoserver/ows? from an external app, which uses basis authentication. I'm using the credentials of the Geoserver Admin User but GeoServer doesn't seem to check the Basic Authentication and does not include
layers in the Capabilities which are not accessible by everyone.</div>
<div><br>
</div>
<div>I included the GeoServer Log of this request at the end of this mail. Do you have any idea what is wrong or need to be changed in GeoServer?</div>
<div><br>
</div>
<div>thanks for your help.</div>
<div><br>
</div>
<div><br>
</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/web/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/gwc/rest/web/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_check'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_check/'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_login'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_login/'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_logout'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_security_logout/'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_logout'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/j_spring_oauth2_geonode_logout/'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/rest/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/gwc/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/geofence/rest/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/geofence/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities'; against '/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /wms, QueryString: SERVICE=WMS&request=GetCapabilities with /**</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security] - Inspecting the http request looking for the Custom Session ID.</div>
<div>2018-10-25 09:32:11,938 DEBUG [org.geoserver.security] - Found 2 cookies!</div>
<div>2018-10-25 09:32:11,974 DEBUG [org.geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate</div>
<div>2018-10-25 09:32:11,975 DEBUG [org.geoserver.monitor.OpenSessionInViewFilter] - Using SessionFactory 'hibSessionFactory' for OpenSessionInViewFilter</div>
<div>2018-10-25 09:32:11,975 DEBUG [org.geoserver.monitor.OpenSessionInViewFilter] - Opening single Hibernate Session in OpenSessionInViewFilter</div>
<div>2018-10-25 09:32:11,975 DEBUG [org.geoserver.monitor] - Testing /wms for monitor filtering</div>
<div>2018-10-25 09:32:11,994 DEBUG [org.geoserver.gwc.controller.GwcWmtsRestUrlHandlerMapping] - Looking up handler method for path /wms</div>
<div>2018-10-25 09:32:11,994 DEBUG [org.geoserver.gwc.controller.GwcWmtsRestUrlHandlerMapping] - Did not find handler method for [/wms]</div>
<div>2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]</div>
<div>2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]</div>
<div>2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]</div>
<div>2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]</div>
<div>2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]</div>
<div>2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]</div>
<div>2018-10-25 09:32:11,994 TRACE [org.geoserver.ows.OWSHandlerMapping] - No handler mapping found for [/wms]</div>
<div>2018-10-25 09:32:11,994 DEBUG [org.geoserver.ows.OWSHandlerMapping] - Mapping [/wms] to HandlerExecutionChain with handler [<a href="mailto:org.geoserver.ows.Dispatcher@7a6b2128">org.geoserver.ows.Dispatcher@7a6b2128</a>] and 1 interceptor</div>
<div>2018-10-25 09:32:11,998 INFO [org.geoserver.wms] - </div>
<div>Request: getServiceInfo</div>
<div>2018-10-25 09:32:11,999 INFO [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] starting, processing through flow controllers</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller BasicOWSController(wfs.getfeature.=application/msexcel,<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@59ed6e35">org.geoserver.flow.controller.SimpleThreadBlocker@59ed6e35</a>)</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller BasicOWSController(wfs.getfeature.=application/msexcel,<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@59ed6e35">org.geoserver.flow.controller.SimpleThreadBlocker@59ed6e35</a>)</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller
<a href="mailto:org.geoserver.flow.controller.UserConcurrentFlowController@34ca61af">
org.geoserver.flow.controller.UserConcurrentFlowController@34ca61af</a></div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - UserFlowController(6,GS_CFLOW_-7151e4b2:166875a40f3:-7ff8) queue size 1</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - UserFlowController(6,GS_CFLOW_-7151e4b2:166875a40f3:-7ff8) total queues 1</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller
<a href="mailto:org.geoserver.flow.controller.UserConcurrentFlowController@34ca61af">
org.geoserver.flow.controller.UserConcurrentFlowController@34ca61af</a></div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller BasicOWSController(wms.getmap,<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@8d6e42f">org.geoserver.flow.controller.SimpleThreadBlocker@8d6e42f</a>)</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller BasicOWSController(wms.getmap,<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@8d6e42f">org.geoserver.flow.controller.SimpleThreadBlocker@8d6e42f</a>)</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller BasicOWSController(gwc,<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@2b97e67c">org.geoserver.flow.controller.SimpleThreadBlocker@2b97e67c</a>)</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller BasicOWSController(gwc,<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@2b97e67c">org.geoserver.flow.controller.SimpleThreadBlocker@2b97e67c</a>)</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] checking flow controller GlobalFlowController(<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@1939b9fd">org.geoserver.flow.controller.SimpleThreadBlocker@1939b9fd</a>)</div>
<div>2018-10-25 09:32:11,999 DEBUG [org.geoserver.flow] - Request [WMS 1.3.0 GetCapabilities] passed flow controller GlobalFlowController(<a href="mailto:org.geoserver.flow.controller.SimpleThreadBlocker@1939b9fd">org.geoserver.flow.controller.SimpleThreadBlocker@1939b9fd</a>)</div>
<div>2018-10-25 09:32:11,999 INFO [org.geoserver.flow] - Request control-flow performed, running requests: 1, blocked requests: 0</div>
<div>2018-10-25 09:32:12,000 INFO [org.geoserver.wms] - </div>
<div>Request: getCapabilities</div>
<div>BaseUrl = <a href="http://geonode:80/geoserver/">http://geonode:80/geoserver/</a></div>
<div>Get = false</div>
<div>Namespace = null</div>
<div>RawKvp = {REQUEST=GetCapabilities, SERVICE=WMS}</div>
<div>Request = GetCapabilities</div>
<div>RequestCharset = null</div>
<div>UpdateSequence = null</div>
<div>Version = 1.3.0</div>
<div>2018-10-25 09:32:12,007 DEBUG [org.geoserver.wms.capabilities] - producing a capabilities document for GetCapabilities [service: WMS, version: 1.3.0]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Layer layer2</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Resource layer2</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - ResourceInfo filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer2"+]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer2"+]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning mode HIDE for resource FeatureTypeInfoImpl[layer2]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning VectorAccessLimits [readAttributes=null, writeAttributes=null, writeFilter=Filter.EXCLUDE, readFilter=Filter.EXCLUDE, mode=HIDE] for layer geonode:layer2 and user null</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for workspace geonode</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting admin auth for Workspace geonode</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - AdminAuth filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - AdminAuth Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Admin auth for User: Workspace:geonode: false</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Layer layer1</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for Resource layer1</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - ResourceInfo filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer1"+]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence.cache] - Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:"WMS"+ req:"GETCAPABILITIES"+ ws:"geonode"+ layer:"layer1"+]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning mode HIDE for resource FeatureTypeInfoImpl[layer1]</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Returning VectorAccessLimits [readAttributes=null, writeAttributes=null, writeFilter=Filter.EXCLUDE, readFilter=Filter.EXCLUDE, mode=HIDE] for layer geonode:layer1 and user null</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting access limits for workspace geonode</div>
<div>2018-10-25 09:32:12,009 DEBUG [org.geoserver.geofence] - Getting admin auth for Workspace geonode</div>
<div>2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence] - AdminAuth filter: RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]</div>
<div>2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence.cache] - AdminAuth Request for RuleFilter[user:DEFAULT role:ANY inst:name+:default-gs ip:"172.20.0.5"+ serv:ANY req:ANY ws:"geonode"+ layer:ANY]</div>
<div>2018-10-25 09:32:12,010 DEBUG [org.geoserver.geofence] - Admin auth for User: Workspace:geonode: false</div>
<div>2018-10-25 09:32:12,010 DEBUG [org.geoserver.wms.capabilities] - Collecting summarized latlonbbox and common SRS...</div>
<div>2018-10-25 09:32:12,010 DEBUG [org.geoserver.wms.capabilities] - Summarized LatLonBBox is Env[0.0 : -1.0, 0.0 : -1.0]</div>
<div>2018-10-25 09:32:12,018 DEBUG [org.geoserver.filters] - Compressing output for mimetype: text/xml</div>
<div>2018-10-25 09:32:12,023 INFO [org.geoserver.flow] - releasing flow controllers for [WMS 1.3.0 GetCapabilities]</div>
<div>2018-10-25 09:32:12,023 INFO [org.geoserver.flow] - Request completed, running requests: 0, blocked requests: 0</div>
<div>2018-10-25 09:32:12,024 DEBUG [org.geoserver.monitor.OpenSessionInViewFilter] - Closing single Hibernate Session in OpenSessionInViewFilter</div>
<div>2018-10-25 09:32:12,024 DEBUG [org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed</div>
<div>2018-10-25 09:32:48,595 DEBUG [org.geoserver.wps] - Removing statuses matching [[[ NOT [ completionTime IS NULL ] ] AND [ completionTime Before 2018-10-25T09:12Z ]] AND [[ NOT [ lastUpdated IS NULL ] ] AND [ lastUpdated Before 2018-10-25T09:12Z ]]]</div>
<div></div>
<div></div>
</body>
</html>