You need to look in the GeoServer log file to find out what's gone wrong. You really need to add some more detail as to how you put the roles into PostGresql
Ian On Tue, 9 Mar 2021 at 05:52, krishna lodha <krishnaglo...@gmail.com> wrote: > Hi, I tested the solution https://gis.stackexchange.com/a/388940/79 mentioned > here, it works perfectly fine as long as roles are Default when I tried to > put roles in PG as well, it gives me HTTP error 500 for the users. > What should I do? > [image: Screenshot 2021-03-09 at 11.20.20 AM.png] > > On Sat, Mar 6, 2021 at 4:20 AM Vera Green <vera.green...@gmail.com> wrote: > >> Absolutely. We use PG to control authentication across our entire system. >> This includes authenticated WMS calls to geoServer. It's critical for us. >> >> On Wed., Mar. 3, 2021, 11:01 a.m. Andrea Aime, < >> andrea.a...@geo-solutions.it> wrote: >> >>> Each of those source file has an author tag, they all say: >>> >>> @author christian >>> >>> About a reason to do so, database centric security can be a reason. A >>> system where the access restrictions are enforced >>> at the relational database level. In that case, you want to authenticate >>> using database users, and then use impersonation >>> to connect to the database as that user, while fetching data: >>> >>> https://docs.geoserver.org/latest/en/user/data/database/sqlsession.html#data-sqlsession >>> >>> Cheers >>> Andrea >>> >>> >>> On Wed, Mar 3, 2021 at 6:52 PM Ian Turton <ijtur...@gmail.com> wrote: >>> >>>> So who did write it? I'm still trying to come up with a reason to let >>>> my database users log into geoserver. >>>> >>>> Ian >>>> >>>> On Wed, 3 Mar 2021, 17:39 Andrea Aime, <andrea.a...@geo-solutions.it> >>>> wrote: >>>> >>>>> Quoting from stack overflow: "After much head scratching and asking >>>>> the guys who wrote this stuff on the users mailing list" >>>>> >>>>> Hell no, I had nothing to do with those modules! :-D >>>>> >>>>> Cheers >>>>> Andrea >>>>> >>>>> On Wed, Mar 3, 2021 at 6:35 PM Ian Turton <ijtur...@gmail.com> wrote: >>>>> >>>>>> Thanks to everyone for their help on this I have finally got my head >>>>>> around it and have added an answer to the gis.stackoverflow question I >>>>>> linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I >>>>>> get some time over the weekend I'll see if I can try to make the >>>>>> documentation clearer. >>>>>> >>>>>> Ian >>>>>> >>>>>> On Wed, 3 Mar 2021 at 15:03, Andrea Aime < >>>>>> andrea.a...@geo-solutions.it> wrote: >>>>>> >>>>>>> Hi Ian, >>>>>>> the role handling is a third class: >>>>>>> >>>>>>> [image: image.png] >>>>>>> >>>>>>> 1: authentication via database users (tries to connect to the >>>>>>> database using the username/password provided in the request) >>>>>>> 2: authentication via table contents (looks up a user with the same >>>>>>> name provided in the request, and verifies the password) >>>>>>> 3: adds role to a given user, after it has been authenticated >>>>>>> >>>>>>> Cheers >>>>>>> Andrea >>>>>>> >>>>>>> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton <ijtur...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, 3 Mar 2021 at 13:33, Andrea Aime < >>>>>>>> andrea.a...@geo-solutions.it> wrote: >>>>>>>> >>>>>>>>> Hi Ian, >>>>>>>>> there are both functionalities, they are separate classes and are >>>>>>>>> configured in a different way: >>>>>>>>> >>>>>>>>> >>>>>>>>> - Authenticating using the database own users: >>>>>>>>> >>>>>>>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html >>>>>>>>> - Storing credentials in the database, use the table contents >>>>>>>>> for authentication: >>>>>>>>> >>>>>>>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html >>>>>>>>> >>>>>>>>> >>>>>>>> I think (and I may be wrong) that this one only assigns a role to a >>>>>>>> postgres user (that is why you can set the password field to empty) - >>>>>>>> if >>>>>>>> it was intended to work that way I can try to find some time to debug >>>>>>>> it >>>>>>>> (when I finish this course). >>>>>>>> >>>>>>>> >>>>>>>> Back when we wrote the training material they were both working, >>>>>>>>> not sure about the present. >>>>>>>>> >>>>>>>> >>>>>>>> I'm pretty sure it used to work (when I wrote my training notes >>>>>>>> too) but it's been a while since I had a trainee choose the JDBC path >>>>>>>> instead of the LDAP path through the course (we have a lot of windows >>>>>>>> users) so I can't recall for sure (and if I used ian as my test user >>>>>>>> then >>>>>>>> it would have worked as I have a DB login). >>>>>>>> >>>>>>>> >>>>>>>>> Just a note, one has to be very careful when using the auth >>>>>>>>> subsystem, many options, lots of complexity. I know I curse every >>>>>>>>> time :-D >>>>>>>>> >>>>>>>> >>>>>>>> Oh, yes that is for sure! >>>>>>>> >>>>>>>> Ian >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Cheers >>>>>>>>> Andrea >>>>>>>>> >>>>>>>>> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton <ijtur...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Just to check before I break out the debugger: >>>>>>>>>> >>>>>>>>>> When you use JDBC Authentication can it allow any user you create >>>>>>>>>> in GeoServer (which get written in then tables) login in or does it >>>>>>>>>> only >>>>>>>>>> allow the user used for the postgis connection (or other postgis >>>>>>>>>> users) to >>>>>>>>>> log in? >>>>>>>>>> >>>>>>>>>> It seems like this is a bug, but I may just be missing something >>>>>>>>>> (and I think I'm not the only one >>>>>>>>>> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem >>>>>>>>>> ) >>>>>>>>>> >>>>>>>>>> I'd be interested if any one is successfully using JDBC >>>>>>>>>> authentication in the wild? >>>>>>>>>> >>>>>>>>>> Cheers >>>>>>>>>> >>>>>>>>>> Ian >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Ian Turton >>>>>>>>>> _______________________________________________ >>>>>>>>>> Geoserver-users mailing list >>>>>>>>>> >>>>>>>>>> Please make sure you read the following two resources before >>>>>>>>>> posting to this list: >>>>>>>>>> - Earning your support instead of buying it, but Ian Turton: >>>>>>>>>> http://www.ianturton.com/talks/foss4g.html#/ >>>>>>>>>> - The GeoServer user list posting guidelines: >>>>>>>>>> http://geoserver.org/comm/userlist-guidelines.html >>>>>>>>>> >>>>>>>>>> If you want to request a feature or an improvement, also see >>>>>>>>>> this: >>>>>>>>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Geoserver-users@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Regards, Andrea Aime >>>>>>>>> >>>>>>>>> == GeoServer Professional Services from the experts! Visit >>>>>>>>> http://goo.gl/it488V for more information. == Ing. Andrea Aime >>>>>>>>> @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A >>>>>>>>> 55054 >>>>>>>>> Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 >>>>>>>>> 339 >>>>>>>>> 8844549 http://www.geo-solutions.it >>>>>>>>> http://twitter.com/geosolutions_it >>>>>>>>> ------------------------------------------------------- *Con >>>>>>>>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE >>>>>>>>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>>>>>>>> precisa che ogni circostanza inerente alla presente email (il suo >>>>>>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>>>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>>>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>>>>>> operazione è illecita. Le sarei comunque grato se potesse darmene >>>>>>>>> notizia. >>>>>>>>> This email is intended only for the person or entity to which it is >>>>>>>>> addressed and may contain information that is privileged, >>>>>>>>> confidential or >>>>>>>>> otherwise protected from disclosure. We remind that - as provided by >>>>>>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use >>>>>>>>> of this >>>>>>>>> e-mail or the information herein by anyone other than the intended >>>>>>>>> recipient is prohibited. If you have received this email by mistake, >>>>>>>>> please >>>>>>>>> notify us immediately by telephone or e-mail.* >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Ian Turton >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Regards, Andrea Aime >>>>>>> >>>>>>> == GeoServer Professional Services from the experts! Visit >>>>>>> http://goo.gl/it488V for more information. == Ing. Andrea Aime >>>>>>> @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 >>>>>>> Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 >>>>>>> 8844549 http://www.geo-solutions.it >>>>>>> http://twitter.com/geosolutions_it >>>>>>> ------------------------------------------------------- *Con >>>>>>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE >>>>>>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>>>>>> precisa che ogni circostanza inerente alla presente email (il suo >>>>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>>>> operazione è illecita. Le sarei comunque grato se potesse darmene >>>>>>> notizia. >>>>>>> This email is intended only for the person or entity to which it is >>>>>>> addressed and may contain information that is privileged, confidential >>>>>>> or >>>>>>> otherwise protected from disclosure. We remind that - as provided by >>>>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>>>> this >>>>>>> e-mail or the information herein by anyone other than the intended >>>>>>> recipient is prohibited. If you have received this email by mistake, >>>>>>> please >>>>>>> notify us immediately by telephone or e-mail.* >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Ian Turton >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Regards, Andrea Aime >>>>> >>>>> == GeoServer Professional Services from the experts! Visit >>>>> http://goo.gl/it488V for more information. == Ing. Andrea Aime >>>>> @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 >>>>> Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 >>>>> 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it >>>>> ------------------------------------------------------- *Con >>>>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE >>>>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>>>> precisa che ogni circostanza inerente alla presente email (il suo >>>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>>>> This email is intended only for the person or entity to which it is >>>>> addressed and may contain information that is privileged, confidential or >>>>> otherwise protected from disclosure. We remind that - as provided by >>>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of >>>>> this >>>>> e-mail or the information herein by anyone other than the intended >>>>> recipient is prohibited. If you have received this email by mistake, >>>>> please >>>>> notify us immediately by telephone or e-mail.* >>>>> >>>> >>> >>> -- >>> >>> Regards, Andrea Aime >>> >>> == GeoServer Professional Services from the experts! Visit >>> http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf >>> Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa >>> (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 >>> http://www.geo-solutions.it http://twitter.com/geosolutions_it >>> ------------------------------------------------------- *Con >>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE >>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>> precisa che ogni circostanza inerente alla presente email (il suo >>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>> This email is intended only for the person or entity to which it is >>> addressed and may contain information that is privileged, confidential or >>> otherwise protected from disclosure. We remind that - as provided by >>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this >>> e-mail or the information herein by anyone other than the intended >>> recipient is prohibited. If you have received this email by mistake, please >>> notify us immediately by telephone or e-mail.* >>> _______________________________________________ >>> Geoserver-users mailing list >>> >>> Please make sure you read the following two resources before posting to >>> this list: >>> - Earning your support instead of buying it, but Ian Turton: >>> http://www.ianturton.com/talks/foss4g.html#/ >>> - The GeoServer user list posting guidelines: >>> http://geoserver.org/comm/userlist-guidelines.html >>> >>> If you want to request a feature or an improvement, also see this: >>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>> >>> >>> Geoserver-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>> >> _______________________________________________ >> Geoserver-users mailing list >> >> Please make sure you read the following two resources before posting to >> this list: >> - Earning your support instead of buying it, but Ian Turton: >> http://www.ianturton.com/talks/foss4g.html#/ >> - The GeoServer user list posting guidelines: >> http://geoserver.org/comm/userlist-guidelines.html >> >> If you want to request a feature or an improvement, also see this: >> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >> >> >> Geoserver-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> > > > -- > Thank you, > Krishna G. Lodha > http://krishnaglodha.com > -- Ian Turton
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
