Re: [Geoserver-users] Virtual Services, Resources and Proxy
Thanks for the hint, Andrea. I've changed the mapping class in
main.jar/applicationContext.xml and added "/openlayers/**" like this:
filePublisher
filePublisher
filePublisher
Now, when requesting "/nurc/www/openlayers/theme/default/style.css" the
response is a 404 and the logs says:
05 Mar 17:01:31 TRACE [ows.OWSHandlerMapping] - No handler mapping found
for [/nurc/www/openlayers/theme/default/style.css]
05 Mar 17:01:31 DEBUG [ows.OWSHandlerMapping] - Matching patterns for
request [/www/openlayers/theme/default/style.css] are [/www/**]
05 Mar 17:01:31 DEBUG [ows.OWSHandlerMapping] - URI Template variables for
request [/www/openlayers/theme/default/style.css] are {}
05 Mar 17:01:31 DEBUG [ows.OWSHandlerMapping] - Mapping
[/nurc/www/openlayers/theme/default/style.css] to HandlerExecutionChain
with handler [org.geoserver.ows.FilePublisher@6fdd647a] and 1 interceptor
05 Mar 17:01:31 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1]
- SecurityContextHolder now cleared, as request processing completed
It looks like the the OWSHandlerMapping class strips the workspace name
(line 2) from the request but than maps the full name with workspace name
to the FilePublisher (line 4). I've also tested
"/nurc/openlayers/theme/default/style.css" with similar result. Furthermore
I've copied the www/openlayers directory to workspaces/nurc/openlayers and
workspaces/nurc/www/openlayers for test purposes but get back a 404 as well.
Am I missing something?
Regards, Torsten
On Tue, Mar 5, 2013 at 9:40 AM, Andrea Aime wrote:
> On Mon, Mar 4, 2013 at 4:36 PM, thegis wrote:
>
>> As we like to keep using virtual service behind a proxy, I was wondering
>> if the global contexts (or at least a subset) could additionally be
>> published below the virtual services contexts, e.g. throught the dispatcher
>> servlet or web.xml?
>>
>
> The resources you're citing are served directly from the classpath using
> the FilePublisher class, which is bound
> to them in the spring context.
> In order to have that work also for virtual workspaces I guess some sort I
> guess the url mappings
> in the spring context for the classpathPublisher should also use the
> GeoServer custom
> org.geoserver.ows.OWSHandlerMapping instead of Spring's own
> org.springframework.web.servlet.handler.SimpleUrlHandlerMapping
>
> The change would likely have to happen in main module,
> applicationContext.xml, around line 150 to 170.
> However, I'm not sure if there are any side effects from doing that.
>
> Cheers
> Andrea
>
>
> --
> ==
> Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
> information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> ---
>
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb___
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
[Geoserver-users] Virtual Services, Resources and Proxy
Hi, We ran into issues with our setup and were wondering if anyone has tried something similar and has a solutions to the problem. We use a proxy in front of our GeoServer instance(s), disabled Global Services and only allow access to our virtual service base url (geoserver/virtual/*) through our proxy access rules. This work quite good for standard use cases. However some resources such as schemas and Openlayers (maybe others as well?) are not available below the virtual base url but only under the global context. As a result at least the schema links in response documents and the application/openlayers output format for virtual WMS is not working due to 404 errors on at least: geoserver/virtual/openlayers/OpenLayers.js geoserver/virtual/options.png geoserver/virtual/www/inspire_vs.xsd geoserver/virtual/schemas/wms/1.3.0/exceptions_1_3_0.xsd The log is full of "No Mapping found for HTTP request with URI ..." warnings. To reproduce this behavior, use the plain geoserver-2.3-RC1 war, goto workspaces, select any workspace, enable settings, enter any proxy url ( http://whatever/virtual) and then open the openlayers preview for any datasets in this workspace. You will see in the page source that the Openlayers.js is requested from http://whatever/virtual/openlayers/Openlayers.js. As we like to keep using virtual service behind a proxy, I was wondering if the global contexts (or at least a subset) could additionally be published below the virtual services contexts, e.g. throught the dispatcher servlet or web.xml? Any help or comments are welcome! Regards, Torsten -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb___ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 JDBC authentication provider for Informix
Done, see http://jira.codehaus.org/browse/GEOS-5063 On Thu, Apr 19, 2012 at 11:12 AM, wrote: > Can you open a JIRA issue describing the problem. I can imagine to offer > both possibilities on the GUI, having a drop box showing all detected > drivers and alternatively an entry field for the class name. Obviously, this > is needed to support Informix. > > > Zitat von thegis : > > >> Hi Christian, >> >> Thanks for your help and tests. Unfortunately I cannot test >> authentication on another database. Informix is not crucial for us, >> but it would still be nice support it through the new security system. >> >> Looking at the Informix docs, it seems that the driver needs to be >> discovered through Class.forName [1] and instantiated with >> DriverManager.getConnection(url) [2]. >> >> [1] >> http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.jdbc_pg.doc/jdbc51.htm >> [2] >> http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.jdbc_pg.doc/jdbc48.htm >> >> Cheers, Torsten >> >> On Thu, Apr 19, 2012 at 8:31 AM, wrote: >>> >>> Hi thegis, I did some tests. >>> >>> In my environment I have installed the following drivers. >>> >>> oracle >>> db2 >>> h2 >>> postgres >>> mysql >>> hsqld >>> ms sqlserver >>> jdbc.odbc bridge >>> >>> I get all this drivers in the combo box. >>> >>> I downloaded the informix driver and interestingly, this is the only one >>> NOT >>> appearing in the list. >>> >>> No idea what is going on. Could you choose another database for your >>> tests ? >>> >>> Christian >>> >>> Zitat von thegis : >>> >>> >>>>>> The question is therefore how to add an additional JDBC driver so that >>>>>> it can be selected with the "New Authentication Provider" page? >>>> >>>> >>>> >>>>> The panel used DriverManager.getDrivers to find available jdbc drivers. >>>>> >>>>> 1) Where did you download, I found the drivers here >>>>> >>>>> http://www14.software.ibm.com/webapp/download/search.jsp?go=y&rs=ifxjdbc >>>>> >>>>> 2) try to put the jar file(s) into JAVA_HOME/jre/lib/ext directory of >>>>> the >>>>> java installation used by geoserver. >>>> >>>> >>>> >>>> Thanks Christian, I've tried with an old driver (3.00) and later with >>>> the latest version (3.70) from 1), installed it and copied all jar's >>>> to JAVA_HOME/jre/lib/ext. The ext folder now contains the following >>>> jars: ifxjdbc.jar ifxjdbcx.jar ifxlang.jar ifxlsupp.jar >>>> ifxsqlj.jar ifxtools.jar >>>> >>>> Unfortunately that didn't seem to work as the IfxDriver is still not >>>> shown in the driver class dropdown box.. >>>> >>>> I've tried with Java 1.7 and 1.6 and also added >>>> META-INF/services/java.sql.Driver to the jars in case they are needed >>>> for the discovery through DriverManager.getDrivers. But that didn't >>>> worked either. Any other ideas? >>>> >>> >>> >>> >>> >>> This message was sent using IMP, the Internet Messaging Program. >>> >>> >> > > > > > This message was sent using IMP, the Internet Messaging Program. > -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 JDBC authentication provider for Informix
Hi Christian, Thanks for your help and tests. Unfortunately I cannot test authentication on another database. Informix is not crucial for us, but it would still be nice support it through the new security system. Looking at the Informix docs, it seems that the driver needs to be discovered through Class.forName [1] and instantiated with DriverManager.getConnection(url) [2]. [1] http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.jdbc_pg.doc/jdbc51.htm [2] http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.jdbc_pg.doc/jdbc48.htm Cheers, Torsten On Thu, Apr 19, 2012 at 8:31 AM, wrote: > Hi thegis, I did some tests. > > In my environment I have installed the following drivers. > > oracle > db2 > h2 > postgres > mysql > hsqld > ms sqlserver > jdbc.odbc bridge > > I get all this drivers in the combo box. > > I downloaded the informix driver and interestingly, this is the only one NOT > appearing in the list. > > No idea what is going on. Could you choose another database for your tests ? > > Christian > > Zitat von thegis : > > >>>> The question is therefore how to add an additional JDBC driver so that >>>> it can be selected with the "New Authentication Provider" page? >> >> >>> The panel used DriverManager.getDrivers to find available jdbc drivers. >>> >>> 1) Where did you download, I found the drivers here >>> http://www14.software.ibm.com/webapp/download/search.jsp?go=y&rs=ifxjdbc >>> >>> 2) try to put the jar file(s) into JAVA_HOME/jre/lib/ext directory of the >>> java installation used by geoserver. >> >> >> Thanks Christian, I've tried with an old driver (3.00) and later with >> the latest version (3.70) from 1), installed it and copied all jar's >> to JAVA_HOME/jre/lib/ext. The ext folder now contains the following >> jars: ifxjdbc.jar ifxjdbcx.jar ifxlang.jar ifxlsupp.jar >> ifxsqlj.jar ifxtools.jar >> >> Unfortunately that didn't seem to work as the IfxDriver is still not >> shown in the driver class dropdown box.. >> >> I've tried with Java 1.7 and 1.6 and also added >> META-INF/services/java.sql.Driver to the jars in case they are needed >> for the discovery through DriverManager.getDrivers. But that didn't >> worked either. Any other ideas? >> > > > > > This message was sent using IMP, the Internet Messaging Program. > > -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 JDBC authentication provider for Informix
>> The question is therefore how to add an additional JDBC driver so that >> it can be selected with the "New Authentication Provider" page? > The panel used DriverManager.getDrivers to find available jdbc drivers. > > 1) Where did you download, I found the drivers here > http://www14.software.ibm.com/webapp/download/search.jsp?go=y&rs=ifxjdbc > > 2) try to put the jar file(s) into JAVA_HOME/jre/lib/ext directory of the > java installation used by geoserver. Thanks Christian, I've tried with an old driver (3.00) and later with the latest version (3.70) from 1), installed it and copied all jar's to JAVA_HOME/jre/lib/ext. The ext folder now contains the following jars: ifxjdbc.jar ifxjdbcx.jar ifxlang.jar ifxlsupp.jar ifxsqlj.jar ifxtools.jar Unfortunately that didn't seem to work as the IfxDriver is still not shown in the driver class dropdown box.. I've tried with Java 1.7 and 1.6 and also added META-INF/services/java.sql.Driver to the jars in case they are needed for the discovery through DriverManager.getDrivers. But that didn't worked either. Any other ideas? -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 LDAP on active directory
> Hi, could you please send a stack trace concerning your jdbc problems ? Actually I have no stack trace as I am unable to specify an Informix JDBC driver on the "New Authentication Provider" page (Authentication->Add New Authetication Provider -> JDBC -> Driver class). The only supported drivers are: odbc,postgres,hsql,h2. Even if I add the Informix JDBC jar to WEB-INF/lib.. The question is therefore how to add an additional JDBC driver so that it can be selected with the "New Authentication Provider" page? -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 LDAP on active directory
> Interesting. I thought role lookup did a bind as the previously > authenticated user first but perhaps not... i will have to look into this to > verify. Can you open a jira for this? Done, see http://jira.codehaus.org/browse/GEOS-5054. A bit off-topic, but can you explain how to configure JDBC authentication on an Informix DB? I've tried to drop the Informix JDBC JAR (with META-INF/services/java.sql.Driver) in Geoserver's WEB-INF/lib folder in order to select Informix from the JDBC authentication panel. But that doesn't seems to work.. Any thoughts? -- Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev ___ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 LDAP on active directory
Ok, thanks Justin. The filter looks good when using member={1}, see
[1]. However, I've got the same servlet exception as before:
javax.naming.NamingException: [LDAP: error code 1 - : LdapErr:
DSID-0C090627, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, vece];
remaining name 'ou=groups'
Actually, this error seems to indicates that Spring should bind to the
LDAP server before doing the role search. I've checked our active
directory server and as in [2] it does now allow anonymous searches.
Maybe Geoserver does not bind/authenticate to LDAP when doing the role lookup?
Cheers, Torsten
[1] Login with LDAP groups enabled and member={1} filter:
2012-04-17 13:36:00,541 DEBUG
[authentication.UsernamePasswordAuthenticationFilter] - Request is to
process authentication
2012-04-17 13:36:00,541 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.auth.GeoServerRootAuthenticationProvider
2012-04-17 13:36:00,541 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.auth.UsernamePasswordAuthenticationProvider
2012-04-17 13:36:00,541 DEBUG [dao.DaoAuthenticationProvider] -
Authentication failed: password does not match stored value
2012-04-17 13:36:00,542 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.ldap.LDAPAuthenticationProvider
2012-04-17 13:36:00,542 DEBUG
[authentication.LdapAuthenticationProvider] - Processing
authentication request for user: testuser
2012-04-17 13:36:00,542 DEBUG [authentication.BindAuthenticator] -
Attempting to bind as
cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-17 13:36:00,542 DEBUG [support.AbstractContextSource] - Using
LDAP pooling.
2012-04-17 13:36:00,542 DEBUG [support.AbstractContextSource] - Trying
provider Urls: ldap://server:389/dc=pany,dc=com
2012-04-17 13:36:00,542 DEBUG
[ldap.DefaultSpringSecurityContextSource] - Removing pooling flag for
user cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-17 13:36:00,577 DEBUG [support.AbstractContextSource] - Got
Ldap context on server 'ldap://server:389/dc=pany,dc=com'
2012-04-17 13:36:00,577 DEBUG [authentication.BindAuthenticator] -
Retrieving attributes...
2012-04-17 13:36:00,622 DEBUG
[userdetails.DefaultLdapAuthoritiesPopulator] - Getting authorities
for user cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-17 13:36:00,622 DEBUG
[userdetails.DefaultLdapAuthoritiesPopulator] - Searching for roles
for user 'testuser', DN =
'cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com', with filter
member={1} in search base 'OU=groups,OU=path-to-groups,dc=pany,dc=com'
2012-04-17 13:36:00,622 DEBUG [ldap.SpringSecurityLdapTemplate] -
Using filter: member=testuser
2012-04-17 13:36:00,622 INFO [core.LdapTemplate] - The returnObjFlag
of supplied SearchControls is not set but a ContextMapper is used -
setting flag to true
2012-04-17 13:36:00,623 WARN
[authentication.SpringSecurityAuthenticationSource] - No
Authentication object set in SecurityContext - returning empty String
as Principal
2012-04-17 13:36:00,623 WARN
[authentication.SpringSecurityAuthenticationSource] - No
Authentication object set in SecurityContext - returning empty String
as Credentials
2012-04-17 13:36:00,623 DEBUG [support.AbstractContextSource] - Using
LDAP pooling.
2012-04-17 13:36:00,623 DEBUG [support.AbstractContextSource] - Trying
provider Urls: ldap://server:389/dc=pany,dc=com
2012-04-17 13:36:00,654 DEBUG [support.AbstractContextSource] - Got
Ldap context on server 'ldap://server:389/dc=pany,dc=com'
2012-04-17 13:36:00,669 DEBUG
[context.HttpSessionSecurityContextRepository] - SecurityContext is
empty or contents are anonymous - context will not be stored in
HttpSession.
2012-04-17 13:36:00,669 DEBUG
[context.SecurityContextPersistenceFilter] - SecurityContextHolder now
cleared, as request processing completed
[2]
http://stackoverflow.com/questions/5255158/spring-ldap-bind-for-successfull-connection
--
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
___
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 LDAP on active directory
> What happens upon login exactly? Does authentication fail? Or are you logged > in with no privileges? Upon login Tomcat response with a servlet exception page (javax.naming.NamingException) with the LDAP error message above. So yeah, authentication failed and I am not logged in. Not sure but shouldn't the filter Spring is using look like "..Using filter: member=testuser" instead of the following? 2012-04-12 17:23:34,455 DEBUG [ldap.SpringSecurityLdapTemplate] - Using filter: member=cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com When I am back at office next week, I'll try to leave the group filter emtpy so we can see if this makes any difference. -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] Geoserver 2.2-beta1 LDAP on active directory
On Thu, Apr 12, 2012 at 5:06 PM, Justin Deoliveira wrote:
> Cool, thank you that does help.
>
> So I assume you have the "Use ldap groups for authentication" unchecked? If
> so what you have to do is actually redine a user with the same name in the
> default user group service. So add a new user named "testuser" in the
> default user group service. You can specify a dummy password or on the user
> group service settngs set password encoding to "empty" and then you can
> specify no password for the new user.
>
> We hope to improve on this soon and just have an specific ldap user group
> service directly.
>
> An alternative is to check the the "Use ldap groups for authentication"
> checkbox on the ldap server config and then you won't have to redefine the
> user, but you won't be able to assign any custom roles to that user. This is
> somewhat documented here:
>
> http://docs.geoserver.org/latest/en/user/security/auth/providers.html#role-assignment
>
Thanks for your explanation!
It works when not using LDAP groups/roles and defining a local user
with the same name as the one in LDAP. This is somewhat hard to
maintain but will work for now, especially if there will be a ldap
user group service later on.
It does not work when using LDAP groups/roles to authenticate. I'll
try to figure out why next week, below is just a dump of the exception
and log. I've use these group settings:
group search base: OU=groups,OU=path-to-group
group search filter: member={0}
Cheers,
Torsten
Servlet Exception:
javax.naming.NamingException: [LDAP: error code 1 - : LdapErr:
DSID-0C090627, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, vece];
remaining name 'OU=groups,OU=path-to-group'
Geoserver log of login with ldap groups:
2012-04-12 17:23:34,398 DEBUG [util.AntPathRequestMatcher] - Checking
match of request : '/j_spring_security_check'; against '/web/**'
2012-04-12 17:23:34,398 DEBUG [util.AntPathRequestMatcher] - Checking
match of request : '/j_spring_security_check'; against
'/gwc/rest/web/**'
2012-04-12 17:23:34,398 DEBUG [util.AntPathRequestMatcher] - Checking
match of request : '/j_spring_security_check'; against
'/j_spring_security_check'
2012-04-12 17:23:34,398 DEBUG [web.FilterChainProxy] -
/j_spring_security_check at position 1 of 2 in additional filter
chain; firing Filter: 'GeoServerSecurityContextPersistenceFilter'
2012-04-12 17:23:34,398 DEBUG
[context.HttpSessionSecurityContextRepository] - HttpSession returned
null object for SPRING_SECURITY_CONTEXT
2012-04-12 17:23:34,398 DEBUG
[context.HttpSessionSecurityContextRepository] - No SecurityContext
was available from the HttpSession:
org.apache.catalina.session.StandardSessionFacade@3d339c48. A new one
will be created.
2012-04-12 17:23:34,399 DEBUG [web.FilterChainProxy] -
/j_spring_security_check at position 2 of 2 in additional filter
chain; firing Filter: 'GeoServerUserNamePasswordAuthenticationFilter'
2012-04-12 17:23:34,399 DEBUG
[authentication.UsernamePasswordAuthenticationFilter] - Request is to
process authentication
2012-04-12 17:23:34,399 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.auth.GeoServerRootAuthenticationProvider
2012-04-12 17:23:34,399 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.ldap.LDAPAuthenticationProvider
2012-04-12 17:23:34,400 DEBUG
[authentication.LdapAuthenticationProvider] - Processing
authentication request for user: testuser
2012-04-12 17:23:34,402 DEBUG [authentication.BindAuthenticator] -
Attempting to bind as
cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-12 17:23:34,403 DEBUG [support.AbstractContextSource] - Using
LDAP pooling.
2012-04-12 17:23:34,403 DEBUG [support.AbstractContextSource] - Trying
provider Urls: ldap://server:389/dc=pany,dc=com
2012-04-12 17:23:34,403 DEBUG
[ldap.DefaultSpringSecurityContextSource] - Removing pooling flag for
user cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-12 17:23:34,423 DEBUG [support.AbstractContextSource] - Got
Ldap context on server 'ldap://server:389/dc=pany,dc=com'
2012-04-12 17:23:34,424 DEBUG [authentication.BindAuthenticator] -
Retrieving attributes...
2012-04-12 17:23:34,454 DEBUG
[userdetails.DefaultLdapAuthoritiesPopulator] - Getting authorities
for user cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-12 17:23:34,455 DEBUG
[userdetails.DefaultLdapAuthoritiesPopulator] - Searching for roles
for user 'testuser', DN =
'cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com', with filter
member={0} in search base 'OU=groups,OU=path-to-groups'
2012-04-12 17:23:34,455 DEBUG [ldap.SpringSecurityLdapTemplate] -
Using filter: member=cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-12 17:23:34,459 INFO [core.LdapTemplate] - The returnObjFlag
of supplied SearchControls is not set but a ContextMapper is used -
setting flag to true
2012-04-12 17:23:34,464 WARN
[authentic
Re: [Geoserver-users] Geoserver 2.2-beta1 LDAP on active directory
G
[authentication.LdapAuthenticationProvider] - Processing
authentication request for user: testuser
2012-04-12 11:28:54,712 DEBUG [authentication.BindAuthenticator] -
Attempting to bind as cn=testuser,ou=user,dc=c,dc=b,dc=a
2012-04-12 11:28:54,713 DEBUG [support.AbstractContextSource] - Using
LDAP pooling.
2012-04-12 11:28:54,713 DEBUG [support.AbstractContextSource] - Trying
provider Urls: ldap://server:389/dc=c,dc=b,dc=a
2012-04-12 11:28:54,713 DEBUG
[ldap.DefaultSpringSecurityContextSource] - Removing pooling flag for
user cn=testuser,ou=user,dc=c,dc=b,dc=a
2012-04-12 11:28:54,771 DEBUG [support.AbstractContextSource] - Got
Ldap context on server 'ldap://server:389/dc=c,dc=b,dc=a'
2012-04-12 11:28:54,771 DEBUG [authentication.BindAuthenticator] -
Retrieving attributes...
2012-04-12 11:28:54,830 DEBUG
[authentication.UsernamePasswordAuthenticationFilter] - Authentication
request failed:
org.springframework.security.core.userdetails.UsernameNotFoundException:
User testuser not found in usergroupservice: default
2012-04-12 11:28:54,830 DEBUG
[authentication.UsernamePasswordAuthenticationFilter] - Updated
SecurityContextHolder to contain null Authentication
2012-04-12 11:28:54,830 DEBUG
[authentication.UsernamePasswordAuthenticationFilter] - Delegating to
authentication failure
handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@430cd4b8
2012-04-12 11:28:54,830 DEBUG
[rememberme.GeoServerTokenBasedRememberMeServices] - Interactive login
attempt was unsuccessful.
2012-04-12 11:28:54,830 DEBUG
[rememberme.GeoServerTokenBasedRememberMeServices] - Cancelling cookie
2012-04-12 11:28:54,830 DEBUG
[authentication.SimpleUrlAuthenticationFailureHandler] - Redirecting
to
/web/?wicket:bookmarkablePage=:org.geoserver.web.GeoServerLoginPage&error=true
2012-04-12 11:28:54,831 DEBUG [web.DefaultRedirectStrategy] -
Redirecting to
'/repository/web/?wicket:bookmarkablePage=:org.geoserver.web.GeoServerLoginPage&error=true'
2012-04-12 11:28:54,831 DEBUG
[context.HttpSessionSecurityContextRepository] - SecurityContext is
empty or contents are anonymous - context will not be stored in
HttpSession.
On Thu, Apr 12, 2012 at 5:21 AM, Justin Deoliveira wrote:
> Hi Torsten,
>
> On the Authentication page did you set the ldap authentication provider as
> active? ie moved to the selected list?
>
> -Justin
>
> On Wed, Apr 11, 2012 at 11:35 AM, thegis wrote:
>>
>> Hi List!
>>
>> I’ve tried to use the new LDAP authentication feature to connect
>> Geoserver to our active directory based LDAP server as described in
>> [1]. After some trial and error, I successfully tested the connection
>> with the “Test Connection” button and following settings:
>>
>> ServerURL: ldap://server:port/dc=z,dc=y,dc=x
>> User lookup pattern: cn={0}, ou=users, ou=b,ou=a (Note that we had to
>> use “cn={0}” instead of “uid={0}”)
>> Group search base: ou=groups,ou=e,ou=d
>> Group search filter: member={0}
>>
>> However, when testing the login on the home page as described in [2]
>> with the same username/password, Geoserver redirects to
>>
>> “geoserver/web/?wicket:bookmarkablePage=:org.geoserver.web.GeoServerLoginPage&error=true”.
>> There is no error in the log or UI but the login obviously didn’t
>> work. It would surely help to show the log messages from Spring, but I
>> couldn’t enable them (editing e.g. VERBOSE_LOGGING.properties didn’t
>> work).
>>
>> I also noticed, that the Users/Groups tab in [3] does not show any
>> users or groups. Shouldn’t they get populated with the LDAP
>> users/groups?
>>
>> Any ideas what’s wrong?
>>
>> Regards,
>> Torsten
>>
>> [1]
>> http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#configure-the-ldap-authentication-provider
>> [2]
>> http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#test-a-ldap-login
>> [3]
>> http://localhost:8080/geoserver/web/?wicket:bookmarkablePage=:org.geoserver.security.web.UserGroupRoleServicesPage
>>
>>
>> --
>> Better than sec? Nothing is better than sec when it comes to
>> monitoring Big Data applications. Try Boundary one-second
>> resolution app monitoring today. Free.
>> http://p.sf.net/sfu/Boundary-dev2dev
>> ___
>> Geoserver-users mailing list
>> Geoserver-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
>
>
> --
> Justin Deoliveira
> OpenGeo - http://opengeo.org
> Enterprise support for open source geospatial.
>
--
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
___
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
[Geoserver-users] Geoserver 2.2-beta1 LDAP on active directory
Hi List!
I’ve tried to use the new LDAP authentication feature to connect
Geoserver to our active directory based LDAP server as described in
[1]. After some trial and error, I successfully tested the connection
with the “Test Connection” button and following settings:
ServerURL: ldap://server:port/dc=z,dc=y,dc=x
User lookup pattern: cn={0}, ou=users, ou=b,ou=a (Note that we had to
use “cn={0}” instead of “uid={0}”)
Group search base: ou=groups,ou=e,ou=d
Group search filter: member={0}
However, when testing the login on the home page as described in [2]
with the same username/password, Geoserver redirects to
“geoserver/web/?wicket:bookmarkablePage=:org.geoserver.web.GeoServerLoginPage&error=true”.
There is no error in the log or UI but the login obviously didn’t
work. It would surely help to show the log messages from Spring, but I
couldn’t enable them (editing e.g. VERBOSE_LOGGING.properties didn’t
work).
I also noticed, that the Users/Groups tab in [3] does not show any
users or groups. Shouldn’t they get populated with the LDAP
users/groups?
Any ideas what’s wrong?
Regards,
Torsten
[1]
http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#configure-the-ldap-authentication-provider
[2]
http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#test-a-ldap-login
[3]
http://localhost:8080/geoserver/web/?wicket:bookmarkablePage=:org.geoserver.security.web.UserGroupRoleServicesPage
--
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
___
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Re: [Geoserver-users] WMS/WCS Issues with Geoserver 2.1-RC5
Thank you for the response, Andrea. I retested with a clean Tomcat 6.0.26 and GS 2.1 RC-5 war file and I was able to reproduce issue 1 and 2: 1) The Translator error is thrown if something is wrong with the datastore/layer configuration. You can reproduce this with a clean installation and wcs getCapabilities request. The demo store "img_sample2" is responsible for ServiceException during the WCS GetCapabilities request: Unable to acquire a reader for this coverage with format: WorldImage null Translator error Unable to acquire a reader for this coverage with format: WorldImage This is probably related to a startup error/warning: Caused by: org.vfny.geoserver.wcs.WcsException: Unable to acquire a reader for this coverage with format: WorldImage at org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.handleCoverageOfferingBrief(Wcs10CapsTransformer.java:747) at org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.handleContentMetadata(Wcs10CapsTransformer.java:694) at org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.encode(Wcs10CapsTransformer.java:218) at org.geotools.xml.transform.TransformerBase$XMLReaderSupport.parse(TransformerBase.java:714) at org.apache.xalan.transformer.TransformerIdentityImpl.transform(TransformerIdentityImpl.java:484) at org.geotools.xml.transform.TransformerBase$Task.run(TransformerBase.java:296) at org.geotools.xml.transform.TransformerBase.transform(TransformerBase.java:129) ... 123 more If you remove the datastore and restart Tomcat, requesting the WCS capabilites works as expected. Concerning my problem it seems to be related a strange "input not a RandomAccessFile!". Maybe the ImageIO libs are not reloaded properly? Caused by: java.lang.IllegalArgumentException: input not a RandomAccessFile! at com.sun.imageio.spi.RAFImageInputStreamSpi.createInputStreamInstance(RAFImageInputStreamSpi.java:43) at org.geotools.gce.geotiff.GeoTiffReader.(GeoTiffReader.java:200) at org.geotools.gce.geotiff.GeoTiffFormat.getReader(GeoTiffFormat.java:271) at org.geotools.gce.geotiff.GeoTiffFormat.getReader(GeoTiffFormat.java:77) at org.geoserver.catalog.ResourcePool.getGridCoverageReader(ResourcePool.java:972) at org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.handleCoverageOfferingBrief(Wcs10CapsTransformer.java:741) at org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.handleContentMetadata(Wcs10CapsTransformer.java:694) at org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.encode(Wcs10CapsTransformer.java:218) at org.geotools.xml.transform.TransformerBase$XMLReaderSupport.parse(TransformerBase.java:714) at org.apache.xalan.transformer.TransformerIdentityImpl.transform(TransformerIdentityImpl.java:484) at org.geotools.xml.transform.TransformerBase$Task.run(TransformerBase.java:296) at org.geotools.xml.transform.TransformerBase.transform(TransformerBase.java:129) ... 125 more 2) This issue is also reproducable with the demo store "sf:sfdem". Simply post this WCS getCoverage request: http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://www.opengis.net/wcs"; xmlns:ows="http://www.opengis.net/ows/1.1"; xmlns:gml="http://www.opengis.net/gml"; xmlns:ogc="http://www.opengis.net/ogc"; xsi:schemaLocation="http://www.opengis.net/wcs http://schemas.opengis.net/wcs/1.0.0/getCoverage.xsd";> sf:sfdem -103.87108701853181 44.370187074132616 -103.62940739432703 44.5016011535299 0 0 648 496 E N EPSG:4326 GeoTIFF Response: java.lang.IllegalArgumentException: Illegal value for argument "TargetCRS must be compatible with TargetGG CRS". Illegal value for argument "TargetCRS must be compatible with TargetGG CRS". Adding EPSG:4326 to the Request/Response SRS in Layer/Publishing Tab does not make any difference. 3) This is not reproducible with a clean installation, so I guess it has something to do with the data directory or plugins I am using in the other installation. I will look into it. Did the data_dir changed between 2.1-RC1 and 2.1-RC5? Best regards, Torsten On Wed, May 4, 2011 at 7:03 PM, Andrea Aime wrote: > On Wed, May 4, 2011 at 6:38 PM, thegis wrote: >> Hi All, > > ... > >> Does anyone knows if these are bugs or if I am doing something wrong? > > No idea of any of them, we'd need data + request to reproduce locally and > use a debugger to look into it. > > GS 2.1.0 is very likely going out as is, but hopefully there will be a 2.1.1 > shortly after that (I hope one month, but cannot make pr
[Geoserver-users] WMS/WCS Issues with Geoserver 2.1-RC5
Hi All,
I've upgrading our existing 2.1-RC1 instance to the latest RC-5 and
found a few issues. 1) is minor but 2)+3) are holding us back from
upgrading:
1) Requesting the capabilities after restarting Geoserver Webapp through the
Tomcat Manager results in an exception while restarting Tomcat works fine..
java.io.IOException
null
Translator error
input not a RandomAccessFile!
geoserver.log:
...
2011-05-03 14:43:32,844 WARN [storage.EntityStoreBuilder] - Neither
disk quota page store' cache memory percent nor cache size was
provided. Defaulting to 25% Heap Size
2011-05-03 14:43:38,525 WARN [geoserver.ows] - Could not get a
ServiceInfo for service wcs thus could not check if the service is
enabled
2011-05-03 14:43:39,825 INFO [geoserver.wcs] -
Request: getCapabilities
section = /
service = WCS
updateSequence = null
version = 1.0.0
baseUrl = http://.../
extendedProperties = {}
2011-05-03 14:43:39,977 ERROR [geoserver.ows] -
java.io.IOException
at
org.geoserver.wcs.response.Wcs10GetCapabilitiesResponse.write(Wcs10GetCapabilitiesResponse.java:47)
at org.geoserver.ows.Dispatcher.response(Dispatcher.java:751)
at
org.geoserver.ows.Dispatcher.handleRequestInternal(Dispatcher.java:233)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
...
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:396)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.xml.transform.TransformerException: Translator error
at
org.geotools.xml.transform.TransformerBase.transform(TransformerBase.java:133)
at
org.geotools.xml.transform.TransformerBase.transform(TransformerBase.java:108)
at
org.geoserver.wcs.response.Wcs10GetCapabilitiesResponse.write(Wcs10GetCapabilitiesResponse.java:45)
... 123 more
Caused by: java.lang.IllegalArgumentException: input not a RandomAccessFile!
at
com.sun.imageio.spi.RAFImageInputStreamSpi.createInputStreamInstance(RAFImageInputStreamSpi.java:43)
at org.geotools.gce.geotiff.GeoTiffReader.(GeoTiffReader.java:200)
at
org.geotools.gce.geotiff.GeoTiffFormat.getReader(GeoTiffFormat.java:271)
at
org.geotools.gce.geotiff.GeoTiffFormat.getReader(GeoTiffFormat.java:77)
at
org.geoserver.catalog.ResourcePool.getGridCoverageReader(ResourcePool.java:972)
at
org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.handleCoverageOfferingBrief(Wcs10CapsTransformer.java:741)
at
org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.handleContentMetadata(Wcs10CapsTransformer.java:694)
at
org.geoserver.wcs.response.Wcs10CapsTransformer$WCS100CapsTranslator.encode(Wcs10CapsTransformer.java:218)
at
org.geotools.xml.transform.TransformerBase$XMLReaderSupport.parse(TransformerBase.java:714)
at
org.apache.xalan.transformer.TransformerIdentityImpl.transform(TransformerIdentityImpl.java:484)
at
org.geotools.xml.transform.TransformerBase$Task.run(Transf
