Re: [Geoserver-users] JDBC authentication

[Ian Turton]

You need to look in the GeoServer log file to find out what's gone wrong.
You really need to add some more detail as to how you put the roles into
PostGresql

Ian

On Tue, 9 Mar 2021 at 05:52, krishna lodha  wrote:

> Hi, I tested the solution https://gis.stackexchange.com/a/388940/79 mentioned
> here, it works perfectly fine as long as roles are Default when I tried to
> put roles in PG as well, it gives me HTTP error 500 for the users.
> What should I do?
> [image: Screenshot 2021-03-09 at 11.20.20 AM.png]
>
> On Sat, Mar 6, 2021 at 4:20 AM Vera Green  wrote:
>
>> Absolutely. We use PG to control authentication across our entire system.
>> This includes authenticated WMS calls to geoServer. It's critical for us.
>>
>> On Wed., Mar. 3, 2021, 11:01 a.m. Andrea Aime, <
>> andrea.a...@geo-solutions.it> wrote:
>>
>>> Each of those source file has an author tag, they all say:
>>>
>>> @author christian
>>>
>>> About a reason to do so, database centric security can be a reason. A
>>> system where the access restrictions are enforced
>>> at the relational database level. In that case, you want to authenticate
>>> using database users, and then use impersonation
>>> to connect to the database as that user, while fetching data:
>>>
>>> https://docs.geoserver.org/latest/en/user/data/database/sqlsession.html#data-sqlsession
>>>
>>> Cheers
>>> Andrea
>>>
>>>
>>> On Wed, Mar 3, 2021 at 6:52 PM Ian Turton  wrote:
>>>
 So who did write it? I'm still trying to come up with a reason to let
 my database users log into geoserver.

 Ian

 On Wed, 3 Mar 2021, 17:39 Andrea Aime, 
 wrote:

> Quoting from stack overflow: "After much head scratching and asking
> the guys who wrote this stuff on the users mailing list"
>
> Hell no, I had nothing to do with those modules! :-D
>
> Cheers
> Andrea
>
> On Wed, Mar 3, 2021 at 6:35 PM Ian Turton  wrote:
>
>> Thanks to everyone for their help on this I have finally got my head
>> around it and have added an answer to the gis.stackoverflow question I
>> linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I
>> get some time over the weekend I'll see if I can try to make the
>> documentation clearer.
>>
>> Ian
>>
>> On Wed, 3 Mar 2021 at 15:03, Andrea Aime <
>> andrea.a...@geo-solutions.it> wrote:
>>
>>> Hi Ian,
>>> the role handling is a third class:
>>>
>>> [image: image.png]
>>>
>>> 1: authentication via database users (tries to connect to the
>>> database using the username/password provided in the request)
>>> 2: authentication via table contents (looks up a user with the same
>>> name provided in the request, and verifies the password)
>>> 3: adds role to a given user, after it has been authenticated
>>>
>>> Cheers
>>> Andrea
>>>
>>> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton 
>>> wrote:
>>>


 On Wed, 3 Mar 2021 at 13:33, Andrea Aime <
 andrea.a...@geo-solutions.it> wrote:

> Hi Ian,
> there are both functionalities, they are separate classes and are
> configured in a different way:
>
>
>- Authenticating using the database own users:
>
> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
>- Storing credentials in the database, use the table contents
>for authentication:
>
> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html
>
>
 I think (and I may be wrong) that this one only assigns a role to a
 postgres user (that is why you can set the password field to empty) -  
 if
 it was intended to work that way I can try to find some time to debug 
 it
 (when I finish this course).


 Back when we wrote the training material they were both working,
> not sure about the present.
>

 I'm pretty sure it used to work (when I wrote my training notes
 too) but it's been a while since I had a trainee choose the JDBC path
 instead of the LDAP path through the course (we have a lot of windows
 users) so I can't recall for sure (and if I used ian as my test user 
 then
 it would have worked as I have a DB login).


> Just a note, one has to be very careful when using the auth
> subsystem, many options, lots of complexity. I know I curse every 
> time :-D
>

 Oh, yes that is for sure!

 Ian



> Cheers
> Andrea
>
> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton 
> wrote:
>
>>
>> Just to check before I break out the debugger:
>>
>> When you use JDBC 

Re: [Geoserver-users] JDBC authentication

[krishna lodha]

Hi, I tested the solution https://gis.stackexchange.com/a/388940/79 mentioned
here, it works perfectly fine as long as roles are Default when I tried to
put roles in PG as well, it gives me HTTP error 500 for the users.
What should I do?
[image: Screenshot 2021-03-09 at 11.20.20 AM.png]

On Sat, Mar 6, 2021 at 4:20 AM Vera Green  wrote:

> Absolutely. We use PG to control authentication across our entire system.
> This includes authenticated WMS calls to geoServer. It's critical for us.
>
> On Wed., Mar. 3, 2021, 11:01 a.m. Andrea Aime, <
> andrea.a...@geo-solutions.it> wrote:
>
>> Each of those source file has an author tag, they all say:
>>
>> @author christian
>>
>> About a reason to do so, database centric security can be a reason. A
>> system where the access restrictions are enforced
>> at the relational database level. In that case, you want to authenticate
>> using database users, and then use impersonation
>> to connect to the database as that user, while fetching data:
>>
>> https://docs.geoserver.org/latest/en/user/data/database/sqlsession.html#data-sqlsession
>>
>> Cheers
>> Andrea
>>
>>
>> On Wed, Mar 3, 2021 at 6:52 PM Ian Turton  wrote:
>>
>>> So who did write it? I'm still trying to come up with a reason to let my
>>> database users log into geoserver.
>>>
>>> Ian
>>>
>>> On Wed, 3 Mar 2021, 17:39 Andrea Aime, 
>>> wrote:
>>>
 Quoting from stack overflow: "After much head scratching and asking the
 guys who wrote this stuff on the users mailing list"

 Hell no, I had nothing to do with those modules! :-D

 Cheers
 Andrea

 On Wed, Mar 3, 2021 at 6:35 PM Ian Turton  wrote:

> Thanks to everyone for their help on this I have finally got my head
> around it and have added an answer to the gis.stackoverflow question I
> linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I
> get some time over the weekend I'll see if I can try to make the
> documentation clearer.
>
> Ian
>
> On Wed, 3 Mar 2021 at 15:03, Andrea Aime 
> wrote:
>
>> Hi Ian,
>> the role handling is a third class:
>>
>> [image: image.png]
>>
>> 1: authentication via database users (tries to connect to the
>> database using the username/password provided in the request)
>> 2: authentication via table contents (looks up a user with the same
>> name provided in the request, and verifies the password)
>> 3: adds role to a given user, after it has been authenticated
>>
>> Cheers
>> Andrea
>>
>> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton  wrote:
>>
>>>
>>>
>>> On Wed, 3 Mar 2021 at 13:33, Andrea Aime <
>>> andrea.a...@geo-solutions.it> wrote:
>>>
 Hi Ian,
 there are both functionalities, they are separate classes and are
 configured in a different way:


- Authenticating using the database own users:

 https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
- Storing credentials in the database, use the table contents
for authentication:

 https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html


>>> I think (and I may be wrong) that this one only assigns a role to a
>>> postgres user (that is why you can set the password field to empty) -  
>>> if
>>> it was intended to work that way I can try to find some time to debug it
>>> (when I finish this course).
>>>
>>>
>>> Back when we wrote the training material they were both working, not
 sure about the present.

>>>
>>> I'm pretty sure it used to work (when I wrote my training notes too)
>>> but it's been a while since I had a trainee choose the JDBC path 
>>> instead of
>>> the LDAP path through the course (we have a lot of windows users) so I
>>> can't recall for sure (and if I used ian as my test user then it would 
>>> have
>>> worked as I have a DB login).
>>>
>>>
 Just a note, one has to be very careful when using the auth
 subsystem, many options, lots of complexity. I know I curse every time 
 :-D

>>>
>>> Oh, yes that is for sure!
>>>
>>> Ian
>>>
>>>
>>>
 Cheers
 Andrea

 On Wed, Mar 3, 2021 at 12:42 PM Ian Turton 
 wrote:

>
> Just to check before I break out the debugger:
>
> When you use JDBC Authentication can it allow any user you create
> in GeoServer (which get written in  then tables) login in or does it 
> only
> allow the user used for the postgis connection (or other postgis 
> users) to
> log in?
>
> It seems like this is a bug, but I may just be missing something
> (and I think I'm not the only one
> 

Re: [Geoserver-users] JDBC authentication

[Vera Green]

Absolutely. We use PG to control authentication across our entire system.
This includes authenticated WMS calls to geoServer. It's critical for us.

On Wed., Mar. 3, 2021, 11:01 a.m. Andrea Aime, 
wrote:

> Each of those source file has an author tag, they all say:
>
> @author christian
>
> About a reason to do so, database centric security can be a reason. A
> system where the access restrictions are enforced
> at the relational database level. In that case, you want to authenticate
> using database users, and then use impersonation
> to connect to the database as that user, while fetching data:
>
> https://docs.geoserver.org/latest/en/user/data/database/sqlsession.html#data-sqlsession
>
> Cheers
> Andrea
>
>
> On Wed, Mar 3, 2021 at 6:52 PM Ian Turton  wrote:
>
>> So who did write it? I'm still trying to come up with a reason to let my
>> database users log into geoserver.
>>
>> Ian
>>
>> On Wed, 3 Mar 2021, 17:39 Andrea Aime, 
>> wrote:
>>
>>> Quoting from stack overflow: "After much head scratching and asking the
>>> guys who wrote this stuff on the users mailing list"
>>>
>>> Hell no, I had nothing to do with those modules! :-D
>>>
>>> Cheers
>>> Andrea
>>>
>>> On Wed, Mar 3, 2021 at 6:35 PM Ian Turton  wrote:
>>>
 Thanks to everyone for their help on this I have finally got my head
 around it and have added an answer to the gis.stackoverflow question I
 linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I
 get some time over the weekend I'll see if I can try to make the
 documentation clearer.

 Ian

 On Wed, 3 Mar 2021 at 15:03, Andrea Aime 
 wrote:

> Hi Ian,
> the role handling is a third class:
>
> [image: image.png]
>
> 1: authentication via database users (tries to connect to the database
> using the username/password provided in the request)
> 2: authentication via table contents (looks up a user with the same
> name provided in the request, and verifies the password)
> 3: adds role to a given user, after it has been authenticated
>
> Cheers
> Andrea
>
> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton  wrote:
>
>>
>>
>> On Wed, 3 Mar 2021 at 13:33, Andrea Aime <
>> andrea.a...@geo-solutions.it> wrote:
>>
>>> Hi Ian,
>>> there are both functionalities, they are separate classes and are
>>> configured in a different way:
>>>
>>>
>>>- Authenticating using the database own users:
>>>
>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
>>>- Storing credentials in the database, use the table contents
>>>for authentication:
>>>
>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html
>>>
>>>
>> I think (and I may be wrong) that this one only assigns a role to a
>> postgres user (that is why you can set the password field to empty) -  if
>> it was intended to work that way I can try to find some time to debug it
>> (when I finish this course).
>>
>>
>> Back when we wrote the training material they were both working, not
>>> sure about the present.
>>>
>>
>> I'm pretty sure it used to work (when I wrote my training notes too)
>> but it's been a while since I had a trainee choose the JDBC path instead 
>> of
>> the LDAP path through the course (we have a lot of windows users) so I
>> can't recall for sure (and if I used ian as my test user then it would 
>> have
>> worked as I have a DB login).
>>
>>
>>> Just a note, one has to be very careful when using the auth
>>> subsystem, many options, lots of complexity. I know I curse every time 
>>> :-D
>>>
>>
>> Oh, yes that is for sure!
>>
>> Ian
>>
>>
>>
>>> Cheers
>>> Andrea
>>>
>>> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton 
>>> wrote:
>>>

 Just to check before I break out the debugger:

 When you use JDBC Authentication can it allow any user you create
 in GeoServer (which get written in  then tables) login in or does it 
 only
 allow the user used for the postgis connection (or other postgis 
 users) to
 log in?

 It seems like this is a bug, but I may just be missing something
 (and I think I'm not the only one
 https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
 )

 I'd be interested if any one is successfully using JDBC
 authentication in the wild?

 Cheers

 Ian

 --
 Ian Turton
 ___
 Geoserver-users mailing list

 Please make sure you read the following two resources before
 posting to this list:
 - Earning your 

Re: [Geoserver-users] JDBC authentication

[Andrea Aime]

Each of those source file has an author tag, they all say:

@author christian

About a reason to do so, database centric security can be a reason. A
system where the access restrictions are enforced
at the relational database level. In that case, you want to authenticate
using database users, and then use impersonation
to connect to the database as that user, while fetching data:
https://docs.geoserver.org/latest/en/user/data/database/sqlsession.html#data-sqlsession

Cheers
Andrea


On Wed, Mar 3, 2021 at 6:52 PM Ian Turton  wrote:

> So who did write it? I'm still trying to come up with a reason to let my
> database users log into geoserver.
>
> Ian
>
> On Wed, 3 Mar 2021, 17:39 Andrea Aime, 
> wrote:
>
>> Quoting from stack overflow: "After much head scratching and asking the
>> guys who wrote this stuff on the users mailing list"
>>
>> Hell no, I had nothing to do with those modules! :-D
>>
>> Cheers
>> Andrea
>>
>> On Wed, Mar 3, 2021 at 6:35 PM Ian Turton  wrote:
>>
>>> Thanks to everyone for their help on this I have finally got my head
>>> around it and have added an answer to the gis.stackoverflow question I
>>> linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I
>>> get some time over the weekend I'll see if I can try to make the
>>> documentation clearer.
>>>
>>> Ian
>>>
>>> On Wed, 3 Mar 2021 at 15:03, Andrea Aime 
>>> wrote:
>>>
 Hi Ian,
 the role handling is a third class:

 [image: image.png]

 1: authentication via database users (tries to connect to the database
 using the username/password provided in the request)
 2: authentication via table contents (looks up a user with the same
 name provided in the request, and verifies the password)
 3: adds role to a given user, after it has been authenticated

 Cheers
 Andrea

 On Wed, Mar 3, 2021 at 3:50 PM Ian Turton  wrote:

>
>
> On Wed, 3 Mar 2021 at 13:33, Andrea Aime 
> wrote:
>
>> Hi Ian,
>> there are both functionalities, they are separate classes and are
>> configured in a different way:
>>
>>
>>- Authenticating using the database own users:
>>
>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
>>- Storing credentials in the database, use the table contents for
>>authentication:
>>
>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html
>>
>>
> I think (and I may be wrong) that this one only assigns a role to a
> postgres user (that is why you can set the password field to empty) -  if
> it was intended to work that way I can try to find some time to debug it
> (when I finish this course).
>
>
> Back when we wrote the training material they were both working, not
>> sure about the present.
>>
>
> I'm pretty sure it used to work (when I wrote my training notes too)
> but it's been a while since I had a trainee choose the JDBC path instead 
> of
> the LDAP path through the course (we have a lot of windows users) so I
> can't recall for sure (and if I used ian as my test user then it would 
> have
> worked as I have a DB login).
>
>
>> Just a note, one has to be very careful when using the auth
>> subsystem, many options, lots of complexity. I know I curse every time 
>> :-D
>>
>
> Oh, yes that is for sure!
>
> Ian
>
>
>
>> Cheers
>> Andrea
>>
>> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton 
>> wrote:
>>
>>>
>>> Just to check before I break out the debugger:
>>>
>>> When you use JDBC Authentication can it allow any user you create in
>>> GeoServer (which get written in  then tables) login in or does it only
>>> allow the user used for the postgis connection (or other postgis users) 
>>> to
>>> log in?
>>>
>>> It seems like this is a bug, but I may just be missing something
>>> (and I think I'm not the only one
>>> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
>>> )
>>>
>>> I'd be interested if any one is successfully using JDBC
>>> authentication in the wild?
>>>
>>> Cheers
>>>
>>> Ian
>>>
>>> --
>>> Ian Turton
>>> ___
>>> Geoserver-users mailing list
>>>
>>> Please make sure you read the following two resources before posting
>>> to this list:
>>> - Earning your support instead of buying it, but Ian Turton:
>>> http://www.ianturton.com/talks/foss4g.html#/
>>> - The GeoServer user list posting guidelines:
>>> http://geoserver.org/comm/userlist-guidelines.html
>>>
>>> If you want to request a feature or an improvement, also see this:
>>> 

Re: [Geoserver-users] JDBC authentication

[Ian Turton]

So who did write it? I'm still trying to come up with a reason to let my
database users log into geoserver.

Ian

On Wed, 3 Mar 2021, 17:39 Andrea Aime,  wrote:

> Quoting from stack overflow: "After much head scratching and asking the
> guys who wrote this stuff on the users mailing list"
>
> Hell no, I had nothing to do with those modules! :-D
>
> Cheers
> Andrea
>
> On Wed, Mar 3, 2021 at 6:35 PM Ian Turton  wrote:
>
>> Thanks to everyone for their help on this I have finally got my head
>> around it and have added an answer to the gis.stackoverflow question I
>> linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I get
>> some time over the weekend I'll see if I can try to make the documentation
>> clearer.
>>
>> Ian
>>
>> On Wed, 3 Mar 2021 at 15:03, Andrea Aime 
>> wrote:
>>
>>> Hi Ian,
>>> the role handling is a third class:
>>>
>>> [image: image.png]
>>>
>>> 1: authentication via database users (tries to connect to the database
>>> using the username/password provided in the request)
>>> 2: authentication via table contents (looks up a user with the same name
>>> provided in the request, and verifies the password)
>>> 3: adds role to a given user, after it has been authenticated
>>>
>>> Cheers
>>> Andrea
>>>
>>> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton  wrote:
>>>


 On Wed, 3 Mar 2021 at 13:33, Andrea Aime 
 wrote:

> Hi Ian,
> there are both functionalities, they are separate classes and are
> configured in a different way:
>
>
>- Authenticating using the database own users:
>
> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
>- Storing credentials in the database, use the table contents for
>authentication:
>
> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html
>
>
 I think (and I may be wrong) that this one only assigns a role to a
 postgres user (that is why you can set the password field to empty) -  if
 it was intended to work that way I can try to find some time to debug it
 (when I finish this course).


 Back when we wrote the training material they were both working, not
> sure about the present.
>

 I'm pretty sure it used to work (when I wrote my training notes too)
 but it's been a while since I had a trainee choose the JDBC path instead of
 the LDAP path through the course (we have a lot of windows users) so I
 can't recall for sure (and if I used ian as my test user then it would have
 worked as I have a DB login).


> Just a note, one has to be very careful when using the auth subsystem,
> many options, lots of complexity. I know I curse every time :-D
>

 Oh, yes that is for sure!

 Ian



> Cheers
> Andrea
>
> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton  wrote:
>
>>
>> Just to check before I break out the debugger:
>>
>> When you use JDBC Authentication can it allow any user you create in
>> GeoServer (which get written in  then tables) login in or does it only
>> allow the user used for the postgis connection (or other postgis users) 
>> to
>> log in?
>>
>> It seems like this is a bug, but I may just be missing something (and
>> I think I'm not the only one
>> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
>> )
>>
>> I'd be interested if any one is successfully using JDBC
>> authentication in the wild?
>>
>> Cheers
>>
>> Ian
>>
>> --
>> Ian Turton
>> ___
>> Geoserver-users mailing list
>>
>> Please make sure you read the following two resources before posting
>> to this list:
>> - Earning your support instead of buying it, but Ian Turton:
>> http://www.ianturton.com/talks/foss4g.html#/
>> - The GeoServer user list posting guidelines:
>> http://geoserver.org/comm/userlist-guidelines.html
>>
>> If you want to request a feature or an improvement, also see this:
>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>
>>
>> Geoserver-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>
>
> --
>
> Regards, Andrea Aime
>
> == GeoServer Professional Services from the experts! Visit
> http://goo.gl/it488V for more information. == Ing. Andrea Aime
> @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054
> Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339
> 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it
> --- *Con
> riferimento alla normativa sul trattamento dei 

Re: [Geoserver-users] JDBC authentication

[Andrea Aime]

Quoting from stack overflow: "After much head scratching and asking the
guys who wrote this stuff on the users mailing list"

Hell no, I had nothing to do with those modules! :-D

Cheers
Andrea

On Wed, Mar 3, 2021 at 6:35 PM Ian Turton  wrote:

> Thanks to everyone for their help on this I have finally got my head
> around it and have added an answer to the gis.stackoverflow question I
> linked to earlier (https://gis.stackexchange.com/a/388940/79) - If I get
> some time over the weekend I'll see if I can try to make the documentation
> clearer.
>
> Ian
>
> On Wed, 3 Mar 2021 at 15:03, Andrea Aime 
> wrote:
>
>> Hi Ian,
>> the role handling is a third class:
>>
>> [image: image.png]
>>
>> 1: authentication via database users (tries to connect to the database
>> using the username/password provided in the request)
>> 2: authentication via table contents (looks up a user with the same name
>> provided in the request, and verifies the password)
>> 3: adds role to a given user, after it has been authenticated
>>
>> Cheers
>> Andrea
>>
>> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton  wrote:
>>
>>>
>>>
>>> On Wed, 3 Mar 2021 at 13:33, Andrea Aime 
>>> wrote:
>>>
 Hi Ian,
 there are both functionalities, they are separate classes and are
 configured in a different way:


- Authenticating using the database own users:

 https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
- Storing credentials in the database, use the table contents for
authentication:

 https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html


>>> I think (and I may be wrong) that this one only assigns a role to a
>>> postgres user (that is why you can set the password field to empty) -  if
>>> it was intended to work that way I can try to find some time to debug it
>>> (when I finish this course).
>>>
>>>
>>> Back when we wrote the training material they were both working, not
 sure about the present.

>>>
>>> I'm pretty sure it used to work (when I wrote my training notes too) but
>>> it's been a while since I had a trainee choose the JDBC path instead of the
>>> LDAP path through the course (we have a lot of windows users) so I can't
>>> recall for sure (and if I used ian as my test user then it would have
>>> worked as I have a DB login).
>>>
>>>
 Just a note, one has to be very careful when using the auth subsystem,
 many options, lots of complexity. I know I curse every time :-D

>>>
>>> Oh, yes that is for sure!
>>>
>>> Ian
>>>
>>>
>>>
 Cheers
 Andrea

 On Wed, Mar 3, 2021 at 12:42 PM Ian Turton  wrote:

>
> Just to check before I break out the debugger:
>
> When you use JDBC Authentication can it allow any user you create in
> GeoServer (which get written in  then tables) login in or does it only
> allow the user used for the postgis connection (or other postgis users) to
> log in?
>
> It seems like this is a bug, but I may just be missing something (and
> I think I'm not the only one
> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
> )
>
> I'd be interested if any one is successfully using JDBC authentication
> in the wild?
>
> Cheers
>
> Ian
>
> --
> Ian Turton
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting
> to this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>


 --

 Regards, Andrea Aime

 == GeoServer Professional Services from the experts! Visit
 http://goo.gl/it488V for more information. == Ing. Andrea Aime
 @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054
 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339
 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it
 --- *Con
 riferimento alla normativa sul trattamento dei dati personali (Reg. UE
 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
 precisa che ogni circostanza inerente alla presente email (il suo
 contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
 riservata al/i solo/i destinatario/i indicati dallo scrivente. Se 

Re: [Geoserver-users] JDBC authentication

[Ian Turton]

Thanks to everyone for their help on this I have finally got my head around
it and have added an answer to the gis.stackoverflow question I linked to
earlier (https://gis.stackexchange.com/a/388940/79) - If I get some time
over the weekend I'll see if I can try to make the documentation clearer.

Ian

On Wed, 3 Mar 2021 at 15:03, Andrea Aime 
wrote:

> Hi Ian,
> the role handling is a third class:
>
> [image: image.png]
>
> 1: authentication via database users (tries to connect to the database
> using the username/password provided in the request)
> 2: authentication via table contents (looks up a user with the same name
> provided in the request, and verifies the password)
> 3: adds role to a given user, after it has been authenticated
>
> Cheers
> Andrea
>
> On Wed, Mar 3, 2021 at 3:50 PM Ian Turton  wrote:
>
>>
>>
>> On Wed, 3 Mar 2021 at 13:33, Andrea Aime 
>> wrote:
>>
>>> Hi Ian,
>>> there are both functionalities, they are separate classes and are
>>> configured in a different way:
>>>
>>>
>>>- Authenticating using the database own users:
>>>
>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
>>>- Storing credentials in the database, use the table contents for
>>>authentication:
>>>
>>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html
>>>
>>>
>> I think (and I may be wrong) that this one only assigns a role to a
>> postgres user (that is why you can set the password field to empty) -  if
>> it was intended to work that way I can try to find some time to debug it
>> (when I finish this course).
>>
>>
>> Back when we wrote the training material they were both working, not sure
>>> about the present.
>>>
>>
>> I'm pretty sure it used to work (when I wrote my training notes too) but
>> it's been a while since I had a trainee choose the JDBC path instead of the
>> LDAP path through the course (we have a lot of windows users) so I can't
>> recall for sure (and if I used ian as my test user then it would have
>> worked as I have a DB login).
>>
>>
>>> Just a note, one has to be very careful when using the auth subsystem,
>>> many options, lots of complexity. I know I curse every time :-D
>>>
>>
>> Oh, yes that is for sure!
>>
>> Ian
>>
>>
>>
>>> Cheers
>>> Andrea
>>>
>>> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton  wrote:
>>>

 Just to check before I break out the debugger:

 When you use JDBC Authentication can it allow any user you create in
 GeoServer (which get written in  then tables) login in or does it only
 allow the user used for the postgis connection (or other postgis users) to
 log in?

 It seems like this is a bug, but I may just be missing something (and I
 think I'm not the only one
 https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
 )

 I'd be interested if any one is successfully using JDBC authentication
 in the wild?

 Cheers

 Ian

 --
 Ian Turton
 ___
 Geoserver-users mailing list

 Please make sure you read the following two resources before posting to
 this list:
 - Earning your support instead of buying it, but Ian Turton:
 http://www.ianturton.com/talks/foss4g.html#/
 - The GeoServer user list posting guidelines:
 http://geoserver.org/comm/userlist-guidelines.html

 If you want to request a feature or an improvement, also see this:
 https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


 Geoserver-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/geoserver-users

>>>
>>>
>>> --
>>>
>>> Regards, Andrea Aime
>>>
>>> == GeoServer Professional Services from the experts! Visit
>>> http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf
>>> Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa
>>> (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549
>>> http://www.geo-solutions.it http://twitter.com/geosolutions_it
>>> --- *Con
>>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE
>>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
>>> precisa che ogni circostanza inerente alla presente email (il suo
>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>>> This email is intended only for the person or entity to which it is
>>> addressed and may contain information that is privileged, confidential or
>>> otherwise protected from disclosure. We remind that - as provided by
>>> 

Re: [Geoserver-users] JDBC authentication

[Andrea Aime]

Hi Ian,
the role handling is a third class:

[image: image.png]

1: authentication via database users (tries to connect to the database
using the username/password provided in the request)
2: authentication via table contents (looks up a user with the same name
provided in the request, and verifies the password)
3: adds role to a given user, after it has been authenticated

Cheers
Andrea

On Wed, Mar 3, 2021 at 3:50 PM Ian Turton  wrote:

>
>
> On Wed, 3 Mar 2021 at 13:33, Andrea Aime 
> wrote:
>
>> Hi Ian,
>> there are both functionalities, they are separate classes and are
>> configured in a different way:
>>
>>
>>- Authenticating using the database own users:
>>
>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
>>- Storing credentials in the database, use the table contents for
>>authentication:
>>
>> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html
>>
>>
> I think (and I may be wrong) that this one only assigns a role to a
> postgres user (that is why you can set the password field to empty) -  if
> it was intended to work that way I can try to find some time to debug it
> (when I finish this course).
>
>
> Back when we wrote the training material they were both working, not sure
>> about the present.
>>
>
> I'm pretty sure it used to work (when I wrote my training notes too) but
> it's been a while since I had a trainee choose the JDBC path instead of the
> LDAP path through the course (we have a lot of windows users) so I can't
> recall for sure (and if I used ian as my test user then it would have
> worked as I have a DB login).
>
>
>> Just a note, one has to be very careful when using the auth subsystem,
>> many options, lots of complexity. I know I curse every time :-D
>>
>
> Oh, yes that is for sure!
>
> Ian
>
>
>
>> Cheers
>> Andrea
>>
>> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton  wrote:
>>
>>>
>>> Just to check before I break out the debugger:
>>>
>>> When you use JDBC Authentication can it allow any user you create in
>>> GeoServer (which get written in  then tables) login in or does it only
>>> allow the user used for the postgis connection (or other postgis users) to
>>> log in?
>>>
>>> It seems like this is a bug, but I may just be missing something (and I
>>> think I'm not the only one
>>> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
>>> )
>>>
>>> I'd be interested if any one is successfully using JDBC authentication
>>> in the wild?
>>>
>>> Cheers
>>>
>>> Ian
>>>
>>> --
>>> Ian Turton
>>> ___
>>> Geoserver-users mailing list
>>>
>>> Please make sure you read the following two resources before posting to
>>> this list:
>>> - Earning your support instead of buying it, but Ian Turton:
>>> http://www.ianturton.com/talks/foss4g.html#/
>>> - The GeoServer user list posting guidelines:
>>> http://geoserver.org/comm/userlist-guidelines.html
>>>
>>> If you want to request a feature or an improvement, also see this:
>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>>
>>>
>>> Geoserver-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>>
>>
>>
>> --
>>
>> Regards, Andrea Aime
>>
>> == GeoServer Professional Services from the experts! Visit
>> http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf
>> Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa
>> (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549
>> http://www.geo-solutions.it http://twitter.com/geosolutions_it
>> --- *Con riferimento
>> alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 -
>> Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni
>> circostanza inerente alla presente email (il suo contenuto, gli eventuali
>> allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i
>> destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per
>> errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le
>> sarei comunque grato se potesse darmene notizia. This email is intended
>> only for the person or entity to which it is addressed and may contain
>> information that is privileged, confidential or otherwise protected from
>> disclosure. We remind that - as provided by European Regulation 2016/679
>> “GDPR” - copying, dissemination or use of this e-mail or the information
>> herein by anyone other than the intended recipient is prohibited. If you
>> have received this email by mistake, please notify us immediately by
>> telephone or e-mail.*
>>
>
>
> --
> Ian Turton
>


-- 

Regards, Andrea Aime

== GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf
Technical Lead GeoSolutions S.A.S. 

Re: [Geoserver-users] JDBC authentication

[Ian Turton]

On Wed, 3 Mar 2021 at 13:33, Andrea Aime 
wrote:

> Hi Ian,
> there are both functionalities, they are separate classes and are
> configured in a different way:
>
>
>- Authenticating using the database own users:
>
> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
>- Storing credentials in the database, use the table contents for
>authentication:
>
> https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html
>
>
I think (and I may be wrong) that this one only assigns a role to a
postgres user (that is why you can set the password field to empty) -  if
it was intended to work that way I can try to find some time to debug it
(when I finish this course).


Back when we wrote the training material they were both working, not sure
> about the present.
>

I'm pretty sure it used to work (when I wrote my training notes too) but
it's been a while since I had a trainee choose the JDBC path instead of the
LDAP path through the course (we have a lot of windows users) so I can't
recall for sure (and if I used ian as my test user then it would have
worked as I have a DB login).


> Just a note, one has to be very careful when using the auth subsystem,
> many options, lots of complexity. I know I curse every time :-D
>

Oh, yes that is for sure!

Ian



> Cheers
> Andrea
>
> On Wed, Mar 3, 2021 at 12:42 PM Ian Turton  wrote:
>
>>
>> Just to check before I break out the debugger:
>>
>> When you use JDBC Authentication can it allow any user you create in
>> GeoServer (which get written in  then tables) login in or does it only
>> allow the user used for the postgis connection (or other postgis users) to
>> log in?
>>
>> It seems like this is a bug, but I may just be missing something (and I
>> think I'm not the only one
>> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
>> )
>>
>> I'd be interested if any one is successfully using JDBC authentication in
>> the wild?
>>
>> Cheers
>>
>> Ian
>>
>> --
>> Ian Turton
>> ___
>> Geoserver-users mailing list
>>
>> Please make sure you read the following two resources before posting to
>> this list:
>> - Earning your support instead of buying it, but Ian Turton:
>> http://www.ianturton.com/talks/foss4g.html#/
>> - The GeoServer user list posting guidelines:
>> http://geoserver.org/comm/userlist-guidelines.html
>>
>> If you want to request a feature or an improvement, also see this:
>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>
>>
>> Geoserver-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>
>
> --
>
> Regards, Andrea Aime
>
> == GeoServer Professional Services from the experts! Visit
> http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf
> Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa
> (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549
> http://www.geo-solutions.it http://twitter.com/geosolutions_it
> --- *Con riferimento
> alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 -
> Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni
> circostanza inerente alla presente email (il suo contenuto, gli eventuali
> allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i
> destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per
> errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le
> sarei comunque grato se potesse darmene notizia. This email is intended
> only for the person or entity to which it is addressed and may contain
> information that is privileged, confidential or otherwise protected from
> disclosure. We remind that - as provided by European Regulation 2016/679
> “GDPR” - copying, dissemination or use of this e-mail or the information
> herein by anyone other than the intended recipient is prohibited. If you
> have received this email by mistake, please notify us immediately by
> telephone or e-mail.*
>


-- 
Ian Turton
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] JDBC authentication

[krishna lodha]

Hi,
So the bottom line is we can’t use database to store users? That can be
then used further to login to geoserver ?

On Wed, 3 Mar 2021 at 19:23, Mauro Bartolomeoli <
mauro.bartolome...@geo-solutions.it> wrote:

> Hi Ian,
> the JDBC Authentication Provider is meant to be used to login using the
> database (e.g. postgresql) users.
>
> If you want to store your own users on a database, the JDBC UserGroup
> Service has to be used (together with the standard UsernamePassword
> Authentication Provider).
> I know it's confusing. This is why I usually suggest people to ignore the
> JDBC Authentication Provider.
>
> Hope this helps
> Mauro
>
>
> Il giorno mer 3 mar 2021 alle ore 12:31 Ian Turton 
> ha scritto:
>
>>
>> Just to check before I break out the debugger:
>>
>> When you use JDBC Authentication can it allow any user you create in
>> GeoServer (which get written in  then tables) login in or does it only
>> allow the user used for the postgis connection (or other postgis users) to
>> log in?
>>
>> It seems like this is a bug, but I may just be missing something (and I
>> think I'm not the only one
>> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
>> )
>>
>> I'd be interested if any one is successfully using JDBC authentication in
>> the wild?
>>
>> Cheers
>>
>> Ian
>>
>> --
>> Ian Turton
>> ___
>> Geoserver-users mailing list
>>
>> Please make sure you read the following two resources before posting to
>> this list:
>> - Earning your support instead of buying it, but Ian Turton:
>> http://www.ianturton.com/talks/foss4g.html#/
>> - The GeoServer user list posting guidelines:
>> http://geoserver.org/comm/userlist-guidelines.html
>>
>> If you want to request a feature or an improvement, also see this:
>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>
>>
>> Geoserver-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>
>
> --
>
> Regards,
>
> Mauro Bartolomeoli
>
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/it488V for more information.
> ==
>
> Dott. Mauro Bartolomeoli
> @mauro_bart
> Technical Lead
>
> GeoSolutions S.A.S.
> Via di Montramito 3/A
> 
> 55054  Massarosa
> 
> (LU)
> Italy
>
> mobile: +39 393 904 1756
> phone: +39 0584 962313
> fax:  +39 0584 1660272
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> ---
>
> Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
> precisa che ogni circostanza inerente alla presente email (il suo
> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>
> This email is intended only for the person or entity to which it is
> addressed and may contain information that is privileged, confidential or
> otherwise protected from disclosure. We remind that - as provided by
> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
> e-mail or the information herein by anyone other than the intended
> recipient is prohibited. If you have received this email by mistake, please
> notify us immediately by telephone or e-mail.
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
-- 
Krishna G. Lodha
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 

Re: [Geoserver-users] JDBC authentication

[Mauro Bartolomeoli]

Hi Ian,
the JDBC Authentication Provider is meant to be used to login using the
database (e.g. postgresql) users.

If you want to store your own users on a database, the JDBC UserGroup
Service has to be used (together with the standard UsernamePassword
Authentication Provider).
I know it's confusing. This is why I usually suggest people to ignore the
JDBC Authentication Provider.

Hope this helps
Mauro


Il giorno mer 3 mar 2021 alle ore 12:31 Ian Turton  ha
scritto:

>
> Just to check before I break out the debugger:
>
> When you use JDBC Authentication can it allow any user you create in
> GeoServer (which get written in  then tables) login in or does it only
> allow the user used for the postgis connection (or other postgis users) to
> log in?
>
> It seems like this is a bug, but I may just be missing something (and I
> think I'm not the only one
> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
> )
>
> I'd be interested if any one is successfully using JDBC authentication in
> the wild?
>
> Cheers
>
> Ian
>
> --
> Ian Turton
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>


-- 

Regards,

Mauro Bartolomeoli

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information.
==

Dott. Mauro Bartolomeoli
@mauro_bart
Technical Lead

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy

mobile: +39 393 904 1756
phone: +39 0584 962313
fax:  +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] JDBC authentication

[Andrea Aime]

Hi Ian,
there are both functionalities, they are separate classes and are
configured in a different way:


   - Authenticating using the database own users:
   
https://docs.geoserver.geo-solutions.it/edu/en/security/jdbc_authentication.html
   - Storing credentials in the database, use the table contents for
   authentication:
   
https://docs.geoserver.geo-solutions.it/edu/en/security/jdbcusergroup_services.html

Back when we wrote the training material they were both working, not sure
about the present.
Just a note, one has to be very careful when using the auth subsystem, many
options, lots of complexity. I know I curse every time :-D

Cheers
Andrea

On Wed, Mar 3, 2021 at 12:42 PM Ian Turton  wrote:

>
> Just to check before I break out the debugger:
>
> When you use JDBC Authentication can it allow any user you create in
> GeoServer (which get written in  then tables) login in or does it only
> allow the user used for the postgis connection (or other postgis users) to
> log in?
>
> It seems like this is a bug, but I may just be missing something (and I
> think I'm not the only one
> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
> )
>
> I'd be interested if any one is successfully using JDBC authentication in
> the wild?
>
> Cheers
>
> Ian
>
> --
> Ian Turton
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>


-- 

Regards, Andrea Aime

== GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf
Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa
(LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549
http://www.geo-solutions.it http://twitter.com/geosolutions_it
--- *Con riferimento
alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 -
Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni
circostanza inerente alla presente email (il suo contenuto, gli eventuali
allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i
destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per
errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le
sarei comunque grato se potesse darmene notizia. This email is intended
only for the person or entity to which it is addressed and may contain
information that is privileged, confidential or otherwise protected from
disclosure. We remind that - as provided by European Regulation 2016/679
“GDPR” - copying, dissemination or use of this e-mail or the information
herein by anyone other than the intended recipient is prohibited. If you
have received this email by mistake, please notify us immediately by
telephone or e-mail.*
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] JDBC authentication

[Krishnaglodha]

Hi Ian,
Thanks for getting back, the stack exchange denotes the exact problem I’m 
facing. The new “users” are created but they can not be used to login, only the 
‘users’ which are user of PostgreSQL can be used to login

Thank you,
Krishna G. Lodha

On 3 Mar 2021, 5:04 PM +0530, Ian Turton , wrote:
>
> Just to check before I break out the debugger:
>
> When you use JDBC Authentication can it allow any user you create in 
> GeoServer (which get written in  then tables) login in or does it only allow 
> the user used for the postgis connection (or other postgis users) to log in?
>
> It seems like this is a bug, but I may just be missing something (and I think 
> I'm not the only one 
> https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem)
>
> I'd be interested if any one is successfully using JDBC authentication in the 
> wild?
>
> Cheers
>
> Ian
>
> --
> Ian Turton
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to this 
> list:
> - Earning your support instead of buying it, but Ian Turton: 
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines: 
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this: 
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] JDBC authentication

[Ian Turton]

Just to check before I break out the debugger:

When you use JDBC Authentication can it allow any user you create in
GeoServer (which get written in  then tables) login in or does it only
allow the user used for the postgis connection (or other postgis users) to
log in?

It seems like this is a bug, but I may just be missing something (and I
think I'm not the only one
https://gis.stackexchange.com/questions/274834/geoserver-jdbc-user-group-services-problem
)

I'd be interested if any one is successfully using JDBC authentication in
the wild?

Cheers

Ian

-- 
Ian Turton
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users