geosolutions-it/C198-KRIHS

Unable to login/use GeoServer

Closed this issue · 9 comments

chpicone commented

When I try to login on GeoServer I always obtain a white screen.
It is possible to login using GeoNode, but from the machine 01 we are redirect to HTTP (instead of HTTPS) with error.

randomorder commented

I though this was fixed @lpasquali is it a regression?

lpasquali commented

@chpicone which is the url you are using?

lpasquali commented

@chpicone
for this url:
https://dfs-ogis-02.dpko.un.org/geoserver
it works with the REST auth, but with local admin I confirm it does not work, log in as an admin in geonode and then on geoserver click the "unusual button" near login, it will get you logged in for the moment.

lpasquali commented

note besides the login problem:
I had to fix the JAVA_HOME, otherwise there was no way to get tomcat9 started due to upgraded of RH from the client (we need to fix geonode master documentation @randomorder)

lpasquali commented

@randomorder I think I found (or rather for now circumscribed as is not solved) the poroblem, there is actually no error in geoserver, security rules are impeding the connection to /geoserver/web/** for local admin somehow but not for geonode one so there is some kind of misconfiguration:


2020-12-15 10:26:17,783 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'
2020-12-15 10:26:17,783 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**
2020-12-15 10:26:17,783 DEBUG [geoserver.security] - Inspecting the http request looking for the Custom Session ID.
2020-12-15 10:26:17,783 DEBUG [geoserver.security] - Found 4 cookies!
2020-12-15 10:26:17,783 DEBUG [geoserver.security] - Found Custom Session cookie: we7ad6xhqif0oe4pk92w3nlikbqfu62d
2020-12-15 10:26:17,784 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate
2020-12-15 10:26:17,785 DEBUG [geoserver.monitor] - Testing /web/ for monitor filtering
2020-12-15 10:26:17,785 DEBUG [geoserver.monitor] - /geoserver/web/ was filtered from monitoring
2020-12-15 10:26:17,793 DEBUG [geoserver.ows] - Could not find a layer group named web
2020-12-15 10:26:17,887 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8
2020-12-15 10:26:17,889 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed
2020-12-15 10:26:18,048 TRACE [platform.resource] - polling contents of /opt/data/geoserver_data/gwc-layers
2020-12-15 10:26:18,049 TRACE [platform.resource] - delta computed in 718us for /opt/data/geoserver_data/gwc-layers
2020-12-15 10:26:20,499 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'
2020-12-15 10:26:20,499 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'
2020-12-15 10:26:20,499 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'
2020-12-15 10:26:20,499 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'
2020-12-15 10:26:20,499 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check
2020-12-15 10:26:20,499 DEBUG [geoserver.monitor] - Testing /j_spring_security_check for monitor filtering
2020-12-15 10:26:20,506 TRACE [sqlserver.jtds] - Target not a string
2020-12-15 10:26:20,506 TRACE [sqlserver.jtds] - Target is not a Date
2020-12-15 10:26:23,051 TRACE [platform.resource] - polling contents of /opt/data/geoserver_data/gwc-layers
2020-12-15 10:26:23,052 TRACE [platform.resource] - delta computed in 852us for /opt/data/geoserver_data/gwc-layers

more over REST is working for local admin:

[root@dfs-ogis-02 opt]#  curl -k -u$auth https://dfs-ogis-02.dpko.un.org/geoserver/rest/workspaces/geonode/layers -H  "accept: application/json" -H  "content-type: application/json"
{"layers":{"layer":[{"name":"relief_san_andres","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/relief_san_andres.json"},{"name":"relief_san_andres0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/relief_san_andres0.json"},{"name":"relief_san_andres1","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/relief_san_andres1.json"},{"name":"relief_san_andres2","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/relief_san_andres2.json"},{"name":"test_grid","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/test_grid.json"},{"name":"test_grid0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/test_grid0.json"},{"name":"test_grid1","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/test_grid1.json"},{"name":"test_grid2","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/test_grid2.json"},{"name":"Air_Runways","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/Air_Runways.json"},{"name":"a__","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/a__.json"},{"name":"a__0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/a__0.json"},{"name":"boxes_with_dates_bc","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/boxes_with_dates_bc.json"},{"name":"boxes_with_dates_bc0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/boxes_with_dates_bc0.json"},{"name":"boxes_with_dates_bc1","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/boxes_with_dates_bc1.json"},{"name":"boxes_with_year_field2","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/boxes_with_year_field2.json"},{"name":"boxes_with_year_field20","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/boxes_with_year_field20.json"},{"name":"boxes_with_year_field21","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/boxes_with_year_field21.json"},{"name":"san_andres_y_providencia_administrative","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_administrative.json"},{"name":"san_andres_y_providencia_administrative0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_administrative0.json"},{"name":"san_andres_y_providencia_coastline","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_coastline.json"},{"name":"san_andres_y_providencia_coastline0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_coastline0.json"},{"name":"san_andres_y_providencia_highway","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_highway.json"},{"name":"san_andres_y_providencia_highway0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_highway0.json"},{"name":"san_andres_y_providencia_location","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_location.json"},{"name":"san_andres_y_providencia_location0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_location0.json"},{"name":"san_andres_y_providencia_natural","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_natural.json"},{"name":"san_andres_y_providencia_natural0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_natural0.json"},{"name":"san_andres_y_providencia_poi","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_poi.json"},{"name":"san_andres_y_providencia_poi0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_poi0.json"},{"name":"san_andres_y_providencia_water","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_water.json"},{"name":"san_andres_y_providencia_water0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/san_andres_y_providencia_water0.json"},{"name":"single_point","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/single_point.json"},{"name":"single_point0","href":"https:\/\/dfs-ogis-02.dpko.un.org\/geoserver\/rest\/workspaces\/geonode\/layers\/single_point0.json"}]}}[root@dfs-ogis-02 opt]#
randomorder commented

are you referring to this
2020-12-15 10:26:17,785 DEBUG [geoserver.monitor] - /geoserver/web/ was filtered from monitoring ?
that's monitor configuration for auditing saying "I'm not going to log this in audit files"

you may want to ask @afabiani to check GS/GN security conf with you

lpasquali commented

are you referring to this
2020-12-15 10:26:17,785 DEBUG [geoserver.monitor] - /geoserver/web/ was filtered from monitoring ?
that's monitor configuration for auditing saying "I'm not going to log this in audit files"

you may want to ask @afabiani to check GS/GN security conf with you

that is a full stack of logs upon a login request, I would more point on everything with [security] @randomorder, but yes I agree with you and I would like to seek the help of @afabiani on this.

@afabiani would you mind to check why security rules for geonode admin user are colliding with local admin user?

lpasquali commented

@afabiani please ignore the help request above I fixed it, but anyway there was something strange

I started a geonode under docker-compose, and checked default security configuration for it, theree was a difference for "webLogin" having enabled "no security":
Screenshot from 2020-12-15 12-58-59

while on the test geonode was:
Screenshot from 2020-12-15 12-58-04

making the former like the latter made both the two authentications work.

@chpicone can you try now at the url below?

https://dfs-ogis-02.dpko.un.org/geoserver/web