Hello Alessio,
Thank you for your answer. I am starting to get it. It turns out the
client was using an older fork of geoserver and with the most recent
commits you did, google and github do indeed work without the block of
code being commented.
However, I can also reproduce the problem you describe below with the
latest version, despite the block of code not being commented.
If I use access_token to read the capabilities, I must close my browser
in order to be able to use the other access_token. Is this normal? Is
this intended to work for google?
Kind Regards
Niels
On 17-04-18 11:12, Alessio Fabiani wrote:
Hello Niels,
sorry for the late response. Unfortunately I had not much time to
deeply inspect the issues you raised and therefore I'm going to send
you some preliminary answers.
1) "Do you have any idea why this could be?" those services use
cookies. On Google and GitHub I had a similar issue. I fixed that by
checking for a session cookie (see
https://github.com/geoserver/geoserver/blob/master/src/community/security/oauth2-google/src/main/java/org/geoserver/security/oauth2/GoogleOAuthAuthenticationFilter.java#L30)
2) "How I can reproduce the problem". Generate two different
access_tokens associated to different roles. Assign different
resources to the roles. Then open a browser window and login into the
GUI with one of them. Now try to do a GetCapabilities request by
passing the access_token as query parameter. If the session is not
cached, you should be able to see different resources by simply
changing the access_token. Otherwise you will need to close the
browser session (or cleanup the cookies).
3) "why I get the names of java classes showing up next to the log-in
form". This should happen only when running on Eclipse. Try to build
the WAR. You should be able to get the icons. In general the issue
should be related to the fact that Spring is not able to stream the
icon resource.
Sorry for the quick responses. Hope that those can be still be useful
in order to allow you making further testing.
Let me know if you have a specific use case I should try to reproduce
somehow and feel free to propose a patch for the community module.
Regards,
Alessio Fabiani
==GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.==Ing. Alessio Fabiani
@alfa7691Founder/Technical Lead
GeoSolutions S.A.S.Via di Montramito 3/A55054 Massarosa
(LU)Italyphone: +39 0584 962313fax: +39 0584 1660272mob: +39 331
6233686http://www.geo-solutions.ithttp://twitter.com/geosolutions_it-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate.
Il loro utilizzo è consentito esclusivamente al destinatario del
messaggio, per le finalità indicate nel messaggio stesso. Qualora
riceviate questo messaggio senza esserne il destinatario, Vi preghiamo
cortesemente di darcene notizia via e-mail e di procedere alla
distruzione del messaggio stesso, cancellandolo dal Vostro sistema.
Conservare il messaggio stesso, divulgarlo anche in parte,
distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità
diverse, costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely
for the attention and use of the named addressee(s) and may be
confidential or proprietary in nature or covered by the provisions of
privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New
Data Protection Code).Any use not in accord with its purpose, any
disclosure, reproduction, copying, distribution, or either
dissemination, either whole or partial, is strictly forbidden except
previous formal approval of the named addressee(s). If you are not the
intended recipient, please contact immediately the sender by
telephone, fax or e-mail and delete the information in this message
that has been received in error. The sender does not give any warranty
or accept liability as the content, accuracy or completeness of sent
messages and accepts no responsibility for changes made after they
were sent or for other risks which arise as a result of e-mail
transmission, viruses, etc.
2018-04-13 13:48 GMT+02:00 Niels Charlier <ni...@scitus.be
<mailto:ni...@scitus.be>>:
Hi Alessio,
Thanks for your answer. It is strange, but I need to comment out
this code for it to work at all, just the same as my client.
Otherwise geoserver does not log me in (although the logging in
process on google/github works fine). Do you have any idea why
this could be?
Also, can you give me an example of how I can reproduce the
problem you have without that block of code, so I can figure out a
solution that works for both of us.
Finally, do you know why I get the names of java classes showing
up next to the log-in form? (see attached photo)
Thanks in advance!
Kind Regards
Niels
On 09-04-18 12:49, Alessio Fabiani wrote:
Hi Niels,
as far as I remember, this causes cache issues with requests.
Basically if you are logged in on GeoServer GUI and you want to
make OWS requests passing the access_token, the service will
always get the in-memory Principal.
The correct way to handle this would be to allow the GUI to get
the "access_token" query parameter also from the address... not
that easy using wicket unfortunately.
Regards,
Alessio Fabiani
==GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information.==Ing. Alessio Fabiani
<https://maps.google.com/?q=Via+di+Montramito+3/A+%0A+55054+%C2%A0Massarosa&entry=gmail&source=g>
@alfa7691Founder/Technical Lead
GeoSolutions S.A.S.Via di Montramito 3/A
<https://maps.google.com/?q=Via+di+Montramito+3/A+%0A+55054+%C2%A0Massarosa&entry=gmail&source=g>55054
Massarosa
<https://maps.google.com/?q=Via+di+Montramito+3/A+%0A+55054+%C2%A0Massarosa&entry=gmail&source=g>
(LU)Italyphone: +39 0584 962313fax: +39 0584 1660272mob:
+39 331
6233686http://www.geo-solutions.ithttp://twitter.com/geosolutions_it
<http://twitter.com/geosolutions_it>-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta
elettronica e/o nel/i file/s allegato/i sono da considerarsi
strettamente riservate. Il loro utilizzo è consentito
esclusivamente al destinatario del messaggio, per le finalità
indicate nel messaggio stesso. Qualora riceviate questo messaggio
senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del
messaggio stesso, cancellandolo dal Vostro sistema. Conservare il
messaggio stesso, divulgarlo anche in parte, distribuirlo ad
altri soggetti, copiarlo, od utilizzarlo per finalità diverse,
costituisce comportamento contrario ai principi dettati dal
D.Lgs. 196/2003.
The information in this message and/or attachments, is intended
solely for the attention and use of the named addressee(s) and
may be confidential or proprietary in nature or covered by the
provisions of privacy act (Legislative Decree June, 30 2003,
no.196 - Italy's New Data Protection Code).Any use not in accord
with its purpose, any disclosure, reproduction, copying,
distribution, or either dissemination, either whole or partial,
is strictly forbidden except previous formal approval of the
named addressee(s). If you are not the intended recipient, please
contact immediately the sender by telephone, fax or e-mail and
delete the information in this message that has been received in
error. The sender does not give any warranty or accept liability
as the content, accuracy or completeness of sent messages and
accepts no responsibility for changes made after they were sent
or for other risks which arise as a result of e-mail
transmission, viruses, etc.
2018-04-09 11:50 GMT+02:00 Niels Charlier <ni...@scitus.be
<mailto:ni...@scitus.be>>:
Hello Alessio,
I have a question about code in the OAuth2 community module
which you have written.
What was the reason for this block of code:
https://github.com/geoserver/geoserver/blob/master/src/community/security/oauth2/src/main/java/org/geoserver/security/oauth2/GeoServerOAuthAuthenticationFilter.java#L130
<https://github.com/geoserver/geoserver/blob/master/src/community/security/oauth2/src/main/java/org/geoserver/security/oauth2/GeoServerOAuthAuthenticationFilter.java#L130>
that removes the access token and prevents the use of session
cookies after establishing an OAuth2 based Session for the UI.
We had to comment on this block of code for now. Can we make
this a configurable option perhaps?
Thanks in advance for your answer!
Kind Regards
Niels
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel