[Geoserver-devel] [JIRA] (GEOS-10070) GeoFence doesn't work when the local IP address is reported as IPv6

Thu, 20 May 2021 12:32:41 -0700 

Gabriel Roldan ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A54db8b09-1e64-436a-adac-248049585cee
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiNTk5YmFmNmY0YjAxNDdhZThhNTk5Y2NkNWUxZWM3YjYiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10070?atlOrigin=eyJpIjoiNTk5YmFmNmY0YjAxNDdhZThhNTk5Y2NkNWUxZWM3YjYiLCJwIjoiaiJ9
 ) GEOS-10070 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10070?atlOrigin=eyJpIjoiNTk5YmFmNmY0YjAxNDdhZThhNTk5Y2NkNWUxZWM3YjYiLCJwIjoiaiJ9
 ) GeoFence doesn't work when the local IP address is reported as IPv6 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10070?atlOrigin=eyJpIjoiNTk5YmFmNmY0YjAxNDdhZThhNTk5Y2NkNWUxZWM3YjYiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.19.0 Assignee: Unassigned Components: 
GeoFence Created: 20/May/21 9:31 PM Priority: Medium Reporter: Gabriel Roldan ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A54db8b09-1e64-436a-adac-248049585cee
 )

Running mvn jetty:run -Pgeofence-server , when the request IP resolves to an 
IPv6 address, the following error is logged:

ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]

and no rule is applied, hiding all contents.

A workaround is to run with -Djava.net.preferIPv4Stack=true.
This should be fixed or at least documented.

Some debugging shows that RuleReaderService.getAdminAuthorization(ruleFilter) 
(CachedRuleReader) returns an empty AccessInfo.

Call trace:

SecureCatalogImpl.buildWrapperPolicy() ->
CatalogFilterAccessManager.getAccessLimits() ->
GeoFenceAccessManager.getAccessLimits() ->
GeoFenceAccessManager.isWorkspaceAdmin() ->

GeoFenceAccessManager.getAccessLimits(){
...
AccessInfo auth = rules.getAdminAuthorization(ruleFilter);
}

Environment:

Ubuntu x86_64, 5.8.0-50-generic

java -version
openjdk version "1.8.0_282"
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)

Logs:

20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for 
RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs 
ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ 
layer:"giant_polygon"+]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 WARN [services.RuleReaderServiceImpl] - No access for filter 
RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs 
ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ 
layer:"giant_polygon"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Returning 
AccessInfo[grant:DENY admin:false] for RuleFilter[user:"topp_admin"+ role:ANY 
inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT 
ws:"tiger"+ layer:"giant_polygon"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for 
RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs 
ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 WARN [services.RuleReaderServiceImpl] - No access for filter 
RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs 
ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Returning 
AccessInfo[grant:DENY admin:false] for RuleFilter[user:"topp_admin"+ role:ANY 
inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT 
ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for 
RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs 
ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ 
layer:"poly_landmarks"+]

( 
https://osgeo-org.atlassian.net/browse/GEOS-10070#add-comment?atlOrigin=eyJpIjoiNTk5YmFmNmY0YjAxNDdhZThhNTk5Y2NkNWUxZWM3YjYiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10070#add-comment?atlOrigin=eyJpIjoiNTk5YmFmNmY0YjAxNDdhZThhNTk5Y2NkNWUxZWM3YjYiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100162- 
sha1:3b69042 )
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to