[Geoserver-devel] [JIRA] (GEOS-10430) Rest API fails for WMS Store

Wed, 23 Mar 2022 01:25:12 -0700 

Stefan Forsgren ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5d9aeadaf8c67f0dbff6a791
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiMzM5N2VlZDIzMTU0NDllZDk0OWNhZjY3N2NjMDI3YTYiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10430?atlOrigin=eyJpIjoiMzM5N2VlZDIzMTU0NDllZDk0OWNhZjY3N2NjMDI3YTYiLCJwIjoiaiJ9
 ) GEOS-10430 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10430?atlOrigin=eyJpIjoiMzM5N2VlZDIzMTU0NDllZDk0OWNhZjY3N2NjMDI3YTYiLCJwIjoiaiJ9
 ) Rest API fails for WMS Store ( 
https://osgeo-org.atlassian.net/browse/GEOS-10430?atlOrigin=eyJpIjoiMzM5N2VlZDIzMTU0NDllZDk0OWNhZjY3N2NjMDI3YTYiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.20.2 Assignee: Unassigned Components: REST 
Created: 23/Mar/22 9:24 AM Priority: Medium Reporter: Stefan Forsgren ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5d9aeadaf8c67f0dbff6a791
 )

Under certain circumstances the rest api returns Could not find a security 
wrapper for class class org.geoserver.catalog.impl.WMSStoreInfoImpl, cannot 
secure the object when performing a GET operation on /rest/workspaces

Steps to reprocude:

* Create a WMS store inside a workspace
* Publish a layer from the WMS store
* Change data security catalog setting to challenge
* Create a user in a role that does NOT have access to the layer
* Configure rest api to allow the created role to be allowed to perform GET on 
rest api in rest.properties
* Perform a GET on /rest/workspaces

The error also occurs when performing GET on /rest/workspaces/<workspace> if 
the workspace has a wms store. But for other workspaces the call works. If the 
user also have access to the data it also works.

Also calling GET on the wmsstore definition endpoint throws the error:

http://localhost:8081/geoserver/rest/workspaces/<workspace>/wmsstores.xml ( 
http://localhost:8081/geoserver/rest/workspaces/Extern/wmsstores.xml )

This is an actual problem, as it prevents creating a user with access to only 
the layer definitions without access to the actual data for API operations 
which come handy when querying Geoserver for metadata.

( 
https://osgeo-org.atlassian.net/browse/GEOS-10430#add-comment?atlOrigin=eyJpIjoiMzM5N2VlZDIzMTU0NDllZDk0OWNhZjY3N2NjMDI3YTYiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10430#add-comment?atlOrigin=eyJpIjoiMzM5N2VlZDIzMTU0NDllZDk0OWNhZjY3N2NjMDI3YTYiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100197- 
sha1:25554e9 )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to