[Geoserver-devel] [JIRA] (GEOS-10918) Layer preview list empty if authorization rule is specific for a single layer

Giovanni Spigoni (JIRA) via Geoserver-devel Thu, 30 Mar 2023 09:23:09 -0700

Giovanni Spigoni ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5e3c2fe1feffe10c9bd0120c
 ) *created* an issue


GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiYjI5NjJlNmYwYTYwNDJkZjk1NjE1NDk2MmE0Y2U4NTIiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-10918?atlOrigin=eyJpIjoiYjI5NjJlNmYwYTYwNDJkZjk1NjE1NDk2MmE0Y2U4NTIiLCJwIjoiaiJ9
 ) GEOS-10918 ( 
https://osgeo-org.atlassian.net/browse/GEOS-10918?atlOrigin=eyJpIjoiYjI5NjJlNmYwYTYwNDJkZjk1NjE1NDk2MmE0Y2U4NTIiLCJwIjoiaiJ9
 ) Layer preview list empty if authorization rule is specific for a single 
layer ( 
https://osgeo-org.atlassian.net/browse/GEOS-10918?atlOrigin=eyJpIjoiYjI5NjJlNmYwYTYwNDJkZjk1NjE1NDk2MmE0Y2U4NTIiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.22.2 Assignee: Unassigned Components: 
Configuration, web, website Created: 30/Mar/23 6:21 PM Environment:

* Operating system: RHEL 9
* Tomcat 9

Priority: Medium Reporter: Giovanni Spigoni ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5e3c2fe1feffe10c9bd0120c
 )

The page “Layer Preview” of the geoserver webapp displays an empty list if the 
user accessing the page, has a role matching a sigle-layer rule.
Therefore, if an autorisation rule is specified for a single layer (e.g. 
myWorkspace.myLayer.r ) and the authenticated user has the role that match this 
rule, then the layer preview list will be displayed empty. Even if the user has 
the authorisation to read other workspaces configured with other rules (e.g. 
otherWorkspace. *.r* *), the layer preview list will be empty. Only if the 
user’s roles match a rule that overrides the single-layer rule (e.g. 
myWorkspace.*.r ) then the layer preview list will be displayed correctly.

Please note that this error only involves the “Layer Preview“ page. The 
authorisations for the layers provided by wms o wfs services are applied 
properly.

I faced this error with different kind of users and different kind of 
authentications. I tried both with users and roles defined locally on the 
geoserver and with users and roles provided by Active Directory.

( 
https://osgeo-org.atlassian.net/browse/GEOS-10918#add-comment?atlOrigin=eyJpIjoiYjI5NjJlNmYwYTYwNDJkZjk1NjE1NDk2MmE0Y2U4NTIiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-10918#add-comment?atlOrigin=eyJpIjoiYjI5NjJlNmYwYTYwNDJkZjk1NjE1NDk2MmE0Y2U4NTIiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100219- 
sha1:6a6077b )

_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

[Geoserver-devel] [JIRA] (GEOS-10918) Layer preview list empty if authorization rule is specific for a single layer

Reply via email to