Re: [Geoserver-users] Geoserver Header Auth

[J.Alejandro Martinez Linares]

Hi people, i have problem with the same topic, i am upgrading from 2.1.4
to 2.2 and then in 2.3.2, and i get problem to log in from web, i use
php and i have my own method to access geoserver and i give geoserver
the user and pass and it returned to me de jsession session and all
fine, but all that was in the 2.1.4 geoserver, in the 2.3.2 is no
working, my code is this

public static function loginGeoserver($username, $password)
    {
        $post_data['username'] = $username;
        $post_data['password'] = $password;
        foreach ($post_data as $key => $value) {
            $post_items[] = $key . '=' . $value;
        }
        $post_string = implode('&', $post_items);
        $curl_connection = curl_init('http://' . master::$host .
            '/geoserver/j_spring_security_check');
        curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
        curl_setopt($curl_connection, CURLOPT_USERAGENT,
            "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
        curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
        $result = curl_exec($curl_connection);
        $arrInfo = curl_getinfo($curl_connection);
       
        //die(print_r($arrInfo));
        $url = $arrInfo['url'];
        parse_str($url, $output);
        $trans = array("." => "_");
        $base = strtr(master::$host, $trans);


        if (master::getLoggedUser() != null) {
            if (master::getLoggedUser()->tieneRol("Operador"))
                $str = "http://"; . $base . "/geoserver/web/;jsessionid";
            $str = "http://"; . $base . "/geoserver/;jsessionid";

            curl_close($curl_connection);
            if (!empty($output[$str])) {
            } else {
                //header('Location:
/geoportal/index.php?page=home.home&Error=GeoserverDown');
                header('Location:
/personal/index.php?page=inicio&Error=GeoserverDown');
            }
            setcookie('JSESSIONID', $output[$str], 0, '/geoserver');
            setcookie('JSESSIONID', $output[$str], 0, '/');
        } else {
            return null;
        }

    }

please help this is important to me.

thanks

El 20/05/13 04:18, Thomas Colley escribió:
>
> Hi Christian / Andrea (sorry for not replying sooner)
>
>  
>
> Thanks for your replies. I currently have the default filter chain set
> as follows:
>
>  
>
> Proxy
>
> Basic
>
> Anonymous
>
>  
>
> The only other options are form authentication and rememberme.
>
>  
>
> Once the header has been sent (when requesting getcapabilities) any
> subsequent getmap requests are fine but the getfeatureinfo request
> fails if there are any layers that need authentication visible on the map.
>
>  
>
> Andrea's suggestion that the GET request isn't keeping the
> header/cookie sounds about right. I could route each getfeatureinfo
>  request through a proxy to add the header in the same way as I do for
> the getcapabilities but I was hoping there might be another way.
>
>  
>
> The version of GeoServer is 2.2.4
>
>  
>
> Thanks for the help
>
>  
>
> Tom
>
>  
>
>  
>
>  
>
> *From:*Christian Mueller [mailto:christian.muel...@os-solutions.at]
> *Sent:* 18 May 2013 10:18
> *To:* Andrea Aime
> *Cc:* Thomas Colley; GeoServer Mailing List List
> *Subject:* Re: [Geoserver-users] Geoserver Header Auth
>
>  
>
> As Andrea already mentioned,  the header has to be present in each
> request but only if the security filter chain does not allow to create
> an HTTP session. (Out of the box, HTTP session creation is only
> allowed for the "web" filter chain). 
>
>  
>
> If you allow HTTP session creation on the "default" filter chain, you
> need to send the header only once, subsequent calls will use a session
> cookie.
>
>  
>
> Cheers
>
> Christian
>
>  
>
>  
>
> 2013/5/14 Andrea Aime <andrea.a...@geo-solutions.it
> <mailto:andrea.a...@geo-solutions.it>>
>
> On Tue, May 14, 2013 at 9:07 AM, Thomas Colley
> <it...@neath-porttalbot.gov.uk <mailto:it...@neath-porttalbot.gov.uk>>
> wrote:
>
>     Is this expected behaviour? I was expecting either all requests to
>     fail after the initial GetCapabilities or that once authenticated
>     geoserver would 'remember' the header and everything would work.
>
>  
>
> Hum, not sure, but normally GetFeatureInfo is done as an ajax request.
> Wondering if the header is kept when you follow the ajax code path?
>
> Afaik the header should still be present in each request.
>
>  
>
> Cheers
>
> Andrea
>
>  
>
> -- 
>
> ==
>
> GeoServer training in Milan, 6th & 7th June 2013!
>  Visit http://geoserver.geo-solutions.it
> <http://geoserver.geo-solutions.it/> for more information.
> ==
>
>  
>
> Ing. Andrea Aime 
>
> @geowolf
>
> Technical Lead
>
>  
>
> GeoSolutions S.A.S.
>
> Via Poggio alle Viti 1187
>
> 55054  Massarosa (LU)
>
> Italy
>
> phone: +39 0584 962313 <tel:%2B39%200584%20962313>
>
> fax: +39 0584 1660272 <tel:%2B39%200584%201660272>
>
> mob: +39  339 8844549 <tel:%2B39%20%C2%A0339%208844549>
>
>  
>
> http://www.geo-solutions.it
>
> http://twitter.com/geosolutions_it
>
>  
>
> -------------------------------------------------------
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> Geoserver-users mailing list
> Geoserver-users@lists.sourceforge.net
> <mailto:Geoserver-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
>
>  
>
> -- 
>
> DI Christian Mueller MSc (GIS), MSc (IT-Security)
>
> OSS Open Source Solutions GmbH
>
>  
>
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
>
>
> _______________________________________________
> Geoserver-users mailing list
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users


--

Este mensaje le ha llegado mediante el servicio de correo electronico que 
ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema 
Nacional de Salud. La persona que envia este correo asume el compromiso de usar 
el servicio a tales fines y cumplir con las regulaciones establecidas

Infomed: http://www.sld.cu/

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users