Hi Darell and Harleen,
it seems you're on to something. Wondering, can it be reproduced without
GeoFence in the mix?
It would be useful to have a script that reproduces the problem on a
vanilla GeoServer installation, if that can be done
please open a ticket with it at:
https://osgeo-org.atlassian.net/projects/GEOS/summary
Darell, this list offers volountary support, which does not do "urgent"
(well, not with guarantees at least, it can happen of course).
If you're in a hurry I'd suggest you also check
http://geoserver.org/support/
Cheers
Andrea
On Tue, Jan 23, 2018 at 1:50 AM, Harleen Lappano <hlapp...@cssflorida.net>
wrote:
> Hey Darell,
>
> I'm not a expert on Geoserver. However, funny story is that I ran into
> this same issue last Friday as we were pushing our changes to our
> production.
> We are using Geoserver 2.9.1 for our product. I don't remember the tomcat
> version.
>
> If it wasn't for your email, we would have been still trying to trace down
> all our changes and deltas we made for this push window, so I appreciate
> that you posted this it helped us narrow down and push pass this issue.
>
> We were adding authentication to our geoserver with geofence so we can add
> users using the REST api. I did a similar script where I pulled our
> existing users in our system to also add them to the geoserver's user list
> using REST api. At some point in our process we had a total lock down on
> our geoserver in production. So just to see I ran a script on our dev box
> to add 200 random users to the geoserver and was able to reproduce what
> happened in our production.
>
> This is what we did based on our observations of the problem and it seemed
> to get pass this issue for now. We are still running tests this week on our
> product, however, mabe it will help you get along as well.
> We are thinking that there might be an issue in geoserver regarding the
> users.xml or roles.xml. It seems like the 3 components that might be the
> cause are 1. Authentication Cache that runs every 10 minutes, 2. Our curl
> commands in our script that adds the user. and 3. The interval check for
> modifications on the users.xml or roles.xml. (these are the names we chose,
> but it is the xml that holds the user group service and the role server).
>
> In order for us to get back to an unlock state, I had to redeploy our
> GeoFence and security settings including the users.xml and roles.xml. I'm
> not sure what is in the set that causes the geoserver to unlock because we
> didn't trace it down that far.
> Then we went ahead and changed our config.xml for our user group and roles
> has (two config files):
> <checkInterval>0</checkInterval>
> <validating>false</validating>
>
> We weren't sure about validating, but we turned it off anyways. After that
> and a restart, we were able to run our script to add the users without any
> problems. I will add that in our script we added a second delay after each
> add. I noticed in the original time we did our script we ran into a stack
> overflow issue.
>
> After all this I think we are concluding that there might have been a lock
> on the file resource when reading and writing. However, this is just a
> hunch without further testing.
> Hopefully someone on this mailing list knows exactly what is happening.
>
>
>
> On Mon, Jan 22, 2018 at 5:02 AM, Darell van der Voort <darell...@gmail.com
> > wrote:
>
>> Hello everybody,
>>
>> I'm running Geoserver 2.11.2 on Java 1.8.0_144 32 bits on Amazon Linux
>> together with Tomcat 9. I have a very urgent problem.
>>
>> I have a Python script that uses the REST API to automatically create
>> users, set read/write permissions and create workspaces. I have been using
>> this for the last months without any problems. However today I had to
>> create 450+ accounts and workspace so I wrote a loop to generate the
>> accounts. This went flawless till about account 137. After that I got a
>> access denied:
>>
>> HTTP 403 status Forbidden
>> Access is denied
>> The server understood the request but refuses to authorize it.
>> Apache Tomcat/9.01
>>
>> Also when I log into the web interface using the admin account I cannot
>> access anything. The data is however still served. This leads me to believe
>> it is some kind of protection from Geoserver against DDoS or brute force
>> attacks. I do not have another account with admin rights.
>> How do I re-enable access to the Geoserver? I already tried restarting
>> the server instance, but no luck.
>>
>> Thanks!
>> Darell
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Geoserver-users mailing list
>>
>> Please make sure you read the following two resources before posting to
>> this list:
>> - Earning your support instead of buying it, but Ian Turton:
>> http://www.ianturton.com/talks/foss4g.html#/
>> - The GeoServer user list posting guidelines:
>> http://geoserver.org/comm/userlist-guidelines.html
>>
>> If you want to request a feature or an improvement, also see this:
>> https://github.com/geoserver/geoserver/wiki/Successfully-req
>> uesting-and-integrating-new-features-and-improvements-in-GeoServer
>>
>>
>> Geoserver-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>>
>
>
> --
> Regards,
> Harleen
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines: http://geoserver.org/comm/
> userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-
> requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
--
Regards,
Andrea Aime
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via di Montramito 3/A
55054 Massarosa (LU)
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
