geowolf wrote > On Wed, Jul 8, 2015 at 1:39 PM, Mikael Karlsson <
> mikael.karlsson@ > > > wrote: > >> It sounds logical. Feel like more people should come across this >> problem, no one managed to winkle a workaround for it? >> > > I don't think a workaround is possible, the threads doing the seeding are > completely isolated from the request cycles, you either > pass some information explicitly, or it cannot get there. > The change per se should not be too hard, but as usual, a very small > portion of the community is willing/able > to contribute a change, or to sponsor one via commercial support. > > Cheers > Andrea 3 years later, and I believe that we have a simple work-around for this problem that still exists in GeoServer/GeoWebCache. As a brief recap, if a GS layer is secured under menu item Security > Data, then when a seeding task is initiated in GWC, the following error is logged in GS: > Cannot access layer XYZ as anonymous As Andrea mentions above, this is because the Spring Authentication object is not fed into the seeding threads. This can be solved by 3 lines of code in https://github.com/GeoWebCache/geowebcache/blob/master/geowebcache/rest/src/main/java/org/geowebcache/rest/service/FormService.java#L225: > Authentication authentication = > SecurityContextHolder.getContext().getAuthentication(); > SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL); > SecurityContextHolder.getContext().setAuthentication(authentication); But there's an even easier, non-code solution, and that is to insert the following bean into geoserver/WEB-INF/dispatcher-servlet.xml, which currently does not have any beans: > > <bean > class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> > > <property name="targetClass" > value="org.springframework.security.core.context.SecurityContextHolder" /> > > <property name="targetMethod" value="setStrategyName" /> > > <property name="arguments" value="MODE_INHERITABLETHREADLOCAL" /> > > </bean> We have tested this in production, and if you initiate the seeding task while logged in as (or POST with the credentials of) a user with access to the layer, this Authentication object will be copied into the seeding threads, and it works 100% correctly. I really hope this helps someone else. My company, AfriGIS, has spent many hours looking for a solution. Regards Peter Smythe AfriGIS South Africa -- Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users