Thanks for your input, Andrea I wonder whether it could have anything to do with a large number of roles (1000+) that have recently been added - see my other email: Large number of roles causes OutOfMemoryError and the Jira issue: https://osgeo-org.atlassian.net/browse/GEOS-11129
While I understand your explanation, I don't think I am confident/competent enough to attempt your possible solution, but I will look into it. Peter On Wed, 20 Sept 2023 at 14:48, Andrea Aime < andrea.a...@geosolutionsgroup.com> wrote: > I haven't witness it happen, but as far as I can see, the security system > is refusing access to the > layer because the current request does not contain any more the context of > the original WMS request: > it's not seen as a WMS request anymore, because it's happening after the > request is done, in a > post processing task (a different thread). > > I guess one could use ThreadLocalTransfer to transfer over the context of > the original request into the > background thread, there are examples of that in the codebase (e..g, in > the WPS module, which uses > background threads for everything). > > Cheers > Andrea > > > On Wed, Sep 20, 2023 at 12:50 PM Peter Smythe <g...@smythe.co.za> wrote: > >> Hi all >> >> The Monitor extension >> <https://fdfdfha.r.af.d.sendibt2.com/tr/cl/tX6qrfylNQ_VzgtK-9vu7h9msUEDhclz9VN8YgKVbEFrjHQXPsi1c4rM7Me-kxR_QAZsaw6zOI5sylbPqKpmLsQH2GzePSpXpwcKyaSGusoecmAvS8QpcxsfMjHLtXLIihB3HKdw9tq1ooPRhVz7wK8uJOSEEPXih2osZJW58xgbrJ9F-CMvcZVonp47EaKfWQ4KSQ0x2isIwoPsSuQCCaPnwyeajLNRhfUgH4wyBzTPo6aoG-gGaVx3x_lFmiOZjxsmdYM0CsFMW-aPzELyncKpI-kjB6KkIO0Odp1RpUD72DSn1g> >> is populating the GeoServer logs (PRODUCTION_LOGGING) with these error >> messages, yet the (very standard) GetMap requests are being executed >> correctly, without any errors, returning images with status code 200. The >> AuthKey >> module >> <https://fdfdfha.r.af.d.sendibt2.com/tr/cl/wKvNyqyiFKGYuYfijXahQ6pd9HIk4nNylrV4ISVzMxnAMFW3l3Z0eZzeO9JKVUvplx8RFyqmwnKO_khgGt40Udn29ChIccOO6QpMh61OeFQo7Q4Qm5MWeswi6mOGDAY92LKZkFRwYlFZvKE0rN1u_XgDcBt3XrkrqLKBQKxEW0J_FtWgQRrEwyULDTXj9c9D4fukPwztRTaNsbGKzbslys1CdYBgy-oIqk_OrFYn1SNHNUNNd20t4ZKl3tFnOUzpr_QIWM6u0b90YgsWydZyrl2OdEbOjPKGeNqSmom3otJPnA> >> is used, same as any other layer/workspace. Is this possibly a bug in the >> monitor extension, or a misconfiguration on our side? I believe the >> configuration is standard: >> >> $ cat monitor.properties >> storage=memory >> mode=history >> sync=async >> maxBodySize=1024 >> bboxLogCrs=EPSG:4326 >> bboxLogLevel=no_wfs >> >> Is there any way to fix the problem or to configure it not to throw these >> exceptions? >> >> Thanks >> >> Peter >> >> 20 Sep 09:46:45 WARN [geoserver.monitor] - Post process task failed >> org.springframework.security.access.AccessDeniedException: Cannot access >> ____<layername>______ with the current privileges >> at >> org.geoserver.security.SecureCatalogImpl.unauthorizedAccess(SecureCatalogImpl.java:1072) >> at >> org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:1046) >> at >> org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:925) >> at >> org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:715) >> at >> org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:603) >> at >> org.geoserver.security.SecureCatalogImpl.getLayerByName(SecureCatalogImpl.java:361) >> at >> org.geoserver.catalog.impl.AbstractFilteredCatalog.getLayerByName(AbstractFilteredCatalog.java:265) >> at >> org.geoserver.catalog.impl.AbstractCatalogDecorator.getLayerByName(AbstractCatalogDecorator.java:466) >> at >> org.geoserver.catalog.impl.LocalWorkspaceCatalog.getLayerByName(LocalWorkspaceCatalog.java:257) >> at >> org.geoserver.monitor.LayerNameNormalizer.run(LayerNameNormalizer.java:44) >> at >> org.geoserver.monitor.MonitorFilter$PostProcessTask.run(MonitorFilter.java:302) >> at >> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) >> at >> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) >> at java.base/java.lang.Thread.run(Thread.java:829) >> _______________________________________________ >> Geoserver-users mailing list >> >> Please make sure you read the following two resources before posting to >> this list: >> - Earning your support instead of buying it, but Ian Turton: >> http://www.ianturton.com/talks/foss4g.html#/ >> - The GeoServer user list posting guidelines: >> http://geoserver.org/comm/userlist-guidelines.html >> >> If you want to request a feature or an improvement, also see this: >> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >> >> >> Geoserver-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> > > > -- > > Regards, > > Andrea Aime > > == > GeoServer Professional Services from the experts! > > Visit http://bit.ly/gs-services-us for more information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions Group > phone: +39 0584 962313 > > fax: +39 0584 1660272 > > mob: +39 339 8844549 > > https://www.geosolutionsgroup.com/ > > http://twitter.com/geosolutions_it > > ------------------------------------------------------- > > Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE > 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si > precisa che ogni circostanza inerente alla presente email (il suo > contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è > riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il > messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra > operazione è illecita. Le sarei comunque grato se potesse darmene notizia. > > This email is intended only for the person or entity to which it is > addressed and may contain information that is privileged, confidential or > otherwise protected from disclosure. We remind that - as provided by > European Regulation 2016/679 “GDPR” - copying, dissemination or use of this > e-mail or the information herein by anyone other than the intended > recipient is prohibited. If you have received this email by mistake, please > notify us immediately by telephone or e-mail >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
