Re: [Geoserver-users] Installing Geoserver 2.23.2 into Tomcat 10.1.13

[Jody Garnett]

 GeoServer cannot be deployed in Tomcat 10.x presently as we have not made
the migration to Jakarta yet.

Please see https://github.com/geoserver/geoserver/wiki/Jakarta-EE as we
begin to outline the work required.
--
Jody Garnett


On Sep 20, 2023 at 5:46:14 PM, "Humphries, Graham" <
graham.humphr...@stategrowth.tas.gov.au> wrote:

> My dev environment has been upgraded to use java11. This is so I can
> deploy the latest version of Geoserver (2.23.2)
>
>
>
> The server I am running is:
>
> OS: SunOS version 5.11
>
> Tomcat v 10.1.13
>
> JVM 11.0.20.1+1-LTS
>
>
>
> Geoserver failed to start when deployed with error messages like this:
>
> 21-Sep-2023 09:16:46.156 SEVERE [http-nio-8080-exec-34]
> org.apache.catalina.core.StandardContext.listenerStart Error configuring
> application listener of class
> [org.springframework.web.context.request.RequestContextListener]
>
> java.lang.NoClassDefFoundError:
> javax/servlet/ServletRequestListener
>
>
>
> Having looked into why this was happening it seems Tomcat 10.x has
> replaced java/servlet with Jakarta/servlet.
>
>
>
> The Geoserver documentation for Web archives states:
>
> *Note*
>
>
>
> GeoServer has been mostly tested using Tomcat, and so is the recommended
> application server. GeoServer requires a newer version of Tomcat (7.0.65 or
> later) that implements Servlet 3 and annotation processing. Other
> application servers have been known to work, but are not guaranteed.
>
> Having followed the Tomcat documentation for migrating from 9.x to 10.x
> Geoserver has successfully deployed and is now working.
>
>
>
> Is this how Geoserver needs to be deployed into Tomcat 10.x for the time
> being?
>
>
>
> Regards,
>
>
>
> Graham Humphries | System Analyst
>
> Department of State Growth
>
> 4 Salamanca Place, Hobart TAS 7000 | GPO Box 536, Hobart TAS 7001
>
>
>
> *In recognition of the deep history and culture of this island, I
> acknowledge and pay my respects to all Tasmanian Aboriginal people; the
> past, and present custodians of the Land.*
>
>
>
> --
>
> CONFIDENTIALITY NOTICE AND DISCLAIMER
> The information in this transmission may be confidential and/or protected
> by legal professional privilege, and is intended only for the person or
> persons to whom it is addressed. If you are not such a person, you are
> warned that any disclosure, copying or dissemination of the information is
> unauthorised. If you have received the transmission in error, please
> immediately contact this office by telephone, fax or email, to inform us of
> the error and to enable arrangements to be made for the destruction of the
> transmission, or its return at our cost. No liability is accepted for any
> unauthorised use of the information contained in this transmission.
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] Installing Geoserver 2.23.2 into Tomcat 10.1.13

[Humphries, Graham]

My dev environment has been upgraded to use java11. This is so I can deploy the 
latest version of Geoserver (2.23.2)

The server I am running is:
OS: SunOS version 5.11
Tomcat v 10.1.13
JVM 11.0.20.1+1-LTS

Geoserver failed to start when deployed with error messages like this:
21-Sep-2023 09:16:46.156 SEVERE [http-nio-8080-exec-34] 
org.apache.catalina.core.StandardContext.listenerStart Error configuring 
application listener of class 
[org.springframework.web.context.request.RequestContextListener]
java.lang.NoClassDefFoundError: 
javax/servlet/ServletRequestListener

Having looked into why this was happening it seems Tomcat 10.x has replaced 
java/servlet with Jakarta/servlet.

The Geoserver documentation for Web archives states:
Note

GeoServer has been mostly tested using Tomcat, and so is the recommended 
application server. GeoServer requires a newer version of Tomcat (7.0.65 or 
later) that implements Servlet 3 and annotation processing. Other application 
servers have been known to work, but are not guaranteed.
Having followed the Tomcat documentation for migrating from 9.x to 10.x 
Geoserver has successfully deployed and is now working.

Is this how Geoserver needs to be deployed into Tomcat 10.x for the time being?

Regards,

Graham Humphries | System Analyst
Department of State Growth
4 Salamanca Place, Hobart TAS 7000 | GPO Box 536, Hobart TAS 7001

In recognition of the deep history and culture of this island, I acknowledge 
and pay my respects to all Tasmanian Aboriginal people; the past, and present 
custodians of the Land.




CONFIDENTIALITY NOTICE AND DISCLAIMER
The information in this transmission may be confidential and/or protected by 
legal professional privilege, and is intended only for the person or persons to 
whom it is addressed. If you are not such a person, you are warned that any 
disclosure, copying or dissemination of the information is unauthorised. If you 
have received the transmission in error, please immediately contact this office 
by telephone, fax or email, to inform us of the error and to enable 
arrangements to be made for the destruction of the transmission, or its return 
at our cost. No liability is accepted for any unauthorised use of the 
information contained in this transmission.
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Monitor extension throws AccessDeniedException

[Peter Smythe]

Thanks for your input, Andrea

I wonder whether it could have anything to do with a large number of roles
(1000+) that have recently been added - see my other email: Large number of
roles causes OutOfMemoryError and the Jira issue:
https://osgeo-org.atlassian.net/browse/GEOS-11129

While I understand your explanation, I don't think I am confident/competent
enough to attempt your possible solution, but I will look into it.

Peter

On Wed, 20 Sept 2023 at 14:48, Andrea Aime <
andrea.a...@geosolutionsgroup.com> wrote:

> I haven't witness it happen, but as far as I can see, the security system
> is refusing access to the
> layer because the current request does not contain any more the context of
> the original WMS request:
> it's not seen as a WMS request anymore, because it's happening after the
> request is done, in a
> post processing task (a different thread).
>
> I guess one could use ThreadLocalTransfer to transfer over the context of
> the original request into the
> background thread, there are examples of that in the codebase (e..g, in
> the WPS module, which uses
> background threads for everything).
>
> Cheers
> Andrea
>
>
> On Wed, Sep 20, 2023 at 12:50 PM Peter Smythe  wrote:
>
>> Hi all
>>
>> The Monitor extension
>> 
>> is populating the GeoServer logs (PRODUCTION_LOGGING) with these error
>> messages, yet the (very standard) GetMap requests are being executed
>> correctly, without any errors, returning images with status code 200.  The 
>> AuthKey
>> module
>> 
>> is used, same as any other layer/workspace.  Is this possibly a bug in the
>> monitor extension, or a misconfiguration on our side?  I believe the
>> configuration is standard:
>>
>> $ cat monitor.properties
>> storage=memory
>> mode=history
>> sync=async
>> maxBodySize=1024
>> bboxLogCrs=EPSG:4326
>> bboxLogLevel=no_wfs
>>
>> Is there any way to fix the problem or to configure it not to throw these
>> exceptions?
>>
>> Thanks
>>
>> Peter
>>
>> 20 Sep 09:46:45 WARN   [geoserver.monitor] - Post process task failed
>> org.springframework.security.access.AccessDeniedException: Cannot access
>> __ with the current privileges
>> at
>> org.geoserver.security.SecureCatalogImpl.unauthorizedAccess(SecureCatalogImpl.java:1072)
>> at
>> org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:1046)
>> at
>> org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:925)
>> at
>> org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:715)
>> at
>> org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:603)
>> at
>> org.geoserver.security.SecureCatalogImpl.getLayerByName(SecureCatalogImpl.java:361)
>> at
>> org.geoserver.catalog.impl.AbstractFilteredCatalog.getLayerByName(AbstractFilteredCatalog.java:265)
>> at
>> org.geoserver.catalog.impl.AbstractCatalogDecorator.getLayerByName(AbstractCatalogDecorator.java:466)
>> at
>> org.geoserver.catalog.impl.LocalWorkspaceCatalog.getLayerByName(LocalWorkspaceCatalog.java:257)
>> at
>> org.geoserver.monitor.LayerNameNormalizer.run(LayerNameNormalizer.java:44)
>> at
>> org.geoserver.monitor.MonitorFilter$PostProcessTask.run(MonitorFilter.java:302)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>> at
>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>> at java.base/java.lang.Thread.run(Thread.java:829)
>> ___
>> Geoserver-users mailing list
>>
>> Please make sure you read the following two resources before posting to
>> this list:
>> - Earning your support instead of buying it, but Ian Turton:
>> http://www.ianturton.com/talks/foss4g.html#/
>> - The GeoServer user list posting guidelines:
>> http://geoserver.org/comm/userlist-guidelines.html
>>
>> If you want to request a feature or an improvement, also see this:
>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>
>>
>> Geoserver-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>
>
>
> --
>
> Regards,
>
> Andrea Aime
>
> ==
> GeoServer Professional Services from the experts!
>
> Visit http://bit.ly/gs-services-us for 

[Geoserver-users] Large number of roles causes OutOfMemoryError

[Peter Smythe]

Firstly, what is a large number of roles?   I believe GeoServer works fine
with tens of thousands of layers, and if you have rather fine granular
ACLs, that is a similar number of roles.

However, we currently have around 1000 roles, and while most of the
GeoServer GUI is paged and can handle that many entries, one in particular
is not:

The (relatively new) Security tab, when editing a layer:

[image: image.png]
I believe this tab really struggles when accessing around 500 roles.  Is
that a reasonable number?

I would appreciate users replying to this email to see the upper limit of
what still works for them.  Perhaps let's start with anything above 100
roles - that is perfectly manageable, I think.

I have captured the issue (and how to reproduce it with the default data
config) in Jira: https://osgeo-org.atlassian.net/browse/GEOS-11129

Thanks

Peter

___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] HTTPS to GeoServer Docker

[Peter Smythe]

Hi Brian

You should be looking for Traefik proxy:
https://github.com/traefik/traefik/releases

Peter

On Wed, 20 Sept 2023 at 17:48, brian--- via Geoserver-users <
geoserver-users@lists.sourceforge.net> wrote:

> I used nginx for several years as my reverse proxy, it was fine but the
> setup required making changes to the compose files for the services.
> Same with a caddy based solution. My varnish setup requires varnish
> to know about the services, but the services don't require any changes.
>
> Whatever you do, don't make the mistake I made, I tried to use the nginx
> reverse-proxy to do static content delivery too. It's better to run two
> completely separate containers, one for the proxy and one for content.
> It's more manageable.
>
> This nginx setup works great, I like how it automatically interfaces to
> Let's Encrypt:
> http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/
>
> I have not tried Traefik, but there appears to be a paywall ("get
> pricing") in front of it, is there a free version?
>
>
> Brian
>
>
>
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>

___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] HTTPS to GeoServer Docker

[brian--- via Geoserver-users]

Why? if it's public data...


My Esri server has HTTPS turned on, and it won't touch servers that 
are not HTTPS, so I can't use my own services unless they are encrypted.


Brian




___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] HTTPS to GeoServer Docker

[brian--- via Geoserver-users]

I used nginx for several years as my reverse proxy, it was fine but the 
setup required making changes to the compose files for the services.

Same with a caddy based solution. My varnish setup requires varnish
to know about the services, but the services don't require any changes.

Whatever you do, don't make the mistake I made, I tried to use the nginx 
reverse-proxy to do static content delivery too. It's better to run two
completely separate containers, one for the proxy and one for content. 
It's more manageable.


This nginx setup works great, I like how it automatically interfaces to 
Let's Encrypt: http://jasonwilder.com/blog/2014/03/25/automated-nginx-reverse-proxy-for-docker/


I have not tried Traefik, but there appears to be a paywall ("get 
pricing") in front of it, is there a free version?



Brian



___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] HTTPS to GeoServer Docker

[Adam Cooper]

Thanks for comments. The direction seems clear now!

FWIW, I expect to use Azure, for which this resource describes the use 
of a "sidecar" container with Nginx doing reverse proxy to enforce 
HTTPS: 
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-group-ssl


Cheers, Adam

On 20/09/2023 14:21, Andrea Aime wrote:
In my experience HTTPS is managed in a proxy in front of GeoServer, 
which can be set up

using a docker-compose with the proxy being another docker image.

Here is an example of a compose with a proxy from the GeoSolutions 
docker image repository:

https://github.com/geosolutions-it/docker-geoserver/blob/master/docker-compose.yml

Slap on top of it an example of how to set up SSL certificates for 
nginx (a much more command find) and you're in business.
E.g. first link returned by a Google search: 
https://faun.pub/setting-up-ssl-certificates-for-nginx-in-docker-environ-e7eec5ebb418?gi=ca3c5d6589f0


Cheers
Andrea




On Tue, Sep 19, 2023 at 8:57 PM Adam Cooper  
wrote:


I am exploring options for a relatively low-usage service
requiring low
levels of infrastructure setup and maintenance (the data is
related to a
local history society).

GeoServer docker image appears to be perfect except that I observe it
serves unencrypted data. This is not acceptable in 2023 on the
grounds
of security and privacy. I have not been able to find how to start
the
container such that HTTPS is the exclusive means of access.

Is this possible? (I think it really should be!)

Thanks in advance, Adam




___
Geoserver-users mailing list

Please make sure you read the following two resources before
posting to this list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this:

https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users



--

Regards,

Andrea Aime

==GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for 
more information.==Ing. Andrea Aime @geowolfTechnical Lead


GeoSolutions Groupphone: +39 0584 962313

fax:     +39 0584 1660272

mob:   +39  339 8844549


https://www.geosolutionsgroup.com/ 

http://twitter.com/geosolutions_it 

---


Con riferimento alla normativa sul trattamento dei dati personali 
(Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati 
“GDPR”), si precisa che ogni circostanza inerente alla presente email 
(il suo contenuto, gli eventuali allegati, etc.) è un dato la cui 
conoscenza è riservata al/i solo/i destinatario/i indicati dallo 
scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a 
cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato 
se potesse darmene notizia.This email is intended only for the person 
or entity to which it is addressed and may contain information that is 
privileged, confidential or otherwise protected from disclosure. We 
remind that - as provided by European Regulation 2016/679 “GDPR” - 
copying, dissemination or use of this e-mail or the information herein 
by anyone other than the intended recipient is prohibited. If you have 
received this email by mistake, please notify us immediately by 
telephone or e-mail


___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] HTTPS to GeoServer Docker

[Andrea Aime]

In my experience HTTPS is managed in a proxy in front of GeoServer, which
can be set up
using a docker-compose with the proxy being another docker image.

Here is an example of a compose with a proxy from the GeoSolutions docker
image repository:
https://github.com/geosolutions-it/docker-geoserver/blob/master/docker-compose.yml

Slap on top of it an example of how to set up SSL certificates for nginx (a
much more command find) and you're in business.
E.g. first link returned by a Google search:
https://faun.pub/setting-up-ssl-certificates-for-nginx-in-docker-environ-e7eec5ebb418?gi=ca3c5d6589f0

Cheers
Andrea




On Tue, Sep 19, 2023 at 8:57 PM Adam Cooper 
wrote:

> I am exploring options for a relatively low-usage service requiring low
> levels of infrastructure setup and maintenance (the data is related to a
> local history society).
>
> GeoServer docker image appears to be perfect except that I observe it
> serves unencrypted data. This is not acceptable in 2023 on the grounds
> of security and privacy. I have not been able to find how to start the
> container such that HTTPS is the exclusive means of access.
>
> Is this possible? (I think it really should be!)
>
> Thanks in advance, Adam
>
>
>
>
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>


-- 

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob:   +39  339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Monitor extension throws AccessDeniedException

[Andrea Aime]

I haven't witness it happen, but as far as I can see, the security system
is refusing access to the
layer because the current request does not contain any more the context of
the original WMS request:
it's not seen as a WMS request anymore, because it's happening after the
request is done, in a
post processing task (a different thread).

I guess one could use ThreadLocalTransfer to transfer over the context of
the original request into the
background thread, there are examples of that in the codebase (e..g, in the
WPS module, which uses
background threads for everything).

Cheers
Andrea


On Wed, Sep 20, 2023 at 12:50 PM Peter Smythe  wrote:

> Hi all
>
> The Monitor extension
> 
> is populating the GeoServer logs (PRODUCTION_LOGGING) with these error
> messages, yet the (very standard) GetMap requests are being executed
> correctly, without any errors, returning images with status code 200.  The 
> AuthKey
> module
> 
> is used, same as any other layer/workspace.  Is this possibly a bug in the
> monitor extension, or a misconfiguration on our side?  I believe the
> configuration is standard:
>
> $ cat monitor.properties
> storage=memory
> mode=history
> sync=async
> maxBodySize=1024
> bboxLogCrs=EPSG:4326
> bboxLogLevel=no_wfs
>
> Is there any way to fix the problem or to configure it not to throw these
> exceptions?
>
> Thanks
>
> Peter
>
> 20 Sep 09:46:45 WARN   [geoserver.monitor] - Post process task failed
> org.springframework.security.access.AccessDeniedException: Cannot access
> __ with the current privileges
> at
> org.geoserver.security.SecureCatalogImpl.unauthorizedAccess(SecureCatalogImpl.java:1072)
> at
> org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:1046)
> at
> org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:925)
> at
> org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:715)
> at
> org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:603)
> at
> org.geoserver.security.SecureCatalogImpl.getLayerByName(SecureCatalogImpl.java:361)
> at
> org.geoserver.catalog.impl.AbstractFilteredCatalog.getLayerByName(AbstractFilteredCatalog.java:265)
> at
> org.geoserver.catalog.impl.AbstractCatalogDecorator.getLayerByName(AbstractCatalogDecorator.java:466)
> at
> org.geoserver.catalog.impl.LocalWorkspaceCatalog.getLayerByName(LocalWorkspaceCatalog.java:257)
> at
> org.geoserver.monitor.LayerNameNormalizer.run(LayerNameNormalizer.java:44)
> at
> org.geoserver.monitor.MonitorFilter$PostProcessTask.run(MonitorFilter.java:302)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>


-- 

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob:   +39  339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio L

Re: [Geoserver-users] HTTPS to GeoServer Docker

[mark]

Op 19-09-2023 om 20:38 schreef Adam Cooper:
I am exploring options for a relatively low-usage service requiring low 
levels of infrastructure setup and maintenance (the data is related to a 
local history society).


GeoServer docker image appears to be perfect except that I observe it 
serves unencrypted data. This is not acceptable in 2023 on the grounds 
of security and privacy. 


Why? if it's public data...

I have not been able to find how to start the 
container such that HTTPS is the exclusive means of access.


Is this possible? (I think it really should be!)


It's not and it would be a total pain to set up and maintain/manage;

Various solutions using reverse proxy have passed; I would like to add 
Traefik (https://traefik.io/) to that which will do automatic 
certificate management eg. using Let's Encrypt cerificates.


Mark



___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] Monitor extension throws AccessDeniedException

[Peter Smythe]

Hi all

The Monitor extension

is populating the GeoServer logs (PRODUCTION_LOGGING) with these error
messages, yet the (very standard) GetMap requests are being executed
correctly, without any errors, returning images with status code 200.
The AuthKey
module
 is
used, same as any other layer/workspace.  Is this possibly a bug in the
monitor extension, or a misconfiguration on our side?  I believe the
configuration is standard:

$ cat monitor.properties
storage=memory
mode=history
sync=async
maxBodySize=1024
bboxLogCrs=EPSG:4326
bboxLogLevel=no_wfs

Is there any way to fix the problem or to configure it not to throw these
exceptions?

Thanks

Peter

20 Sep 09:46:45 WARN   [geoserver.monitor] - Post process task failed
org.springframework.security.access.AccessDeniedException: Cannot access
__ with the current privileges
at
org.geoserver.security.SecureCatalogImpl.unauthorizedAccess(SecureCatalogImpl.java:1072)
at
org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:1046)
at
org.geoserver.security.SecureCatalogImpl.buildWrapperPolicy(SecureCatalogImpl.java:925)
at
org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:715)
at
org.geoserver.security.SecureCatalogImpl.checkAccess(SecureCatalogImpl.java:603)
at
org.geoserver.security.SecureCatalogImpl.getLayerByName(SecureCatalogImpl.java:361)
at
org.geoserver.catalog.impl.AbstractFilteredCatalog.getLayerByName(AbstractFilteredCatalog.java:265)
at
org.geoserver.catalog.impl.AbstractCatalogDecorator.getLayerByName(AbstractCatalogDecorator.java:466)
at
org.geoserver.catalog.impl.LocalWorkspaceCatalog.getLayerByName(LocalWorkspaceCatalog.java:257)
at
org.geoserver.monitor.LayerNameNormalizer.run(LayerNameNormalizer.java:44)
at
org.geoserver.monitor.MonitorFilter$PostProcessTask.run(MonitorFilter.java:302)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)

___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users