Re: [Geoserver-users] use database view as layer i.c. with generated key sequence: unsupported feature with RETURNING clause

[Andrea Aime]

On Mon, Jun 11, 2018 at 6:46 PM, Siwi Wiebesella 
wrote:

> Does anybody know if there is a way to make this work, e.g. for our
> customer changing the GeoServer code ourselves, and thus create our “own”
> version of GeoServer is no option. Stop using the views would imply extra
> WFS-T insert calls from our FrontEnd Application.
>
I think this will require modifications to the code, so you either do them
and contribute them according to
the rules (CLA, testing, formatting, and so on), or you'll have to ask
someone providing commercial support
to do the same.

References:

   - Contributing to GeoTools (the code you need to modify is in there):
   https://github.com/geotools/geotools/blob/master/CONTRIBUTING.md
   - Commercial support: http://geoserver.org/support/

Hope this helps

Cheers
Andrea

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information. == Ing. Andrea Aime @geowolf Technical Lead
GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39
0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549
http://www.geo-solutions.it http://twitter.com/geosolutions_it
--- *Con riferimento
alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 -
Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni
circostanza inerente alla presente email (il suo contenuto, gli eventuali
allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i
destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per
errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le
sarei comunque grato se potesse darmene notizia. This email is intended
only for the person or entity to which it is addressed and may contain
information that is privileged, confidential or otherwise protected from
disclosure. We remind that - as provided by European Regulation 2016/679
“GDPR” - copying, dissemination or use of this e-mail or the information
herein by anyone other than the intended recipient is prohibited. If you
have received this email by mistake, please notify us immediately by
telephone or e-mail.*
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

[Geoserver-users] use database view as layer i.c. with generated key sequence: unsupported feature with RETURNING clause

[Siwi Wiebesella]

Hi,

We are working on a Frontend application, which adds new data to layers of
GeoServer. The Frontend is using WFS-T Insert calls to add this data. We
use views for these layers in GeoServer, to do some additional handling.
The views we use are database views thus created on our Oracle database
itself (e.g. we do not use the SQL Views of GeoServer). These layers based
on views work all fine (solution applied with a disabled “primary key” for
the view as described elsewhere on the internet).

The views we use contain an unique ID which is the unique ID of the
“principal” table which is used in the view. For the unique creation of the
ID’s for the “principal” table we chose to have the creation of this ID to
be done by a sequence defined in Oracle. For using this sequence within
GeoServer you can provide this “metadata” as indicated by the
documentation:
http://docs.geoserver.org/stable/en/user/data/database/primarykey.html

This solutions works fine, *except* when you use an (insert) trigger on the
database view, we have something like this:

*CREATE OR REPLACE TRIGGER OUR_VIEW_TRG*

*instead of insert or update or delete on vw_our_view*

*for each row….*

If we perform a WFS-T insert call this results in the following exception:

*org.geoserver.wfs.WFSTransactionException: Error performing insert: Error
inserting features*

*Error performing insert: Error inserting features*

*Error inserting features*

*ORA-22816: unsupported feature with RETURNING clause*

Without indicating GeoServer to use the sequence we get returned a feature
ID, which will not correspond with our sequence numbering on the ID of the
table (GeoServer simply returns the number of rows of the table, plus one).
This results in an undesired situation where we have an incorrect ID at the
Frontend after an WFS-T insert, only after a refresh of the browser the
correct ID is being fetched.

Does anybody know if there is a way to make this work, e.g. for our
customer changing the GeoServer code ourselves, and thus create our “own”
version of GeoServer is no option. Stop using the views would imply extra
WFS-T insert calls from our FrontEnd Application.

Kind regards,

Wiebe Geertsma
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] Known vulnerability in commons-fileupload v1.2.1, used by geoserver

[Chris Snider]

Andrea,

Pull request at: https://github.com/geoserver/geoserver.github.io/pull/65 when 
someone with write access is ready to review.

Jonathan,

I incorporated your suggestions to bold/italicize the updates.

Chris Snider
Senior Software Engineer
[cid:image001.png@01D2E6A5.9104F820]

From: Jonathan Moules [mailto:jonathan-li...@lightpear.com]
Sent: Sunday, June 10, 2018 1:17 PM
To: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Known vulnerability in commons-fileupload 
v1.2.1, used by geoserver


Chris, Andrea,

Good suggestion. If I could go one further, I'd suggest an explicit bold 
statement in the user/dev list sections saying not to post security stuff 
there. I.e.:
User List
This list is for end users blah blah blah Do Not report security 
vulnerabilities here. See the Security blah blah section

(and the same again in the Developer Lists box)

The problem with having a specific highlighted box is that some people (and I 
include myself in this) simply don't "see" them.
Cheers,
Jonathan
On 2018-06-07 15:18, Chris Snider wrote:
Andrea,

It took me a second to find the security block.  I completely overlooked the 
blue field.

Maybe add a new header under the “User List”
User List
This list is for end users blah blah blah

Reporting Security Vulnerabilities
If you encounter a security vulnerability blah blah blah

Posting Guidelines
Please read through etc. etc. etc.
Thought I’d say blah again didn’t you

Developer Lists
The rest of the page, and so on



This might draw attention?

Chris Snider
Senior Software Engineer
[cid:image001.png@01D2E6A5.9104F820]

From: Andrea Aime [mailto:andrea.a...@geo-solutions.it]
Sent: Thursday, June 07, 2018 12:23 AM
To: Dave Wichers 
Cc: 
geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Known vulnerability in commons-fileupload 
v1.2.1, used by geoserver

The comm page, where I believe you found info on registering for the user list,
has a clear warning not to post security vulnerabilities:

http://geoserver.org/comm/

"If you encounter a security vulnerability in GeoServer please take care to 
report the issue in a responsible fashion. Do not use the mailing list, go 
intead to the Jira bug tracker instead and follow the "Responsible disclosure" 
instructions there."

How do we make it more plain and evident so that grave mistakes do not occur 
anymore in the future?
Maybe we should switch the background color of that box to red...

Regards
Andrea






--

Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org! http://sdm.link/slashdot




___

Geoserver-users mailing list



Please make sure you read the following two resources before posting to this 
list:

- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/

- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html



If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer





Geoserver-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/geoserver-users

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users