[GeoNetwork-devel] GeoNetwork 3 - xml services, j spring security

Hi María,

you were right, there wasn’t anything about wrong authentication, I was just confused because of the 302 response code (I am not that experienced and this was my first encounter with http requests).

It took me a while, but I finally managed to get it working again, here is the code (for others with similar problem and a lack of experience )

public Cookie userLogin(String userName, String password, String geonetworkLocation) {
Cookie cookieValue = null;
try {
String url = geonetworkLocation + “/j_spring_security_check”;
String logininfo = “username=”+URLEncoder.encode(UserName,“UTF-8”)+“&password=”+URLEncoder.encode(password,“UTF-8”);

// HttpPost httppost = new HttpPost(“http://localhost:8080/geonetwork/j_spring_security_check”);
HttpPost httppost = new HttpPost(geonetworkLocation + “/j_spring_security_check”);

httppost.setHeader(“Content-Type”, “application/x-www-form-urlencoded”);
StringEntity entity = new StringEntity(logininfo, “UTF-8”);
httppost.setEntity(entity);
DefaultHttpClient httpclient = new DefaultHttpClient();
cookieValue = httpclient.getCookieStore().getCookies().get(0);
httpclient.getConnectionManager().shutdown();
} catch (IOException e) {
logger.error(e);
}
return cookieValue;
}
<<<<

Thank you very much for your help

Jaroslav

On Thu, Jul 16, 2015 at 4:36 PM María Arias de Reyna <delawen@anonymised.com> wrote:

Hi,

I don’t see anything on the log that says wrong authentication. But
maybe I am just a bit tired today :slight_smile:

Basic Authentication is the ugly authentication that pops out a
username and password alert window on the browser. But you can skip
that window if you add the proper header. It is the most easy
authentication system (although it is not the most secure).

It looks it is enabled by default:
https://github.com/geonetwork/core-geonetwork/blob/develop/web/src/main/webapp/WEB-INF/config-security/config-security-core.xml#L72

More info:
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/basic.html

Good luck!
María.

On Thu, Jul 16, 2015 at 4:22 PM, Jaroslav Urik <jarda.urik@anonymised.com> wrote:

Hi again Maria,

I don’t think that the login is succesfull - here is the log

DEBUG [2015 07 16 - 16:10:59,895] [main]: >> POST
/geonetwork/srv/eng/j_spring_security_check HTTP/1.1
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Content-Length: 71
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Content-Type: application/xml
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Host: localhost:8080
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Connection: Keep-Alive
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> User-Agent:
Apache-HttpClient/4.5 (Java/1.7.0)
DEBUG [2015 07 16 - 16:10:59,895] [main]: >>
“adminadmin”
DEBUG [2015 07 16 - 16:10:59,895] [main]: << “HTTP/1.1 302 Found[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Server:
Apache-Coyote/1.1[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Set-Cookie:
JSESSIONID=D1B33172DE63487A8D16B28BF9C9AACE; Path=/geonetwork/;
HttpOnly[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Location:
http://localhost:8080/geonetwork/login.jsp;jsessionid=D1B33172DE63487A8D16B28BF9C9AACE?node=srv[\r][\n]
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Content-Length: 0[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Date: Thu, 16 Jul 2015
14:10:59 GMT[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: Cookie accepted
[JSESSIONID=“D1B33172DE63487A8D16B28BF9C9AACE”, version:0, domain:localhost,
path:/geonetwork/, expiry:null]
DEBUG [2015 07 16 - 16:10:59,905] [main]: Connection can be kept alive
indefinitely
DEBUG [2015 07 16 - 16:10:59,925] [main]: Releasing connection
org.apache.http.impl.conn.ManagedClientConnectionImpl@anonymised.com
<<<<

No, I haven’t tried any other way (as I mentioned earlier, I inherited this,
so I tried the previous admin’s way), but I would be really glad if there
were some easy way of inserting (only inserting is enough) new metadata
records to GeoNetwork 3. Could you please tell me more about the basic
authentication, or point me to some documentation?

Thank you very much

Jaroslav

On Thu, Jul 16, 2015 at 12:58 PM María Arias de Reyna <delawen@anonymised.com>
wrote:

On Thu, Jul 16, 2015 at 12:55 PM, Jaroslav Urik <jarda.urik@anonymised.com>
wrote:

Hi,
I’ve recently upgraded from GeoNetwork 2.8.0 to Geonetwork 3.0.1.
In v2.8 I’ve been using the GeoNetwork xml services to insert new
metadata (
xml.metadata.insert ).
Since my upgrade, this stopped working. I have learned, that GeoNetwork
started to use j_spring_security since v2.10, but even with that
knowledge I
wasn’t able to log-in and insert any data.
I am using Java and sending the request (login) to
http://localhost:8080/geonetwork/srv/eng/j_spring_security_check” which
returns code 302 (redirect).
I’ve been searching and trying for the past 2 days, but without any
luck.
Could someone please describe how to log-in and insert metadata in
v3.0.x
using either GN xml services or the CSW service?
Or at least tell me the correct url to send my POST requests to?
Thanks for any help

Jaroslav Urik

Hi again Jaroslav,

Even with the redirect 302, does it login successfully?

In any case, did you try the basic authentication instead of having to
go through the login and store the cookie for the metadata insert?

Regards,
María.

Hi again,

just correction for the code, there is one line “httpclient.execute(httppost);” missing:


DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.execute(httppost);
cookieValue = httpclient.getCookieStore().getCookies().get(0);

<<<

Thanks again

Jaroslav

On Wed, Jul 22, 2015 at 8:09 PM Jaroslav Urik <jarda.urik@anonymised.com> wrote:

Hi María,

you were right, there wasn’t anything about wrong authentication, I was just confused because of the 302 response code (I am not that experienced and this was my first encounter with http requests).

It took me a while, but I finally managed to get it working again, here is the code (for others with similar problem and a lack of experience )

public Cookie userLogin(String userName, String password, String geonetworkLocation) {
Cookie cookieValue = null;
try {
String url = geonetworkLocation + “/j_spring_security_check”;
String logininfo = “username=”+URLEncoder.encode(UserName,“UTF-8”)+“&password=”+URLEncoder.encode(password,“UTF-8”);

// HttpPost httppost = new HttpPost(“http://localhost:8080/geonetwork/j_spring_security_check”);
HttpPost httppost = new HttpPost(geonetworkLocation + “/j_spring_security_check”);

httppost.setHeader(“Content-Type”, “application/x-www-form-urlencoded”);
StringEntity entity = new StringEntity(logininfo, “UTF-8”);
httppost.setEntity(entity);
DefaultHttpClient httpclient = new DefaultHttpClient();
cookieValue = httpclient.getCookieStore().getCookies().get(0);
httpclient.getConnectionManager().shutdown();
} catch (IOException e) {
logger.error(e);
}
return cookieValue;
}
<<<<

Thank you very much for your help

Jaroslav

On Thu, Jul 16, 2015 at 4:36 PM María Arias de Reyna <delawen@anonymised.com> wrote:

Hi,

I don’t see anything on the log that says wrong authentication. But
maybe I am just a bit tired today :slight_smile:

Basic Authentication is the ugly authentication that pops out a
username and password alert window on the browser. But you can skip
that window if you add the proper header. It is the most easy
authentication system (although it is not the most secure).

It looks it is enabled by default:
https://github.com/geonetwork/core-geonetwork/blob/develop/web/src/main/webapp/WEB-INF/config-security/config-security-core.xml#L72

More info:
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/basic.html

Good luck!
María.

On Thu, Jul 16, 2015 at 4:22 PM, Jaroslav Urik <jarda.urik@anonymised.com> wrote:

Hi again Maria,

I don’t think that the login is succesfull - here is the log

DEBUG [2015 07 16 - 16:10:59,895] [main]: >> POST
/geonetwork/srv/eng/j_spring_security_check HTTP/1.1
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Content-Length: 71
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Content-Type: application/xml
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Host: localhost:8080
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> Connection: Keep-Alive
DEBUG [2015 07 16 - 16:10:59,895] [main]: >> User-Agent:
Apache-HttpClient/4.5 (Java/1.7.0)
DEBUG [2015 07 16 - 16:10:59,895] [main]: >>
“adminadmin”
DEBUG [2015 07 16 - 16:10:59,895] [main]: << “HTTP/1.1 302 Found[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Server:
Apache-Coyote/1.1[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Set-Cookie:
JSESSIONID=D1B33172DE63487A8D16B28BF9C9AACE; Path=/geonetwork/;
HttpOnly[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Location:
http://localhost:8080/geonetwork/login.jsp;jsessionid=D1B33172DE63487A8D16B28BF9C9AACE?node=srv[\r][\n]
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Content-Length: 0[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “Date: Thu, 16 Jul 2015
14:10:59 GMT[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: << “[\r][\n]”
DEBUG [2015 07 16 - 16:10:59,905] [main]: Cookie accepted
[JSESSIONID=“D1B33172DE63487A8D16B28BF9C9AACE”, version:0, domain:localhost,
path:/geonetwork/, expiry:null]
DEBUG [2015 07 16 - 16:10:59,905] [main]: Connection can be kept alive
indefinitely
DEBUG [2015 07 16 - 16:10:59,925] [main]: Releasing connection
org.apache.http.impl.conn.ManagedClientConnectionImpl@anonymised.com
<<<<

No, I haven’t tried any other way (as I mentioned earlier, I inherited this,
so I tried the previous admin’s way), but I would be really glad if there
were some easy way of inserting (only inserting is enough) new metadata
records to GeoNetwork 3. Could you please tell me more about the basic
authentication, or point me to some documentation?

Thank you very much

Jaroslav

On Thu, Jul 16, 2015 at 12:58 PM María Arias de Reyna <delawen@anonymised.com>
wrote:

On Thu, Jul 16, 2015 at 12:55 PM, Jaroslav Urik <jarda.urik@anonymised.com>
wrote:

Hi,
I’ve recently upgraded from GeoNetwork 2.8.0 to Geonetwork 3.0.1.
In v2.8 I’ve been using the GeoNetwork xml services to insert new
metadata (
xml.metadata.insert ).
Since my upgrade, this stopped working. I have learned, that GeoNetwork
started to use j_spring_security since v2.10, but even with that
knowledge I
wasn’t able to log-in and insert any data.
I am using Java and sending the request (login) to
http://localhost:8080/geonetwork/srv/eng/j_spring_security_check” which
returns code 302 (redirect).
I’ve been searching and trying for the past 2 days, but without any
luck.
Could someone please describe how to log-in and insert metadata in
v3.0.x
using either GN xml services or the CSW service?
Or at least tell me the correct url to send my POST requests to?
Thanks for any help

Jaroslav Urik

Hi again Jaroslav,

Even with the redirect 302, does it login successfully?

In any case, did you try the basic authentication instead of having to
go through the login and store the cookie for the metadata insert?

Regards,
María.