#1177: force sending credentials to geoserver REST api
---------------------+------------------------------------------------------
Reporter: landry | Owner: geonetwork-devel@…
Type: defect | Status: new
Priority: major | Milestone: v2.9.0
Component: General | Version: v2.8.0RC2
Keywords: |
---------------------+------------------------------------------------------
I've experienced a strange issue with the geopublishing feature :
- my geoserver 2.2.2 is configured this way in security/rest.properties
/**;GET=IS_AUTHENTICATED_ANONYMOUSLY
/**;POST,DELETE,PUT=ROLE_AUTHENTICATED
I want to be able to anonymously get layers/style, and all my users to be
able to publish layers/styles.
In certain circumstances, the geopublishing fails. After PUT'ing the zip
file, i correctly get a 201 code, but the next REST call is a GET on the
layer, and since by default we only send the auth header if asked for
credentials, for some reason geoserver returns a 404. If forcing the
authentification, i correctly get a 200.
The problem can be reproduced with wget and curl. By default curl sends
the auth in all cases, wget only send it if asked for it, or if --auth-no-
challenge is used :
#curl -v http://localhost:8080/geoserver/rest/layers/CRAIG_201206_PCI.xml
...
< HTTP/1.1 404 Not Found
...
No such layer: CRAIG_201206_PCI
#curl -u admin:admin -v
http://localhost:8080/geoserver/rest/layers/CRAIG_201206_PCI.xml
...
< HTTP/1.1 200 OK
...
<layer>
<name>CRAIG_201206_PCI</name>
#wget -d --user admin --password admin
http://localhost:8080/geoserver/rest/layers/CRAIG_201206_PCI.xml
...
Host `localhost' has not issued a general basic challenge.
...
HTTP/1.1 404 Not Found
#wget -d --auth-no-challenge --user admin --password admin
http://localhost:8080/geoserver/rest/layers/CRAIG_201206_PCI.xml
...
Auth-without-challenge set, sending Basic credentials.
...
HTTP/1.1 200 OK
I don't know if the problem lies in geoserver way of handling auth (for
REST i'm using the http header auth filter first, then basic auth filter)
or if the problem is in geonetwork itself. The thing is, if i force the
Geopublisher to send the auth credentials 'preemptively' it fixes the
issue i've been seeing.
---
a/web/src/main/java/org/fao/geonet/services/publisher/GeoServerRest.java
+++
b/web/src/main/java/org/fao/geonet/services/publisher/GeoServerRest.java
@@ -658,6 +658,7 @@ public class GeoServerRest {
}
m.setDoAuthentication(true);
+ c.getParams().setAuthenticationPreemptive(true);
If that 'fix' is acceptable i'll attach it as a proper git commit.
--
Ticket URL: <http://trac.osgeo.org/geonetwork/ticket/1177>
GeoNetwork opensource Developer website <http://sourceforge.net/projects/geonetwork/>
GeoNetwork opensource is a standards based, Free and Open Source catalog application to manage spatially referenced resources through the web. It provides powerful metadata editing and search functions as well as an embedded interactive web map viewer. This website contains information related to the development of the software.