[GeoNetwork-users] Default spring configuration not authenticating default admin user

Landry_Breuil · November 28, 2013, 9:21am

Hi,

i'm trying to setup a test GN 2.10.2 instance (we're still running
2.8.0), and since the switch to spring auth it fails to login the
default admin/admin user/pass. I'm probably doing something wrong but i
don't see where the problem is on my side

- took the gn 2.10.2 war from sourceforge
- changed config.xml to point at an empty postgresql database, populated
with default setup at first webapp startup
- changed log4j.cfg to enable jeeves logging
- this tomcat instance is setupped behind an nginx RP, and is also
hosting other working webapps

On the default homepage, trying to login as admin/admin fails (ie it
displays srv/eng/login.form again) and in the log i have this:

2013-11-28 10:11:08,399 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Public
object - authentication not attempted
2013-11-28 10:11:08,403 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Secure
object: FilterInvocation: URL:
/j_spring_security_check?redirectUrl=/srv/eng/main.home; Attributes:
[denyAll]
2013-11-28 10:11:08,403 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
Previously Authenticated:
org.springframework.security.authentication.AnonymousAuthenticationToken@anonymised.com:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@anonymised.com:
RemoteIpAddress: 195.221.122.114; SessionId:
47A7C50F347DEA0CED54719E8E899D1E; Granted Authorities: ROLE_ANONYMOUS
2013-11-28 10:11:08,919 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Public
object - authentication not attempted
2013-11-28 10:11:08,922 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Secure
object: FilterInvocation: URL: /srv/eng/login.form; Attributes: [permitAll]
2013-11-28 10:11:08,922 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
Previously Authenticated:
org.springframework.security.authentication.AnonymousAuthenticationToken@anonymised.com:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@anonymised.com:
RemoteIpAddress: 195.221.122.114; SessionId:
47A7C50F347DEA0CED54719E8E899D1E; Granted Authorities: ROLE_ANONYMOUS
2013-11-28 10:11:08,922 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
Authorization successful
2013-11-28 10:11:08,922 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
RunAsManager did not change Authentication object

If i try to login on apps/search/ it also fails, and the log shows:

2013-11-28 10:19:03,903 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Public
object - authentication not attempted
2013-11-28 10:19:03,907 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Secure
object: FilterInvocation: URL: /j_spring_security_check; Attributes:
[denyAll]
2013-11-28 10:19:03,907 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
Previously Authenticated:
org.springframework.security.authentication.AnonymousAuthenticationToken@anonymised.com:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@anonymised.com:
RemoteIpAddress: 195.221.122.114; SessionId:
47A7C50F347DEA0CED54719E8E899D1E; Granted Authorities: ROLE_ANONYMOUS
2013-11-28 10:19:04,017 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Public
object - authentication not attempted
2013-11-28 10:19:04,021 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] - Secure
object: FilterInvocation: URL: /srv/eng/xml.info?type=me; Attributes:
[permitAll]
2013-11-28 10:19:04,021 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
Previously Authenticated:
org.springframework.security.authentication.AnonymousAuthenticationToken@anonymised.com:
Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true;
Details:
org.springframework.security.web.authentication.WebAuthenticationDetails@anonymised.com:
RemoteIpAddress: 195.221.122.114; SessionId:
47A7C50F347DEA0CED54719E8E899D1E; Granted Authorities: ROLE_ANONYMOUS
2013-11-28 10:19:04,021 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
Authorization successful
2013-11-28 10:19:04,021 DEBUG
[jeeves.config.springutil.GeonetworkFilterSecurityInterceptor] -
RunAsManager did not change Authentication object

and xml.info returns

Did the default admin password change ? What's wrong with default spring
setup ? Any idea ?

Landry

Landry_Breuil · November 28, 2013, 10:18am

On 11/28/13 10:53, Jesse Eichar wrote:

I think I need to test out that war to see if it works for me. I will
get back to you.

Jesse

On Thu, Nov 28, 2013 at 10:52 AM, Landry Breuil <breuil@anonymised.com
<mailto:breuil@anonymised.com>> wrote:

    On 11/28/13 10:41, Jesse Eichar wrote:
    > Looks like the correct hash to me
    >
    > Could you quickly check if it works with a h2 DB?

    Same issue with the default h2 DB. I doubt that the nginx RP that's
    causing this, since i'm redirecting everything to the given tomcat:

            location /geonetwork-2.10 {
                    proxy_pass http://10.0.0.6:9080/geonetwork-2.10/;
            }

After more fiddling and log enabling, i finally saw where the issue was,
and it's my fault.

The nginx RP redirects /geonetwork-2.10 reqs to /geonetwork-2.10/ with a
trailing /, and tomcat receives:

POST /geonetwork-2.10//j_spring_security_check HTTP/1.0 302 -

with a doubled /.... if i fix nginx with:

        location /geonetwork-2.10/ {
                proxy_pass http://10.0.0.6:9080/geonetwork-2.10/;
        }

(ie add the / at the end of location line)

geonetwork correctly authenticates me with the default admin/admin.

Case closed, and sorry for the noise - i'm not sure this needs fixing at
all in geonetwork.

Landry