[GeoNetwork-users] Login popup on every metadata record

GeoNetwork GeoNetwork User
,
1

Hello list,

To set the scene: I have set up Geonetwork 4.2.2 with Elastic Search and Kibana on Windows Server. It is running with OpenJDK 8 and Tomcat 9.0.71. There is a Geoserver instance running on the same server in another Tomcat container. There is an Apache (with TLS over HTTPS) running in front of the Tomcat containers. The Geoserver and Geonetwork are for internal use only and run inside our corporate firewall.

Everything works well except for a login popup that appears every time a user enters a metadata record. Tracking what happens when a page loads reveals a POST request to https://myserver/geonetwork/index/features?_=_search that returns a 401 unauthorised error. The popup still appears if the user is logged in to Geonetwork.

I did read in the docs when setting everything up that Tomcat needs to be configured to use an AJP connector on port 8009 and the Apache in front to be configured with a ProxyPass / ProxyPassReverse using that AJP connector. This is to avoid "page not found errors" on login. In my case this does stop the login prompts but breaks everything beyond the front page of the catalogue. Disabling the AJP connector and telling Apache to use the ProxyPass / ProxyPassReverse with HTTP connectors (http://localhost:8080/geonetwork) to the Tomcat container allows the site to work but with the login prompt on every metadata record page.

The metadata records all contain a valid WMS and WFS link to the data coming from the Geoserver like this:

  * https://myserver/geoserver/metadata/ows?service=wms&version=1.3.0&request=GetCapabilities

  * https://myserver/geoserver/metadata/ows?service=WFS&acceptversions=1.0.0&request=GetCapabilities

At the same time that the page generates the login popup it returns a 404 not found error with this URL:

  * https://myserver/geonetwork/srv/api/msg_producers/find?url=https://myserver/geoserver/metadata/ows?SERVICE=wfs&&featureType=ecp_wastemaninspzones

I don't know how this URL is created but it is missing the request parameter after SERVICE=wfs&

<ows:Exception exceptionCode="MissingParameterValue" locator="request">
<ows:ExceptionText>Could not determine geoserver request from http request org.geoserver.platform.AdvancedDispatchFilter$AdvancedDispatchHttpRequest@anonymised.com..1982...</ows:ExceptionText<mailto:org.geoserver.platform.AdvancedDispatchFilter$AdvancedDispatchHttpRequest@anonymised.com%3c/ows:ExceptionText>>
</ows:Exception>

If I amend the URL with "request=GetCapabilities" it returns a valid document.

So, is this to do with the Tomcat configuration (AJP vs HTTP) or is it something else? Suggestions and things to try will all be happily received.

Many thanks

Ross

Ross McDonald | Geo-evangelist | Angus Council | 01307 49 22 39 | mcdonaldr@anonymised.com<mailto:mcdonaldr@anonymised.com> | www.angus.gov.uk<http://www.angus.gov.uk/&gt;

Follow us on Twitter<https://twitter.com/anguscouncil&gt;
Visit our Facebook<https://en-gb.facebook.com/AngusCouncil&gt; page

Check out Location Data Scotland<https://www.locationdatascotland.com/&gt; for a network of organisations championing spatial data in Scotland.

Think green - please do not email this print

2

Hi Ross, sounds like the popup is related to the check made on GeoServer
side to propose to index the data.
See
https://geonetwork-opensource.org/manuals/4.0.x/en/user-guide/analyzing/data.html

Any security configured on GeoServer side ?

At least you could turn off the WFS indexing tool in admin > settings >
User Interface > Map > Optional Map Viewer Tools and disable "Search &
filter features". Cf.
https://github.com/geonetwork/core-geonetwork/blob/main/web-ui/src/main/resources/catalog/js/CatController.js#L792

HTH
Francois

Le jeu. 30 mars 2023 à 18:53, Ross McDonald via GeoNetwork-users <
geonetwork-users@lists.sourceforge.net> a écrit :

Hello list,

To set the scene: I have set up Geonetwork 4.2.2 with Elastic Search and
Kibana on Windows Server. It is running with OpenJDK 8 and Tomcat 9.0.71.
There is a Geoserver instance running on the same server in another Tomcat
container. There is an Apache (with TLS over HTTPS) running in front of the
Tomcat containers. The Geoserver and Geonetwork are for internal use only
and run inside our corporate firewall.

Everything works well except for a login popup that appears every time a
user enters a metadata record. Tracking what happens when a page loads
reveals a POST request to
https://myserver/geonetwork/index/features?_=_search that returns a 401
unauthorised error. The popup still appears if the user is logged in to
Geonetwork.

I did read in the docs when setting everything up that Tomcat needs to be
configured to use an AJP connector on port 8009 and the Apache in front to
be configured with a ProxyPass / ProxyPassReverse using that AJP connector.
This is to avoid "page not found errors" on login. In my case this does
stop the login prompts but breaks everything beyond the front page of the
catalogue. Disabling the AJP connector and telling Apache to use the
ProxyPass / ProxyPassReverse with HTTP connectors (
http://localhost:8080/geonetwork) to the Tomcat container allows the site
to work but with the login prompt on every metadata record page.

The metadata records all contain a valid WMS and WFS link to the data
coming from the Geoserver like this:

  *
https://myserver/geoserver/metadata/ows?service=wms&version=1.3.0&request=GetCapabilities

  *
https://myserver/geoserver/metadata/ows?service=WFS&acceptversions=1.0.0&request=GetCapabilities

At the same time that the page generates the login popup it returns a 404
not found error with this URL:

  *
https://myserver/geonetwork/srv/api/msg_producers/find?url=https://myserver/geoserver/metadata/ows?SERVICE=wfs&&featureType=ecp_wastemaninspzones

I don't know how this URL is created but it is missing the request
parameter after SERVICE=wfs&

<ows:Exception exceptionCode="MissingParameterValue" locator="request">
<ows:ExceptionText>Could not determine geoserver request from http request
org.geoserver.platform.AdvancedDispatchFilter$AdvancedDispatchHttpRequest@anonymised.com
</ows:ExceptionText<mailto:org.geoserver.platform.AdvancedDispatchFilter
$AdvancedDispatchHttpRequest@anonymised.com%3c/ows:ExceptionText>>
</ows:Exception>

If I amend the URL with "request=GetCapabilities" it returns a valid
document.

So, is this to do with the Tomcat configuration (AJP vs HTTP) or is it
something else? Suggestions and things to try will all be happily received.

Many thanks

Ross

Ross McDonald | Geo-evangelist | Angus Council | 01307 49 22 39 |
mcdonaldr@anonymised.com<mailto:mcdonaldr@anonymised.com> | www.angus.gov.uk<
http://www.angus.gov.uk/&gt;

Follow us on Twitter<https://twitter.com/anguscouncil&gt;
Visit our Facebook<https://en-gb.facebook.com/AngusCouncil&gt; page

Check out Location Data Scotland<https://www.locationdatascotland.com/&gt;
for a network of organisations championing spatial data in Scotland.

Think green - please do not email this print

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

3

Francois

That has most certainly helped. No more popup after disabling the index tool.

I’ll need to review the security on the Geoserver but I am sure it is set up to allow anonymous access on the specific workspace for the metadata. That is a problem for tomorrow though.

Many thanks

Ross

From: Francois Prunayre <fx.prunayre@...54...>
Sent: 30 March 2023 18:03
To: Ross McDonald <McDonaldR@...1970...>
Cc: Ross McDonald via GeoNetwork-users <geonetwork-users@lists.sourceforge.net>
Subject: Re: [GeoNetwork-users] Login popup on every metadata record

Hi Ross, sounds like the popup is related to the check made on GeoServer side to propose to index the data.
See https://geonetwork-opensource.org/manuals/4.0.x/en/user-guide/analyzing/data.html

Any security configured on GeoServer side ?

At least you could turn off the WFS indexing tool in admin > settings > User Interface > Map > Optional Map Viewer Tools and disable "Search & filter features". Cf. https://github.com/geonetwork/core-geonetwork/blob/main/web-ui/src/main/resources/catalog/js/CatController.js#L792

HTH
Francois

Le jeu. 30 mars 2023 à 18:53, Ross McDonald via GeoNetwork-users <geonetwork-users@lists.sourceforge.net<mailto:geonetwork-users@lists.sourceforge.net>> a écrit :
Hello list,

To set the scene: I have set up Geonetwork 4.2.2 with Elastic Search and Kibana on Windows Server. It is running with OpenJDK 8 and Tomcat 9.0.71. There is a Geoserver instance running on the same server in another Tomcat container. There is an Apache (with TLS over HTTPS) running in front of the Tomcat containers. The Geoserver and Geonetwork are for internal use only and run inside our corporate firewall.

Everything works well except for a login popup that appears every time a user enters a metadata record. Tracking what happens when a page loads reveals a POST request to https://myserver/geonetwork/index/features?_=_search that returns a 401 unauthorised error. The popup still appears if the user is logged in to Geonetwork.

I did read in the docs when setting everything up that Tomcat needs to be configured to use an AJP connector on port 8009 and the Apache in front to be configured with a ProxyPass / ProxyPassReverse using that AJP connector. This is to avoid "page not found errors" on login. In my case this does stop the login prompts but breaks everything beyond the front page of the catalogue. Disabling the AJP connector and telling Apache to use the ProxyPass / ProxyPassReverse with HTTP connectors (http://localhost:8080/geonetwork) to the Tomcat container allows the site to work but with the login prompt on every metadata record page.

The metadata records all contain a valid WMS and WFS link to the data coming from the Geoserver like this:

  * https://myserver/geoserver/metadata/ows?service=wms&version=1.3.0&request=GetCapabilities

  * https://myserver/geoserver/metadata/ows?service=WFS&acceptversions=1.0.0&request=GetCapabilities

At the same time that the page generates the login popup it returns a 404 not found error with this URL:

  * https://myserver/geonetwork/srv/api/msg_producers/find?url=https://myserver/geoserver/metadata/ows?SERVICE=wfs&&featureType=ecp_wastemaninspzones

I don't know how this URL is created but it is missing the request parameter after SERVICE=wfs&

<ows:Exception exceptionCode="MissingParameterValue" locator="request">
<ows:ExceptionText>Could not determine geoserver request from http request org.geoserver.platform.AdvancedDispatchFilter$AdvancedDispatchHttpRequest@...1982...</ows:ExceptionText<mailto:org.geoserver.platform.AdvancedDispatchFilter$AdvancedDispatchHttpRequest@…1982…%3c/ows:ExceptionText>>
</ows:Exception>

If I amend the URL with "request=GetCapabilities" it returns a valid document.

So, is this to do with the Tomcat configuration (AJP vs HTTP) or is it something else? Suggestions and things to try will all be happily received.

Many thanks

Ross

Ross McDonald | Geo-evangelist | Angus Council | 01307 49 22 39 | mcdonaldr@...1970...<mailto:mcdonaldr@…1970…><mailto:mcdonaldr@…1970…> | www.angus.gov.uk<http://www.angus.gov.uk><http://www.angus.gov.uk/&gt;

Follow us on Twitter<https://twitter.com/anguscouncil&gt;
Visit our Facebook<https://en-gb.facebook.com/AngusCouncil&gt; page

Check out Location Data Scotland<https://www.locationdatascotland.com/&gt; for a network of organisations championing spatial data in Scotland.

Think green - please do not email this print

_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net<mailto:GeoNetwork-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork