[Geoserver-devel] Authkey plugin not working in 2.2.5?

I have setup my installation of GeoServer 2.2.5 so that certain data is secured using a username and password. I would like to use the authkey plugin so that my users can access the data and I can track their usage.

I downloaded the nightly build of the plugin from http://gridlock.opengeo.org/geoserver/2.2.x/community-2013-02-28/ and extracted the authkey-2.2-SNAPSHOT.jar into the lib folder and then restarted GeoServer. After restarting I can see that the authkeys file has been generated and is located at “<GEOSERVER_DATA_DIR>/security/authkeys.properties”. I have uncommented the lines generated with my user accounts to “activate” the keys.

Problem is, when I try and access the WMS using the authkey I am being challenged for the username/password for the Geoserver Realm – why? I can see nothing in the logs to suggest why the authkey is being ignored – is this a problem with the authkey plugin working with the new security model recently introduced?

Many thanks,

Colin Henderson
Principal GIS Consultant, Communications

ATKINS

75 years of design, engineering and project management excellence

Woodcote Grove, Ashley Road, Epsom, KT18 5BW | Tel: +44 1372 752995 | Mobile: +44 7834 507399

Email: colin.henderson2@anonymised.com | Web: www.atkinsglobal.com |
Twitter: www.twitter.com/atkinsglobal | Facebook: www.facebook.com/atkinsglobal |

LinkedIn: www.linkedin.com/company/atkins | YouTube: www.youtube.com/wsatkinsplc

Hello,

This is an issue in the geoserver/authkey implementation and this happens if you are logged in a previous different way (example when you login on the webinterface)
with the same browser the sessionid of the previous connection is kept.

This is a bug, but known the race condition this can be used in production. It seems that with the rework of the authkey in 2.4 this is solved but this is a non production version.

Best regards,

Eric

Op 1/03/2013 2:07, Henderson, Colin (GIS) schreef:

I have setup my installation of GeoServer 2.2.5 so that certain data is secured using a username and password. I would like to use the authkey plugin so that my users can access the data and I can track their usage.

I downloaded the nightly build of the plugin from http://gridlock.opengeo.org/geoserver/2.2.x/community-2013-02-28/ and extracted the authkey-2.2-SNAPSHOT.jar into the lib folder and then restarted GeoServer. After restarting I can see that the authkeys file has been generated and is located at "<GEOSERVER_DATA_DIR>/security/authkeys.properties". I have uncommented the lines generated with my user accounts to "activate" the keys.

Problem is, when I try and access the WMS using the authkey I am being challenged for the username/password for the Geoserver Realm -- why? I can see nothing in the logs to suggest why the authkey is being ignored -- is this a problem with the authkey plugin working with the new security model recently introduced?

Many thanks,

*Colin Henderson*
Principal GIS Consultant, Communications
*
ATKINS*

75 years of design, engineering and project management excellence

*
*Woodcote Grove, Ashley Road, Epsom, KT18 5BW*| *Tel: +44 1372 752995 *| *Mobile: +44 7834 507399 **

Email: colin.henderson2@anonymised.com <mailto:firstname.surname@anonymised.com> | Web: www.atkinsglobal.com <http://www.atkinsglobal.com/&gt;|
Twitter: www.twitter.com/atkinsglobal <http://www.twitter.com/atkinsglobal&gt;| Facebook: www.facebook.com/atkinsglobal <http://www.facebook.com/atkinsglobal&gt;|

LinkedIn: www.linkedin.com/company/atkins <http://www.linkedin.com/company/atkins&gt;| YouTube: www.youtube.com/wsatkinsplc <http://www.youtube.com/wsatkinsplc&gt;\_\_

--------------------------------------------------------------------------------
This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding.

The ultimate parent company of the Atkins Group is WS Atkins plc. Registered in England No. 1885586. Registered Office Woodcote Grove, Ashley Road, Epsom, Surrey KT18 5BW. A list of wholly owned Atkins Group companies registered in the United Kingdom and locations around the world can be found at http://www.atkinsglobal.com/site-services/group-company-registration-details

Consider the environment. Please don't print this e-mail unless you really need to.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb

_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

--
Eric Smets

The module was completely reword for 2.3.x series. Look here for the release schedule

http://geoserver.org/display/GEOS/GeoTools+and+GeoServer+release+schedule

···

2013/3/1 Eric Smets <eric.smets@anonymised.com>

Hello,

This is an issue in the geoserver/authkey implementation and this happens if you are logged in a previous different way (example when you login on the webinterface)
with the same browser the sessionid of the previous connection is kept.

This is a bug, but known the race condition this can be used in production. It seems that with the rework of the authkey in 2.4 this is solved but this is a non production version.

Best regards,

Eric

Op 1/03/2013 2:07, Henderson, Colin (GIS) schreef:

I have setup my installation of GeoServer 2.2.5 so that certain data is secured using a username and password. I would like to use the authkey plugin so that my users can access the data and I can track their usage.

I downloaded the nightly build of the plugin from http://gridlock.opengeo.org/geoserver/2.2.x/community-2013-02-28/ and extracted the authkey-2.2-SNAPSHOT.jar into the lib folder and then restarted GeoServer. After restarting I can see that the authkeys file has been generated and is located at “<GEOSERVER_DATA_DIR>/security/authkeys.properties”. I have uncommented the lines generated with my user accounts to “activate” the keys.

Problem is, when I try and access the WMS using the authkey I am being challenged for the username/password for the Geoserver Realm – why? I can see nothing in the logs to suggest why the authkey is being ignored – is this a problem with the authkey plugin working with the new security model recently introduced?

Many thanks,

Colin Henderson
Principal GIS Consultant, Communications

ATKINS

75 years of design, engineering and project management excellence

Woodcote Grove, Ashley Road, Epsom, KT18 5BW | Tel: +44 1372 752995 | Mobile: +44 7834 507399

Email: colin.henderson2@anonymised.com | Web: www.atkinsglobal.com |
Twitter: www.twitter.com/atkinsglobal | Facebook: www.facebook.com/atkinsglobal |

LinkedIn: www.linkedin.com/company/atkins | YouTube: www.youtube.com/wsatkinsplc


This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding.

The ultimate parent company of the Atkins Group is WS Atkins plc. Registered in England No. 1885586. Registered Office Woodcote Grove, Ashley Road, Epsom, Surrey KT18 5BW. A list of wholly owned Atkins Group companies registered in the United Kingdom and locations around the world can be found at http://www.atkinsglobal.com/site-services/group-company-registration-details

Consider the environment. Please don’t print this e-mail unless you really need to.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
[http://p.sf.net/sfu/appdyn_d2d_feb](http://p.sf.net/sfu/appdyn_d2d_feb)
_______________________________________________
Geoserver-devel mailing list
[Geoserver-devel@lists.sourceforge.net](mailto:Geoserver-devel@lists.sourceforge.net)
[https://lists.sourceforge.net/lists/listinfo/geoserver-devel](https://lists.sourceforge.net/lists/listinfo/geoserver-devel)

-- 
Eric Smets                                    


Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel