Running mvn jetty:run -Pgeofence-server , when the request IP resolves to an IPv6 address, the following error is logged:
ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
and no rule is applied, hiding all contents.
A workaround is to run with -Djava.net.preferIPv4Stack=true .
This should be fixed or at least documented.
Some debugging shows that RuleReaderService.getAdminAuthorization(ruleFilter) (CachedRuleReader) returns an empty AccessInfo .
Call trace:
SecureCatalogImpl.buildWrapperPolicy() ->
CatalogFilterAccessManager.getAccessLimits() ->
GeoFenceAccessManager.getAccessLimits() ->
GeoFenceAccessManager.isWorkspaceAdmin() ->
GeoFenceAccessManager.getAccessLimits(){
...
AccessInfo auth = rules.getAdminAuthorization(ruleFilter);
}
Environment:
Ubuntu x86_64, 5.8.0-50-generic
java -version
openjdk version “1.8.0_282”
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)
Logs:
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"giant_polygon"+]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 WARN [services.RuleReaderServiceImpl] - No access for filter RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"giant_polygon"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Returning AccessInfo[grant:DENY admin:false] for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"giant_polygon"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 WARN [services.RuleReaderServiceImpl] - No access for filter RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Returning AccessInfo[grant:DENY admin:false] for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poly_landmarks"+]
|