[Geoserver-devel] [JIRA] (GEOS-10070) GeoFence doesn't work when the local IP address is reported as IPv6

Gabriel Roldan created an issue

GeoServer / BugGEOS-10070

GeoFence doesn’t work when the local IP address is reported as IPv6

Issue Type:

BugBug

Affects Versions:

2.19.0

Assignee:

Unassigned

Components:

GeoFence

Created:

20/May/21 9:31 PM

Priority:

MediumMedium

Reporter:

Gabriel Roldan

Running mvn jetty:run -Pgeofence-server, when the request IP resolves to an IPv6 address, the following error is logged:

ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]

and no rule is applied, hiding all contents.

A workaround is to run with -Djava.net.preferIPv4Stack=true.
This should be fixed or at least documented.

Some debugging shows that RuleReaderService.getAdminAuthorization(ruleFilter) (CachedRuleReader) returns an empty AccessInfo.

Call trace:

SecureCatalogImpl.buildWrapperPolicy() ->
CatalogFilterAccessManager.getAccessLimits() ->
GeoFenceAccessManager.getAccessLimits() ->
GeoFenceAccessManager.isWorkspaceAdmin() ->

GeoFenceAccessManager.getAccessLimits(){
...
 AccessInfo auth = rules.getAdminAuthorization(ruleFilter);
}

Environment:

Ubuntu x86_64, 5.8.0-50-generic

java -version
openjdk version “1.8.0_282”
OpenJDK Runtime Environment (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)

Logs:

20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"giant_polygon"+]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 WARN [services.RuleReaderServiceImpl] - No access for filter RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"giant_polygon"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Returning AccessInfo[grant:DENY admin:false] for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"giant_polygon"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 ERROR [util.FilterUtils] - Bad address filter [0:0:0:0:0:0:0:1]
20 May 16:05:52 WARN [services.RuleReaderServiceImpl] - No access for filter RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Returning AccessInfo[grant:DENY admin:false] for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poi"+]
20 May 16:05:52 INFO [services.RuleReaderServiceImpl] - Requesting access for RuleFilter[user:"topp_admin"+ role:ANY inst:name+:default-gs ip:"[0:0:0:0:0:0:0:1]"+ serv:DEFAULT req:DEFAULT ws:"tiger"+ layer:"poly_landmarks"+]

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100162-sha1:3b69042)

Atlassian logo