[Geoserver-devel] [JIRA] (GEOS-10592) Request body logging incompatible with OAuth security authentication

Jody Garnett created an issue

GeoServer / BugGEOS-10592

Request body logging incompatible with OAuth security authentication

Issue Type:

BugBug

Affects Versions:

2.21.0

Assignee:

Unassigned

Components:

Community modules, Main, Security, Wicket UI

Created:

19/Jul/22 9:56 PM

Environment:

Tomcat 8.5

Priority:

MediumMedium

Reporter:

Jody Garnett

Follow up to https://osgeo-org.atlassian.net/browse/GEOS-10584 trouble shooting request body logging in an environment used to test the community openid-conmect plugin.

  1. Configure open-id-connect, I tested with ADFS

  2. Enable GeoServer LoggingFilter with request header logging, use the authentication filter to secure the filter chain web/**

  3. Unable to edit simple wicked forms (example contact information, or refreshing the logs). The error message indicate “number of rows is required”.

  4. Checking with a debugger LoggingFilter obtains an InputStream with no content (available() is 0, and read() is -1)

  5. Removing the Open ID Connect Authentication filter from the service chain restores functionality

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100202-sha1:39a47f2)

Atlassian logo