Ok, So I have the J2EE_AUTH_FILTER working, but the logout button does not work. What do I need to change to make the logout button work again?
Thanks,
Melody
From: Christian Mueller [mailto:christian.mueller@anonymised.com]
Sent: Tuesday, August 06, 2013 4:31 AM
To: Ballance, Melody (IS)
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: EXT :Re: [Geoserver-users] Disabling Geoserver Security in 2.3.4?
Hi Melody
The close button does not store the configuration to the disk. Clicking “Close” stores your changes to main memory. After finishing the configuration for the web filter chains, you have to click on the “save” button of the authentication page.
Cheers
Christian
2013/8/5 Ballance, Melody (IS) <melody.ballance@anonymised.com>
I am still having an issue, in fact I think it is related to
http://osgeo-org.1560.x6.nabble.com/Unable-to-save-modification-Filter-Chains-on-Authentication-page-td5033643.html
I am able to create the authentication filter and save it,
But when I try to move my j2ee_auth_filter from available to selected for any of the filter chains, and hit the close button (it does not say save but I think it is better than cancel). It looks like it saves it, but when I log out and then back in the j2ee_auth_filter is back over on the available side not selected.
I am using 2.3.4 version. Is there anything else I can do to make the change save? What file is the change made to, web.xml or what?
Thanks,
Melody
From: Christian Mueller [mailto:christian.mueller@anonymised.com]
Sent: Friday, August 02, 2013 7:16 AM
To: Ballance, Melody (IS); geoserver-users@lists.sourceforge.net
Subject: Re: EXT :Re: [Geoserver-users] Disabling Geoserver Security in 2.3.4?
Hi Melody
Please stay on the user mailing list.
The stack trace tells me that GeoServer is not able to find the web.xml file. This is strange, I tested with tomcat and jetty, no problems here. Check if the file is there and that it is readable for the weblogic container.
An alternative solution is:
Remove the J2ee role service
Add the role “GEOSERVER” to the role service named “default”.
Configure the role service named “default” to have “Administrator Role” = “GEOSERVER”.
Configure the J2EE filter to use the role service “default”.
Try again and let me know
Christian
2013/8/1 Ballance, Melody (IS) <melody.ballance@anonymised.com>
Christian,
Below is the addition made to the downloaded web.xml that is deployed in the war file. I am NOT seeing the GEOSERVER role in the user/groups/roles (roles) tab.
GeoServer
/ *
PUT
DELETE
GET
POST
GEOSERVER
BASIC
GEOSERVER
I followed your instructions:
-
add J2EE role service (GUI)
-
add J2EE authentication filter using the J2EE role service (GUI)
-
put this filter on the filter chains, remove unneeded filters
When I did this part I would add the J2EE_AUTH_FILTER to each of the chains. When I would restart the application, the J2EE_AUTH_FILTER was no longer in any of the filter chains.
So I added it back again to all of the filter chains except the login and logout. And then I removed the rememberme authentication filter and restarted the application but this time I got a Error 500–Internal Server Error. Then when I looked in the logs I saw the following.
************* error after removing the rememberme authentication filter**************
java.lang.RuntimeException: java.io.IOException: Cannot open /WEB-INF/web.xml
at org.geoserver.security.filter.GeoServerPreAuthenticationFilter.doAuthenticate(GeoServerPreAuthenticationFilter.java:122)
at org.geoserver.security.filter.GeoServerPreAuthenticationFilter.doFilter(GeoServerPreAuthenticationFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:68)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
Truncated. see log file for complete stacktrace
Caused By: java.io.IOException: Cannot open /WEB-INF/web.xml
at org.geoserver.security.impl.GeoServerJ2eeRoleService.load(GeoServerJ2eeRoleService.java:267)
at org.geoserver.security.impl.GeoServerJ2eeRoleService.(GeoServerJ2eeRoleService.java:183)
at org.geoserver.security.impl.J2eeSecurityProvider.createRoleService(J2eeSecurityProvider.java:40)
at org.geoserver.security.GeoServerSecurityManager$RoleServiceHelper.load(GeoServerSecurityManager.java:2647)
at org.geoserver.security.GeoServerSecurityManager.loadRoleService(GeoServerSecurityManager.java:658)
Truncated. see log file for complete stacktrace
Thanks,
Melody
From: Christian Mueller [mailto:christian.mueller@anonymised.com]
Sent: Thursday, August 01, 2013 6:57 AM
To: Ballance, Melody (IS)
Cc: geoserver-users@lists.sourceforge.net
Subject: EXT :Re: [Geoserver-users] Disabling Geoserver Security in 2.3.4?
Hi Melody
First, this hat nothing to do with disabling GeoServer security. You have to create a J2EE authentication filter. (Can be done on the “Authentication” page).
A J2EE authentication filter requires a role service. Two possibilities here:
-
If you have defined your roles in the web.xml file, create a new J2EE role service (“User, Groups,Roles” page).
-
If you want to use the default role serice, you have to add the J2EE roles individually (not recommended).
For each filter chain (“Authentication” page") do the following.
Remove the current authentication filters and add your new J2EE authentication filter.
Hint: Make a backup of your GEOSERVER_DATA_DIR/security directory- This helps restoring your original security configuration.
Cheers
Chrstian
2013/7/31 Ballance, Melody (IS) <melody.ballance@anonymised.com>
I am trying to use weblogic’s authentication via basic form authentication, but I still cannot disable the geoserver security login. What all do I need to comment out in the web.xml to make this happen? Also, how can I still have a geoserver privileged user to access/update the configuration of geoserver?
I currently have it where the user is being prompted for a weblogic account and proceeding with that account, but it does NOT log me in to geoserver. Then when I type in root and the appropriate password, I get https://FQDN:443/GeoServer/j_spring_security_check.
I am installing 2.3.4 which I thought is suppose to resolve the disabling geoserver security issue.
Thanks,
Melody
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH