[Geoserver-users] GeoServer Catalog - WPS

Hi everyone!

Today I was testing access to geoserver catalog in a WPS process, but I noticed that only some of my Workspaces and DataStores are listed.

My tests are based on the ImportProcess class and using geoserver UI, I created 4 WS and 4 DS:

Workspaces:

1- common
2- mm_50
3- mm_100
4- mm_250

Stores:

A- MovMassas_1_50000 - defined with workspace mm_50
B- MovMassas_1_100000 - defined with workspace
C- MovMassas_1_250000 - defined with workspace
D- IBGE - defined with workspace

The process bellow just prints information about Workspaces 1, 3 and 4… and about Stores B and C.

Stores A, B, C are PostGIS stores, and D is a WMS store.

I can’t find a reason why this is happening, once they are defined the same way, just changing names, and with the PostGIS stores, changing database schema too… I have only one layer published from store A, which is secured for some ROLES. There is another layer published from Store D, which is public.

Why just some of my ws and stores are visible when I access the catalog inside the WPS? If needed, I can share the ws ans stores definitions.

Here is the WPS code:

package br.rc.unesp.process;

import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.DataStoreInfo;
import org.geoserver.catalog.WorkspaceInfo;
import org.geotools.process.ProcessException;
import org.geotools.process.factory.DescribeProcess;
import org.geotools.process.factory.DescribeResult;
import org.geotools.process.gs.GSProcess;

@DescribeProcess(title = “MyTest”, description = “MyTest test”)
public class MyTestProcess implements GSProcess {

private Catalog catalog;

public MyTestProcess(Catalog catalog) {
this.catalog = catalog;
}

@DescribeResult(name = “result”, description = “Return the infos”)
public String execute() throws ProcessException{

StringBuilder strBuilder = new StringBuilder();

strBuilder.append(“Workspaces:”);
strBuilder.append(“\n”);
strBuilder.append(“----------------------------------------”);
strBuilder.append(“\n”);

for(WorkspaceInfo wsi : catalog.getWorkspaces()){

strBuilder.append("ID: " + wsi.getId());
strBuilder.append(“\n”);
strBuilder.append("NAME: " + wsi.getName());
strBuilder.append(“\n\r”);

}

strBuilder.append(“DataStores:”);
strBuilder.append(“\n”);
strBuilder.append(“----------------------------------------”);
strBuilder.append(“\n”);

for(DataStoreInfo dsi : catalog.getDataStores()){

strBuilder.append("ID: " + dsi.getId());
strBuilder.append(“\n”);
strBuilder.append("NAME: " + dsi.getName());
strBuilder.append(“\n”);
strBuilder.append("DESCRITION: " + dsi.getDescription());
strBuilder.append(“\n”);
strBuilder.append("TYPE: " + dsi.getType());
strBuilder.append(“\n”);
strBuilder.append("WORKSPACE: " + dsi.getWorkspace().getName());
strBuilder.append(“\n\r”);

}

return strBuilder.toString();

}

}

It is defined at ApplicationContext.xml like this:



I’m trying to access the catalog to list published and unpublished layers in the postgis datastores inside this WPS.

Any help will be appreciated!!

Regards,

Rodrigo C. Antonialli

Rio Claro - SP - Brasil
LinkedIn: http://www.linkedin.com/in/rcaprofile
Contato: (19) 8136-2347
rcantonialli@anonymised.com
Skype: rc_antonialli

On Tue, Mar 5, 2013 at 12:07 AM, Rodrigo Antonialli <rcantonialli@anonymised.com4…> wrote:

Hi everyone!

Today I was testing access to geoserver catalog in a WPS process, but I noticed that only some of my Workspaces and DataStores are listed.

Are the stores and workspaces not listed under any security control?
As it stands now WPS cannot access any secured layer, even if the user issuing the command theoretically has
rigths, because of a tech issue (the authentication token is kept in a thread local in the request thread, but the
process then runs in a separate thread pool and does not get to see it)

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


Hi Andrea!

My Data security has these rules:

..r | * |

and the catalog mode is HIDE.

The “common” workspace and the common:IBGE store are not protected… the ws is listed and the store is not.

As you said, the mm_50 workspace shouldn’t be visible by WPS because of the third rule, right?

What about the IBGE store? Maybe because it’s type is WMS?

Anyway, if WPS can’t access restricted layers, it’s really bad for me… for a while, I’ll have to send only text parameters…

Is there a plan to change this wps restriction? Maybe I could try to help…(if I’m able to =P)

···

Rodrigo C. Antonialli

Rio Claro - SP - Brasil
LinkedIn: http://www.linkedin.com/in/rcaprofile
Contato: (19) 8136-2347
rcantonialli@anonymised.com
Skype: rc_antonialli

On Tue, Mar 5, 2013 at 4:17 AM, Andrea Aime <andrea.aime@anonymised.com> wrote:

On Tue, Mar 5, 2013 at 12:07 AM, Rodrigo Antonialli <rcantonialli@anonymised.com> wrote:

Hi everyone!

Today I was testing access to geoserver catalog in a WPS process, but I noticed that only some of my Workspaces and DataStores are listed.

Are the stores and workspaces not listed under any security control?
As it stands now WPS cannot access any secured layer, even if the user issuing the command theoretically has
rigths, because of a tech issue (the authentication token is kept in a thread local in the request thread, but the
process then runs in a separate thread pool and does not get to see it)

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it


On Tue, Mar 5, 2013 at 12:47 PM, Rodrigo Antonialli <rcantonialli@anonymised.com4…> wrote:

Hi Andrea!

My Data security has these rules:

..r *
..w *
mm_50.*.r USUARIO,ADMINISTRADOR

and the catalog mode is HIDE.

The “common” workspace and the common:IBGE store are not protected… the ws is listed and the store is not.

As you said, the mm_50 workspace shouldn’t be visible by WPS because of the third rule, right?

Correct

What about the IBGE store? Maybe because it’s type is WMS?

Hum… your code asks for DataStores, not for Stores, so that’s probably te cause

Anyway, if WPS can’t access restricted layers, it’s really bad for me… for a while, I’ll have to send only text parameters…

Is there a plan to change this wps restriction? Maybe I could try to help…(if I’m able to =P)

I discussed the API changes that need to take place in the last two weeks on this mailing list,
however the fix is not simple, so I’m waiting for funding on it.
That’s of course not going too stop anyone else from implementation, if they have time to do so.

Cheers
Andrea

==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it