Oauth2-Google and Geofence Connection

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Oauth2-Google and Geofence Connection

steve.omondi

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 


Virus-free. www.avast.com

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

Nuno Oliveira-3
Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira


On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 


Virus-free. www.avast.com


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:      +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

steve.omondi

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot




_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users



-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:      +39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Geoserver-google-oauth2-logs-file.txt (53K) Download Attachment
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

Nuno Oliveira-3
Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:



The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot




_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users



-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:      +39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer

GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:      +39 0584 1660272

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

google_login.gif (679K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

steve.omondi

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

cid:part1.6954620F.95331BE9@geo-solutions.it

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira


On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot





_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users




-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:      +39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 



-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:      +39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

Alessio Fabiani-2
Hi all,
seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

I'll try to have a look at them as soon as I can.

Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

cid:part1.6954620F.95331BE9@geo-solutions.it



The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira


On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot





_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users




-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 



-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

steve.omondi

Dear Fabian,

 

Following your advice, I was able to import the SSL Certificates for accounts.google.com:443 and googleapis to the cacerts (Java Keystore) after which the SSLHandshakeException: PKIX: unable to find valid certification path to requested target disappeared

This gives me confidence that the Keystore is working now.

 

However, when I login to Geoserver using the Google_Oauth2, nothing happens, it redirects back to the homepage /geoserver/web without Logging in.

 

Checking on users list the expected user id is not created.

 

In my GeoServer Log I still see:

 

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

 

This is even after I removed Geonode_Oauth2 and Github_Oauth2

 

Here is the full Geoserver Log: Kindly check if you can see something interesting

 

--------------------------------------------------------------------------------------------------------------------

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:12,340 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:12,386 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:12,387 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:12,389 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:12,391 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:12,391 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:12,415 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:12,416 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/j_spring_oauth2_google_login, QueryString: null'; against '/web/**'

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/j_spring_oauth2_google_login, QueryString: null with /web/**

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:13,378 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:13,381 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:13,381 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/j_spring_oauth2_google_login]

2017-07-12 12:44:13,382 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/gwc/rest/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s with /

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,572 DEBUG [geoserver.security] - preAuthenticatedPrincipal = [hidden email], trying to authenticate

2017-07-12 12:44:16,592 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/]

2017-07-12 12:44:16,593 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /index.html, QueryString: null with /**

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,604 DEBUG [geoserver.security] - Cleaned out Session Access Token Request!

2017-07-12 12:44:16,606 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/index.html]

2017-07-12 12:44:16,608 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,650 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,651 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:16,651 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:16,680 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,681 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,682 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:16,685 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:16,685 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:16,701 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:16,702 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check

2017-07-12 12:44:19,465 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Request is to process authentication

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@96df79f2: Principal: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true;  [ ADMIN,ROLE_ADMINISTRATOR ] ; Credentials: [PROTECTED]; Authenticated: true; Details: org.geoserver.security.filter.GeoServerWebAuthenticationDetails@380f4: RemoteIpAddress: 192.168.1.185; SessionId: 5010AF856DDCF4188D265B2B03236A22; Granted Authorities: ADMIN, ROLE_ADMINISTRATOR, ROLE_AUTHENTICATED

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Remember-me login not requested.

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web, QueryString: null with /web/**

2017-07-12 12:44:19,572 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,573 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,575 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web]

2017-07-12 12:44:19,576 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,595 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:19,595 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:19,780 DEBUG [geoserver.security] - Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

                at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:98)

                at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

                at org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:82)

                at org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)

                at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)

                at org.geoserver.security.GeoServerSecurityManager.checkForDefaultAdminPassword(GeoServerSecurityManager.java:1493)

                at org.geoserver.security.web.SecurityHomePageContentProvider$SecurityWarningsPanel.<init>(SecurityHomePageContentProvider.java:105)

                at org.geoserver.security.web.SecurityHomePageContentProvider.getPageBodyComponent(SecurityHomePageContentProvider.java:47)

                at org.geoserver.web.GeoServerHomePage$1.populateItem(GeoServerHomePage.java:129)

                at org.apache.wicket.markup.html.list.ListView.onPopulate(ListView.java:523)

                at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1836)

                at org.apache.wicket.Component.onBeforeRender(Component.java:3916)

                at org.apache.wicket.Page.onBeforeRender(Page.java:801)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236)

                at org.apache.wicket.Page.internalPrepareForRender(Page.java:242)

                at org.apache.wicket.Component.render(Component.java:2325)

                at org.apache.wicket.Page.renderPage(Page.java:1018)

                at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124)

                at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236)

                at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)

                at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)

                at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)

                at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)

                at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)

                at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)

                at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)

                at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)

                at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:158)

                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)

                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)

                at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:116)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:167)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:19,824 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:19,826 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null'; against '/web/**'

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null with /web/**

2017-07-12 12:44:21,005 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:21,006 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:21,008 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:21,008 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 locking in mode WRITE

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 got the lock in mode WRITE

------------------------------------------------------------------------------------------------------------------------

Kind Regards,

Steve Omondi

Geospatial Software Developer

Ramani Online, Ramani Geosystems.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, July 11, 2017 8:55 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hello Steve,

 

the protocol takes automatically the user information from the provider. Basically once the authentication is successful, GeoServer asks to the OAuth2 Provider endpoint for the user profile. It will the use those stuff to create a user. If you need more access to the resources, you will need to create or configure a RoleService or a GroupRoleService that links the user create through Google to internal GeoServer roles.

 

In your specific case, what's happening is that the authentication fails in some point. Usually the problem is that you are trying to use an HTTPS endpoint (the google one) from and HTTP connection.

 

Try to rise up the log level of GeoServer to VERBOSE, try again and you should be able to find the cause of the issue into the geoserver.log file.

 

The typical cause when using Google is that you haven't correctly imported the SSL certificate into the trust-store.

 

See the steps here

 

 

 

 

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Mon, Jul 10, 2017 at 4:58 PM, Steve Omondi <[hidden email]> wrote:

Hi Fabian,

 

I have been able to get the oauth2-google extension working somehow but not completely.

 

Here is what happens:

 

When I Click on the Google Icon, I provide my Google credentials and according to the Logs in connects to Google and adds my Geoserver as a connected application to My Account.

 

However, I'm redirected back to the redirect_uri without logging in.

 

My Question is, how do I I declare the user_id in Geoserver (like how would I declare my email as my user id in Geoserver before hand) for Oauth2 too Authenticate against?

 

Or, how exactly does the Oauth 2, give access to a google account?


Kind regards,

Steve Omondi

 

On Fri, Jul 7, 2017 at 1:29 PM, Steve Omondi <[hidden email]> wrote:

Sure thing

Kind Regards,

Steve Omondi

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 1:27 PM
To: [hidden email]
Cc: [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

I had just a quick look at the community package

 

 

and noticed that the zip contains also jars for oauth2-geonode and oauth2-github. They should not be there, at least not into the google zip file. Although the Oauth2 plugin should be able to manage more oauth2 plugins (something that I need to double check also), each plugin should contain just its jars. Maybe an issue with the community/release.xml configuration file (I will fix it ASAP).

 

 

As a quick test you can try to remove those two jars from WEB-INF lib. I could not yet test if this solution fix the google auth, but it is worth to give a quick try if you can.

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Fri, Jul 7, 2017 at 12:55 PM, Steve Omondi <[hidden email]> wrote:

Thank you Alessio for that, if there is any way I can help with the DEBUG results, just let me know.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 12:53 PM
To: [hidden email]
Cc: [hidden email]; [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi all,

seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

 

I'll try to have a look at them as soon as I can.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

 

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

 

_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

 

 

 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

Alessio Fabiani-2
Hello Steve,
although the geonode message should not be there, it is only a warning. The real issue is the Bad Credentials exception.

You need to double check that you secret ids and client ids are correct. That message means that the oauth handshake could not be completed for some reason.

I wil try to debug the code by today if I can.


On Jul 12, 2017 13:09, "Steve Omondi" <[hidden email]> wrote:

Dear Fabian,

 

Following your advice, I was able to import the SSL Certificates for accounts.google.com:443 and googleapis to the cacerts (Java Keystore) after which the SSLHandshakeException: PKIX: unable to find valid certification path to requested target disappeared

This gives me confidence that the Keystore is working now.

 

However, when I login to Geoserver using the Google_Oauth2, nothing happens, it redirects back to the homepage /geoserver/web without Logging in.

 

Checking on users list the expected user id is not created.

 

In my GeoServer Log I still see:

 

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

 

This is even after I removed Geonode_Oauth2 and Github_Oauth2

 

Here is the full Geoserver Log: Kindly check if you can see something interesting

 

--------------------------------------------------------------------------------------------------------------------

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:12,340 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:12,386 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:12,387 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:12,389 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:12,391 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:12,391 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:12,415 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:12,416 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/j_spring_oauth2_google_login, QueryString: null'; against '/web/**'

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/j_spring_oauth2_google_login, QueryString: null with /web/**

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:13,378 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:13,381 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:13,381 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/j_spring_oauth2_google_login]

2017-07-12 12:44:13,382 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/gwc/rest/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s with /

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,572 DEBUG [geoserver.security] - preAuthenticatedPrincipal = [hidden email], trying to authenticate

2017-07-12 12:44:16,592 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/]

2017-07-12 12:44:16,593 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /index.html, QueryString: null with /**

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,604 DEBUG [geoserver.security] - Cleaned out Session Access Token Request!

2017-07-12 12:44:16,606 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/index.html]

2017-07-12 12:44:16,608 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,650 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,651 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:16,651 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:16,680 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,681 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,682 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:16,685 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:16,685 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:16,701 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:16,702 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check

2017-07-12 12:44:19,465 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Request is to process authentication

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@96df79f2: Principal: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true;  [ ADMIN,ROLE_ADMINISTRATOR ] ; Credentials: [PROTECTED]; Authenticated: true; Details: org.geoserver.security.filter.GeoServerWebAuthenticationDetails@380f4: RemoteIpAddress: 192.168.1.185; SessionId: 5010AF856DDCF4188D265B2B03236A22; Granted Authorities: ADMIN, ROLE_ADMINISTRATOR, ROLE_AUTHENTICATED

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Remember-me login not requested.

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web, QueryString: null with /web/**

2017-07-12 12:44:19,572 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,573 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,575 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web]

2017-07-12 12:44:19,576 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,595 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:19,595 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:19,780 DEBUG [geoserver.security] - Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

                at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:98)

                at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

                at org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:82)

                at org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)

                at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)

                at org.geoserver.security.GeoServerSecurityManager.checkForDefaultAdminPassword(GeoServerSecurityManager.java:1493)

                at org.geoserver.security.web.SecurityHomePageContentProvider$SecurityWarningsPanel.<init>(SecurityHomePageContentProvider.java:105)

                at org.geoserver.security.web.SecurityHomePageContentProvider.getPageBodyComponent(SecurityHomePageContentProvider.java:47)

                at org.geoserver.web.GeoServerHomePage$1.populateItem(GeoServerHomePage.java:129)

                at org.apache.wicket.markup.html.list.ListView.onPopulate(ListView.java:523)

                at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1836)

                at org.apache.wicket.Component.onBeforeRender(Component.java:3916)

                at org.apache.wicket.Page.onBeforeRender(Page.java:801)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236)

                at org.apache.wicket.Page.internalPrepareForRender(Page.java:242)

                at org.apache.wicket.Component.render(Component.java:2325)

                at org.apache.wicket.Page.renderPage(Page.java:1018)

                at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124)

                at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236)

                at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)

                at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)

                at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)

                at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)

                at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)

                at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)

                at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)

                at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)

                at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:158)

                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)

                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)

                at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:116)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:167)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:19,824 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:19,826 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null'; against '/web/**'

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null with /web/**

2017-07-12 12:44:21,005 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:21,006 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:21,008 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:21,008 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 locking in mode WRITE

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 got the lock in mode WRITE

------------------------------------------------------------------------------------------------------------------------

Kind Regards,

Steve Omondi

Geospatial Software Developer

Ramani Online, Ramani Geosystems.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, July 11, 2017 8:55 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hello Steve,

 

the protocol takes automatically the user information from the provider. Basically once the authentication is successful, GeoServer asks to the OAuth2 Provider endpoint for the user profile. It will the use those stuff to create a user. If you need more access to the resources, you will need to create or configure a RoleService or a GroupRoleService that links the user create through Google to internal GeoServer roles.

 

In your specific case, what's happening is that the authentication fails in some point. Usually the problem is that you are trying to use an HTTPS endpoint (the google one) from and HTTP connection.

 

Try to rise up the log level of GeoServer to VERBOSE, try again and you should be able to find the cause of the issue into the geoserver.log file.

 

The typical cause when using Google is that you haven't correctly imported the SSL certificate into the trust-store.

 

See the steps here

 

 

 

 

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Mon, Jul 10, 2017 at 4:58 PM, Steve Omondi <[hidden email]> wrote:

Hi Fabian,

 

I have been able to get the oauth2-google extension working somehow but not completely.

 

Here is what happens:

 

When I Click on the Google Icon, I provide my Google credentials and according to the Logs in connects to Google and adds my Geoserver as a connected application to My Account.

 

However, I'm redirected back to the redirect_uri without logging in.

 

My Question is, how do I I declare the user_id in Geoserver (like how would I declare my email as my user id in Geoserver before hand) for Oauth2 too Authenticate against?

 

Or, how exactly does the Oauth 2, give access to a google account?


Kind regards,

Steve Omondi

 

On Fri, Jul 7, 2017 at 1:29 PM, Steve Omondi <[hidden email]> wrote:

Sure thing

Kind Regards,

Steve Omondi

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 1:27 PM
To: [hidden email]
Cc: [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

I had just a quick look at the community package

 

 

and noticed that the zip contains also jars for oauth2-geonode and oauth2-github. They should not be there, at least not into the google zip file. Although the Oauth2 plugin should be able to manage more oauth2 plugins (something that I need to double check also), each plugin should contain just its jars. Maybe an issue with the community/release.xml configuration file (I will fix it ASAP).

 

 

As a quick test you can try to remove those two jars from WEB-INF lib. I could not yet test if this solution fix the google auth, but it is worth to give a quick try if you can.

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Fri, Jul 7, 2017 at 12:55 PM, Steve Omondi <[hidden email]> wrote:

Thank you Alessio for that, if there is any way I can help with the DEBUG results, just let me know.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 12:53 PM
To: [hidden email]
Cc: [hidden email]; [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi all,

seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

 

I'll try to have a look at them as soon as I can.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

 

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

 

_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

 

 

 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

steve.omondi
Hi Fabiani,

So I decided to try Oauth2 with a simpler  application hosted on Tomcat (the same Tomcat hosting my Geoserver) and it works perfectly without raising SSL certificate Exception or Bad Credentials (the same configuration and credentials that I'm using for Oauth2-geoserver Authentication Filters).

Quick question: Which Role Source should Oauth2 use here
I choose to use Role Service.

 Inline image 1

Inferring from Geonode-Oauth2 tutorial, I see AuthKey REST has been used to create a REST Role Source with Base URL as the geonode-server; is this required for google-oauth2 filter? And what would be the Base URL.


Kind regards,
Steve Omondi

On Thu, Jul 13, 2017 at 8:23 AM, Alessio Fabiani <[hidden email]> wrote:
Hello Steve,
although the geonode message should not be there, it is only a warning. The real issue is the Bad Credentials exception.

You need to double check that you secret ids and client ids are correct. That message means that the oauth handshake could not be completed for some reason.

I wil try to debug the code by today if I can.


On Jul 12, 2017 13:09, "Steve Omondi" <[hidden email]> wrote:

Dear Fabian,

 

Following your advice, I was able to import the SSL Certificates for accounts.google.com:443 and googleapis to the cacerts (Java Keystore) after which the SSLHandshakeException: PKIX: unable to find valid certification path to requested target disappeared

This gives me confidence that the Keystore is working now.

 

However, when I login to Geoserver using the Google_Oauth2, nothing happens, it redirects back to the homepage /geoserver/web without Logging in.

 

Checking on users list the expected user id is not created.

 

In my GeoServer Log I still see:

 

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

 

This is even after I removed Geonode_Oauth2 and Github_Oauth2

 

Here is the full Geoserver Log: Kindly check if you can see something interesting

 

--------------------------------------------------------------------------------------------------------------------

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:12,340 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:12,386 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:12,387 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:12,389 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:12,391 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:12,391 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:12,415 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:12,416 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/j_spring_oauth2_google_login, QueryString: null'; against '/web/**'

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/j_spring_oauth2_google_login, QueryString: null with /web/**

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:13,378 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:13,381 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:13,381 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/j_spring_oauth2_google_login]

2017-07-12 12:44:13,382 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/gwc/rest/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s with /

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,572 DEBUG [geoserver.security] - preAuthenticatedPrincipal = [hidden email], trying to authenticate

2017-07-12 12:44:16,592 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/]

2017-07-12 12:44:16,593 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /index.html, QueryString: null with /**

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,604 DEBUG [geoserver.security] - Cleaned out Session Access Token Request!

2017-07-12 12:44:16,606 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/index.html]

2017-07-12 12:44:16,608 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,650 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,651 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:16,651 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:16,680 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,681 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,682 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:16,685 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:16,685 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:16,701 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:16,702 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check

2017-07-12 12:44:19,465 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Request is to process authentication

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@96df79f2: Principal: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true;  [ ADMIN,ROLE_ADMINISTRATOR ] ; Credentials: [PROTECTED]; Authenticated: true; Details: org.geoserver.security.filter.GeoServerWebAuthenticationDetails@380f4: RemoteIpAddress: 192.168.1.185; SessionId: 5010AF856DDCF4188D265B2B03236A22; Granted Authorities: ADMIN, ROLE_ADMINISTRATOR, ROLE_AUTHENTICATED

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Remember-me login not requested.

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web, QueryString: null with /web/**

2017-07-12 12:44:19,572 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,573 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,575 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web]

2017-07-12 12:44:19,576 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,595 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:19,595 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:19,780 DEBUG [geoserver.security] - Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

                at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:98)

                at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

                at org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:82)

                at org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)

                at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)

                at org.geoserver.security.GeoServerSecurityManager.checkForDefaultAdminPassword(GeoServerSecurityManager.java:1493)

                at org.geoserver.security.web.SecurityHomePageContentProvider$SecurityWarningsPanel.<init>(SecurityHomePageContentProvider.java:105)

                at org.geoserver.security.web.SecurityHomePageContentProvider.getPageBodyComponent(SecurityHomePageContentProvider.java:47)

                at org.geoserver.web.GeoServerHomePage$1.populateItem(GeoServerHomePage.java:129)

                at org.apache.wicket.markup.html.list.ListView.onPopulate(ListView.java:523)

                at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1836)

                at org.apache.wicket.Component.onBeforeRender(Component.java:3916)

                at org.apache.wicket.Page.onBeforeRender(Page.java:801)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236)

                at org.apache.wicket.Page.internalPrepareForRender(Page.java:242)

                at org.apache.wicket.Component.render(Component.java:2325)

                at org.apache.wicket.Page.renderPage(Page.java:1018)

                at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124)

                at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236)

                at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)

                at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)

                at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)

                at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)

                at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)

                at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)

                at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)

                at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)

                at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:158)

                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)

                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)

                at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:116)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:167)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:19,824 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:19,826 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null'; against '/web/**'

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null with /web/**

2017-07-12 12:44:21,005 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:21,006 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:21,008 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:21,008 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 locking in mode WRITE

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 got the lock in mode WRITE

------------------------------------------------------------------------------------------------------------------------

Kind Regards,

Steve Omondi

Geospatial Software Developer

Ramani Online, Ramani Geosystems.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, July 11, 2017 8:55 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hello Steve,

 

the protocol takes automatically the user information from the provider. Basically once the authentication is successful, GeoServer asks to the OAuth2 Provider endpoint for the user profile. It will the use those stuff to create a user. If you need more access to the resources, you will need to create or configure a RoleService or a GroupRoleService that links the user create through Google to internal GeoServer roles.

 

In your specific case, what's happening is that the authentication fails in some point. Usually the problem is that you are trying to use an HTTPS endpoint (the google one) from and HTTP connection.

 

Try to rise up the log level of GeoServer to VERBOSE, try again and you should be able to find the cause of the issue into the geoserver.log file.

 

The typical cause when using Google is that you haven't correctly imported the SSL certificate into the trust-store.

 

See the steps here

 

 

 

 

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Mon, Jul 10, 2017 at 4:58 PM, Steve Omondi <[hidden email]> wrote:

Hi Fabian,

 

I have been able to get the oauth2-google extension working somehow but not completely.

 

Here is what happens:

 

When I Click on the Google Icon, I provide my Google credentials and according to the Logs in connects to Google and adds my Geoserver as a connected application to My Account.

 

However, I'm redirected back to the redirect_uri without logging in.

 

My Question is, how do I I declare the user_id in Geoserver (like how would I declare my email as my user id in Geoserver before hand) for Oauth2 too Authenticate against?

 

Or, how exactly does the Oauth 2, give access to a google account?


Kind regards,

Steve Omondi

 

On Fri, Jul 7, 2017 at 1:29 PM, Steve Omondi <[hidden email]> wrote:

Sure thing

Kind Regards,

Steve Omondi

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 1:27 PM
To: [hidden email]
Cc: [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

I had just a quick look at the community package

 

 

and noticed that the zip contains also jars for oauth2-geonode and oauth2-github. They should not be there, at least not into the google zip file. Although the Oauth2 plugin should be able to manage more oauth2 plugins (something that I need to double check also), each plugin should contain just its jars. Maybe an issue with the community/release.xml configuration file (I will fix it ASAP).

 

 

As a quick test you can try to remove those two jars from WEB-INF lib. I could not yet test if this solution fix the google auth, but it is worth to give a quick try if you can.

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Fri, Jul 7, 2017 at 12:55 PM, Steve Omondi <[hidden email]> wrote:

Thank you Alessio for that, if there is any way I can help with the DEBUG results, just let me know.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 12:53 PM
To: [hidden email]
Cc: [hidden email]; [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi all,

seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

 

I'll try to have a look at them as soon as I can.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

 

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

 

_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

 

 

 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

steve.omondi
And BTW Fabiani, it's fair to note to you that, Google Authentication actually goes through successfully.
When I use the G+ Login
Inline image 1

When I refresh a Gmail or the Simple Website I mentioned they are Logged in.

In my own diagnosis, I think the challenge is at the point where the User_Id (for example [hidden email]) is supposed to be created in Geoserver as a User. It doesn't happen and the you are redirected back to /geoserver/web because Geoserver doesn't know this user.

So how do we make sure this user_id is created in Geoserver so that Geoserver can recognize them against the toke provided by Google-Oauth2?

Kind regards,
Steve Omondi

On Fri, Jul 14, 2017 at 10:01 AM, Steve Omondi <[hidden email]> wrote:
Hi Fabiani,

So I decided to try Oauth2 with a simpler  application hosted on Tomcat (the same Tomcat hosting my Geoserver) and it works perfectly without raising SSL certificate Exception or Bad Credentials (the same configuration and credentials that I'm using for Oauth2-geoserver Authentication Filters).

Quick question: Which Role Source should Oauth2 use here
I choose to use Role Service.

 Inline image 1

Inferring from Geonode-Oauth2 tutorial, I see AuthKey REST has been used to create a REST Role Source with Base URL as the geonode-server; is this required for google-oauth2 filter? And what would be the Base URL.


Kind regards,
Steve Omondi

On Thu, Jul 13, 2017 at 8:23 AM, Alessio Fabiani <[hidden email]> wrote:
Hello Steve,
although the geonode message should not be there, it is only a warning. The real issue is the Bad Credentials exception.

You need to double check that you secret ids and client ids are correct. That message means that the oauth handshake could not be completed for some reason.

I wil try to debug the code by today if I can.


On Jul 12, 2017 13:09, "Steve Omondi" <[hidden email]> wrote:

Dear Fabian,

 

Following your advice, I was able to import the SSL Certificates for accounts.google.com:443 and googleapis to the cacerts (Java Keystore) after which the SSLHandshakeException: PKIX: unable to find valid certification path to requested target disappeared

This gives me confidence that the Keystore is working now.

 

However, when I login to Geoserver using the Google_Oauth2, nothing happens, it redirects back to the homepage /geoserver/web without Logging in.

 

Checking on users list the expected user id is not created.

 

In my GeoServer Log I still see:

 

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

 

This is even after I removed Geonode_Oauth2 and Github_Oauth2

 

Here is the full Geoserver Log: Kindly check if you can see something interesting

 

--------------------------------------------------------------------------------------------------------------------

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:12,340 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:12,386 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:12,387 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:12,389 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:12,391 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:12,391 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:12,415 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:12,416 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/j_spring_oauth2_google_login, QueryString: null'; against '/web/**'

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/j_spring_oauth2_google_login, QueryString: null with /web/**

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:13,378 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:13,381 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:13,381 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/j_spring_oauth2_google_login]

2017-07-12 12:44:13,382 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/gwc/rest/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s with /

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,572 DEBUG [geoserver.security] - preAuthenticatedPrincipal = [hidden email], trying to authenticate

2017-07-12 12:44:16,592 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/]

2017-07-12 12:44:16,593 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /index.html, QueryString: null with /**

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,604 DEBUG [geoserver.security] - Cleaned out Session Access Token Request!

2017-07-12 12:44:16,606 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/index.html]

2017-07-12 12:44:16,608 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,650 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,651 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:16,651 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:16,680 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,681 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,682 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:16,685 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:16,685 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:16,701 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:16,702 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check

2017-07-12 12:44:19,465 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Request is to process authentication

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@96df79f2: Principal: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true;  [ ADMIN,ROLE_ADMINISTRATOR ] ; Credentials: [PROTECTED]; Authenticated: true; Details: org.geoserver.security.filter.GeoServerWebAuthenticationDetails@380f4: RemoteIpAddress: 192.168.1.185; SessionId: 5010AF856DDCF4188D265B2B03236A22; Granted Authorities: ADMIN, ROLE_ADMINISTRATOR, ROLE_AUTHENTICATED

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Remember-me login not requested.

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web, QueryString: null with /web/**

2017-07-12 12:44:19,572 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,573 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,575 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web]

2017-07-12 12:44:19,576 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,595 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:19,595 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:19,780 DEBUG [geoserver.security] - Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

                at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:98)

                at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

                at org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:82)

                at org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)

                at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)

                at org.geoserver.security.GeoServerSecurityManager.checkForDefaultAdminPassword(GeoServerSecurityManager.java:1493)

                at org.geoserver.security.web.SecurityHomePageContentProvider$SecurityWarningsPanel.<init>(SecurityHomePageContentProvider.java:105)

                at org.geoserver.security.web.SecurityHomePageContentProvider.getPageBodyComponent(SecurityHomePageContentProvider.java:47)

                at org.geoserver.web.GeoServerHomePage$1.populateItem(GeoServerHomePage.java:129)

                at org.apache.wicket.markup.html.list.ListView.onPopulate(ListView.java:523)

                at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1836)

                at org.apache.wicket.Component.onBeforeRender(Component.java:3916)

                at org.apache.wicket.Page.onBeforeRender(Page.java:801)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236)

                at org.apache.wicket.Page.internalPrepareForRender(Page.java:242)

                at org.apache.wicket.Component.render(Component.java:2325)

                at org.apache.wicket.Page.renderPage(Page.java:1018)

                at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124)

                at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236)

                at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)

                at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)

                at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)

                at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)

                at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)

                at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)

                at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)

                at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)

                at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:158)

                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)

                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)

                at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:116)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:167)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:19,824 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:19,826 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null'; against '/web/**'

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null with /web/**

2017-07-12 12:44:21,005 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:21,006 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:21,008 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:21,008 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 locking in mode WRITE

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 got the lock in mode WRITE

------------------------------------------------------------------------------------------------------------------------

Kind Regards,

Steve Omondi

Geospatial Software Developer

Ramani Online, Ramani Geosystems.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, July 11, 2017 8:55 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hello Steve,

 

the protocol takes automatically the user information from the provider. Basically once the authentication is successful, GeoServer asks to the OAuth2 Provider endpoint for the user profile. It will the use those stuff to create a user. If you need more access to the resources, you will need to create or configure a RoleService or a GroupRoleService that links the user create through Google to internal GeoServer roles.

 

In your specific case, what's happening is that the authentication fails in some point. Usually the problem is that you are trying to use an HTTPS endpoint (the google one) from and HTTP connection.

 

Try to rise up the log level of GeoServer to VERBOSE, try again and you should be able to find the cause of the issue into the geoserver.log file.

 

The typical cause when using Google is that you haven't correctly imported the SSL certificate into the trust-store.

 

See the steps here

 

 

 

 

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Mon, Jul 10, 2017 at 4:58 PM, Steve Omondi <[hidden email]> wrote:

Hi Fabian,

 

I have been able to get the oauth2-google extension working somehow but not completely.

 

Here is what happens:

 

When I Click on the Google Icon, I provide my Google credentials and according to the Logs in connects to Google and adds my Geoserver as a connected application to My Account.

 

However, I'm redirected back to the redirect_uri without logging in.

 

My Question is, how do I I declare the user_id in Geoserver (like how would I declare my email as my user id in Geoserver before hand) for Oauth2 too Authenticate against?

 

Or, how exactly does the Oauth 2, give access to a google account?


Kind regards,

Steve Omondi

 

On Fri, Jul 7, 2017 at 1:29 PM, Steve Omondi <[hidden email]> wrote:

Sure thing

Kind Regards,

Steve Omondi

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 1:27 PM
To: [hidden email]
Cc: [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

I had just a quick look at the community package

 

 

and noticed that the zip contains also jars for oauth2-geonode and oauth2-github. They should not be there, at least not into the google zip file. Although the Oauth2 plugin should be able to manage more oauth2 plugins (something that I need to double check also), each plugin should contain just its jars. Maybe an issue with the community/release.xml configuration file (I will fix it ASAP).

 

 

As a quick test you can try to remove those two jars from WEB-INF lib. I could not yet test if this solution fix the google auth, but it is worth to give a quick try if you can.

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Fri, Jul 7, 2017 at 12:55 PM, Steve Omondi <[hidden email]> wrote:

Thank you Alessio for that, if there is any way I can help with the DEBUG results, just let me know.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 12:53 PM
To: [hidden email]
Cc: [hidden email]; [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi all,

seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

 

I'll try to have a look at them as soon as I can.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

 

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

 

_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

 

 

 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

steve.omondi
Hello Fabiani,

Did you manage to take a look at the google-oauth2 extension and the possible reason why i't doesn't create users in geoserver. I'm stuck in this loop and I don't understand anything going on anymore.

Kindly let me know if you do find any head way.

Thank you.

Kind regards,
Steve Omondi

On Fri, Jul 14, 2017 at 11:20 AM, Steve Omondi <[hidden email]> wrote:
And BTW Fabiani, it's fair to note to you that, Google Authentication actually goes through successfully.
When I use the G+ Login
Inline image 1

When I refresh a Gmail or the Simple Website I mentioned they are Logged in.

In my own diagnosis, I think the challenge is at the point where the User_Id (for example [hidden email]) is supposed to be created in Geoserver as a User. It doesn't happen and the you are redirected back to /geoserver/web because Geoserver doesn't know this user.

So how do we make sure this user_id is created in Geoserver so that Geoserver can recognize them against the toke provided by Google-Oauth2?

Kind regards,
Steve Omondi

On Fri, Jul 14, 2017 at 10:01 AM, Steve Omondi <[hidden email]> wrote:
Hi Fabiani,

So I decided to try Oauth2 with a simpler  application hosted on Tomcat (the same Tomcat hosting my Geoserver) and it works perfectly without raising SSL certificate Exception or Bad Credentials (the same configuration and credentials that I'm using for Oauth2-geoserver Authentication Filters).

Quick question: Which Role Source should Oauth2 use here
I choose to use Role Service.

 Inline image 1

Inferring from Geonode-Oauth2 tutorial, I see AuthKey REST has been used to create a REST Role Source with Base URL as the geonode-server; is this required for google-oauth2 filter? And what would be the Base URL.


Kind regards,
Steve Omondi

On Thu, Jul 13, 2017 at 8:23 AM, Alessio Fabiani <[hidden email]> wrote:
Hello Steve,
although the geonode message should not be there, it is only a warning. The real issue is the Bad Credentials exception.

You need to double check that you secret ids and client ids are correct. That message means that the oauth handshake could not be completed for some reason.

I wil try to debug the code by today if I can.


On Jul 12, 2017 13:09, "Steve Omondi" <[hidden email]> wrote:

Dear Fabian,

 

Following your advice, I was able to import the SSL Certificates for accounts.google.com:443 and googleapis to the cacerts (Java Keystore) after which the SSLHandshakeException: PKIX: unable to find valid certification path to requested target disappeared

This gives me confidence that the Keystore is working now.

 

However, when I login to Geoserver using the Google_Oauth2, nothing happens, it redirects back to the homepage /geoserver/web without Logging in.

 

Checking on users list the expected user id is not created.

 

In my GeoServer Log I still see:

 

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

 

This is even after I removed Geonode_Oauth2 and Github_Oauth2

 

Here is the full Geoserver Log: Kindly check if you can see something interesting

 

--------------------------------------------------------------------------------------------------------------------

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:12,340 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:12,386 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:12,387 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:12,389 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:12,391 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:12,391 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:12,415 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:12,416 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/j_spring_oauth2_google_login, QueryString: null'; against '/web/**'

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/j_spring_oauth2_google_login, QueryString: null with /web/**

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:13,378 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:13,381 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:13,381 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/j_spring_oauth2_google_login]

2017-07-12 12:44:13,382 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/gwc/rest/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s with /

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,572 DEBUG [geoserver.security] - preAuthenticatedPrincipal = [hidden email], trying to authenticate

2017-07-12 12:44:16,592 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/]

2017-07-12 12:44:16,593 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /index.html, QueryString: null with /**

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,604 DEBUG [geoserver.security] - Cleaned out Session Access Token Request!

2017-07-12 12:44:16,606 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/index.html]

2017-07-12 12:44:16,608 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,650 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,651 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:16,651 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:16,680 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,681 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,682 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:16,685 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:16,685 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:16,701 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:16,702 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check

2017-07-12 12:44:19,465 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Request is to process authentication

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@96df79f2: Principal: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true;  [ ADMIN,ROLE_ADMINISTRATOR ] ; Credentials: [PROTECTED]; Authenticated: true; Details: org.geoserver.security.filter.GeoServerWebAuthenticationDetails@380f4: RemoteIpAddress: 192.168.1.185; SessionId: 5010AF856DDCF4188D265B2B03236A22; Granted Authorities: ADMIN, ROLE_ADMINISTRATOR, ROLE_AUTHENTICATED

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Remember-me login not requested.

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web, QueryString: null with /web/**

2017-07-12 12:44:19,572 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,573 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,575 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web]

2017-07-12 12:44:19,576 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,595 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:19,595 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:19,780 DEBUG [geoserver.security] - Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

                at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:98)

                at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

                at org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:82)

                at org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)

                at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)

                at org.geoserver.security.GeoServerSecurityManager.checkForDefaultAdminPassword(GeoServerSecurityManager.java:1493)

                at org.geoserver.security.web.SecurityHomePageContentProvider$SecurityWarningsPanel.<init>(SecurityHomePageContentProvider.java:105)

                at org.geoserver.security.web.SecurityHomePageContentProvider.getPageBodyComponent(SecurityHomePageContentProvider.java:47)

                at org.geoserver.web.GeoServerHomePage$1.populateItem(GeoServerHomePage.java:129)

                at org.apache.wicket.markup.html.list.ListView.onPopulate(ListView.java:523)

                at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1836)

                at org.apache.wicket.Component.onBeforeRender(Component.java:3916)

                at org.apache.wicket.Page.onBeforeRender(Page.java:801)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236)

                at org.apache.wicket.Page.internalPrepareForRender(Page.java:242)

                at org.apache.wicket.Component.render(Component.java:2325)

                at org.apache.wicket.Page.renderPage(Page.java:1018)

                at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124)

                at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236)

                at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)

                at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)

                at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)

                at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)

                at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)

                at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)

                at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)

                at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)

                at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:158)

                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)

                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)

                at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:116)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:167)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:19,824 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:19,826 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null'; against '/web/**'

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null with /web/**

2017-07-12 12:44:21,005 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:21,006 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:21,008 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:21,008 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 locking in mode WRITE

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 got the lock in mode WRITE

------------------------------------------------------------------------------------------------------------------------

Kind Regards,

Steve Omondi

Geospatial Software Developer

Ramani Online, Ramani Geosystems.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, July 11, 2017 8:55 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hello Steve,

 

the protocol takes automatically the user information from the provider. Basically once the authentication is successful, GeoServer asks to the OAuth2 Provider endpoint for the user profile. It will the use those stuff to create a user. If you need more access to the resources, you will need to create or configure a RoleService or a GroupRoleService that links the user create through Google to internal GeoServer roles.

 

In your specific case, what's happening is that the authentication fails in some point. Usually the problem is that you are trying to use an HTTPS endpoint (the google one) from and HTTP connection.

 

Try to rise up the log level of GeoServer to VERBOSE, try again and you should be able to find the cause of the issue into the geoserver.log file.

 

The typical cause when using Google is that you haven't correctly imported the SSL certificate into the trust-store.

 

See the steps here

 

 

 

 

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Mon, Jul 10, 2017 at 4:58 PM, Steve Omondi <[hidden email]> wrote:

Hi Fabian,

 

I have been able to get the oauth2-google extension working somehow but not completely.

 

Here is what happens:

 

When I Click on the Google Icon, I provide my Google credentials and according to the Logs in connects to Google and adds my Geoserver as a connected application to My Account.

 

However, I'm redirected back to the redirect_uri without logging in.

 

My Question is, how do I I declare the user_id in Geoserver (like how would I declare my email as my user id in Geoserver before hand) for Oauth2 too Authenticate against?

 

Or, how exactly does the Oauth 2, give access to a google account?


Kind regards,

Steve Omondi

 

On Fri, Jul 7, 2017 at 1:29 PM, Steve Omondi <[hidden email]> wrote:

Sure thing

Kind Regards,

Steve Omondi

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 1:27 PM
To: [hidden email]
Cc: [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

I had just a quick look at the community package

 

 

and noticed that the zip contains also jars for oauth2-geonode and oauth2-github. They should not be there, at least not into the google zip file. Although the Oauth2 plugin should be able to manage more oauth2 plugins (something that I need to double check also), each plugin should contain just its jars. Maybe an issue with the community/release.xml configuration file (I will fix it ASAP).

 

 

As a quick test you can try to remove those two jars from WEB-INF lib. I could not yet test if this solution fix the google auth, but it is worth to give a quick try if you can.

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Fri, Jul 7, 2017 at 12:55 PM, Steve Omondi <[hidden email]> wrote:

Thank you Alessio for that, if there is any way I can help with the DEBUG results, just let me know.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 12:53 PM
To: [hidden email]
Cc: [hidden email]; [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi all,

seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

 

I'll try to have a look at them as soon as I can.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

 

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

 

_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

 

 

 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users





------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

Alessio Fabiani-2
Hi Steve, sorry for the delay, I'm on leave these days.

So, Authentication is different from Authorization. The OAuth2 plugin per-se does only Authentication. In order to update the Authorization also you will need to user (or create) an, either, GeoServerRoleService or GeoServerUserGroupService.

Those are pluggable and they have interfaces allowing you to easily extend them, but they must be written in Java.

Here really depends on your use case and what you want to achieve.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Mon, Jul 17, 2017 at 4:51 PM, Steve Omondi <[hidden email]> wrote:
Hello Fabiani,

Did you manage to take a look at the google-oauth2 extension and the possible reason why i't doesn't create users in geoserver. I'm stuck in this loop and I don't understand anything going on anymore.

Kindly let me know if you do find any head way.

Thank you.

Kind regards,
Steve Omondi

On Fri, Jul 14, 2017 at 11:20 AM, Steve Omondi <[hidden email]> wrote:
And BTW Fabiani, it's fair to note to you that, Google Authentication actually goes through successfully.
When I use the G+ Login
Inline image 1

When I refresh a Gmail or the Simple Website I mentioned they are Logged in.

In my own diagnosis, I think the challenge is at the point where the User_Id (for example [hidden email]) is supposed to be created in Geoserver as a User. It doesn't happen and the you are redirected back to /geoserver/web because Geoserver doesn't know this user.

So how do we make sure this user_id is created in Geoserver so that Geoserver can recognize them against the toke provided by Google-Oauth2?

Kind regards,
Steve Omondi

On Fri, Jul 14, 2017 at 10:01 AM, Steve Omondi <[hidden email]> wrote:
Hi Fabiani,

So I decided to try Oauth2 with a simpler  application hosted on Tomcat (the same Tomcat hosting my Geoserver) and it works perfectly without raising SSL certificate Exception or Bad Credentials (the same configuration and credentials that I'm using for Oauth2-geoserver Authentication Filters).

Quick question: Which Role Source should Oauth2 use here
I choose to use Role Service.

 Inline image 1

Inferring from Geonode-Oauth2 tutorial, I see AuthKey REST has been used to create a REST Role Source with Base URL as the geonode-server; is this required for google-oauth2 filter? And what would be the Base URL.


Kind regards,
Steve Omondi

On Thu, Jul 13, 2017 at 8:23 AM, Alessio Fabiani <[hidden email]> wrote:
Hello Steve,
although the geonode message should not be there, it is only a warning. The real issue is the Bad Credentials exception.

You need to double check that you secret ids and client ids are correct. That message means that the oauth handshake could not be completed for some reason.

I wil try to debug the code by today if I can.


On Jul 12, 2017 13:09, "Steve Omondi" <[hidden email]> wrote:

Dear Fabian,

 

Following your advice, I was able to import the SSL Certificates for accounts.google.com:443 and googleapis to the cacerts (Java Keystore) after which the SSLHandshakeException: PKIX: unable to find valid certification path to requested target disappeared

This gives me confidence that the Keystore is working now.

 

However, when I login to Geoserver using the Google_Oauth2, nothing happens, it redirects back to the homepage /geoserver/web without Logging in.

 

Checking on users list the expected user id is not created.

 

In my GeoServer Log I still see:

 

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

 

This is even after I removed Geonode_Oauth2 and Github_Oauth2

 

Here is the full Geoserver Log: Kindly check if you can see something interesting

 

--------------------------------------------------------------------------------------------------------------------

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:12,340 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:12,386 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:12,387 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:12,389 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:12,391 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:12,391 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:12,415 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:12,416 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/j_spring_oauth2_google_login, QueryString: null'; against '/web/**'

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/j_spring_oauth2_google_login, QueryString: null with /web/**

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:13,378 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:13,381 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:13,381 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/j_spring_oauth2_google_login]

2017-07-12 12:44:13,382 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/gwc/rest/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s with /

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,572 DEBUG [geoserver.security] - preAuthenticatedPrincipal = [hidden email], trying to authenticate

2017-07-12 12:44:16,592 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/]

2017-07-12 12:44:16,593 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /index.html, QueryString: null with /**

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,604 DEBUG [geoserver.security] - Cleaned out Session Access Token Request!

2017-07-12 12:44:16,606 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/index.html]

2017-07-12 12:44:16,608 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,650 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,651 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:16,651 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:16,680 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,681 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,682 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:16,685 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:16,685 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:16,701 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:16,702 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check

2017-07-12 12:44:19,465 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Request is to process authentication

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@96df79f2: Principal: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true;  [ ADMIN,ROLE_ADMINISTRATOR ] ; Credentials: [PROTECTED]; Authenticated: true; Details: org.geoserver.security.filter.GeoServerWebAuthenticationDetails@380f4: RemoteIpAddress: 192.168.1.185; SessionId: 5010AF856DDCF4188D265B2B03236A22; Granted Authorities: ADMIN, ROLE_ADMINISTRATOR, ROLE_AUTHENTICATED

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Remember-me login not requested.

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web, QueryString: null with /web/**

2017-07-12 12:44:19,572 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,573 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,575 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web]

2017-07-12 12:44:19,576 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,595 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:19,595 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:19,780 DEBUG [geoserver.security] - Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

                at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:98)

                at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

                at org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:82)

                at org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)

                at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)

                at org.geoserver.security.GeoServerSecurityManager.checkForDefaultAdminPassword(GeoServerSecurityManager.java:1493)

                at org.geoserver.security.web.SecurityHomePageContentProvider$SecurityWarningsPanel.<init>(SecurityHomePageContentProvider.java:105)

                at org.geoserver.security.web.SecurityHomePageContentProvider.getPageBodyComponent(SecurityHomePageContentProvider.java:47)

                at org.geoserver.web.GeoServerHomePage$1.populateItem(GeoServerHomePage.java:129)

                at org.apache.wicket.markup.html.list.ListView.onPopulate(ListView.java:523)

                at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1836)

                at org.apache.wicket.Component.onBeforeRender(Component.java:3916)

                at org.apache.wicket.Page.onBeforeRender(Page.java:801)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236)

                at org.apache.wicket.Page.internalPrepareForRender(Page.java:242)

                at org.apache.wicket.Component.render(Component.java:2325)

                at org.apache.wicket.Page.renderPage(Page.java:1018)

                at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124)

                at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236)

                at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)

                at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)

                at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)

                at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)

                at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)

                at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)

                at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)

                at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)

                at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:158)

                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)

                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)

                at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:116)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:167)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:19,824 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:19,826 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null'; against '/web/**'

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null with /web/**

2017-07-12 12:44:21,005 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:21,006 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:21,008 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:21,008 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 locking in mode WRITE

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 got the lock in mode WRITE

------------------------------------------------------------------------------------------------------------------------

Kind Regards,

Steve Omondi

Geospatial Software Developer

Ramani Online, Ramani Geosystems.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, July 11, 2017 8:55 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hello Steve,

 

the protocol takes automatically the user information from the provider. Basically once the authentication is successful, GeoServer asks to the OAuth2 Provider endpoint for the user profile. It will the use those stuff to create a user. If you need more access to the resources, you will need to create or configure a RoleService or a GroupRoleService that links the user create through Google to internal GeoServer roles.

 

In your specific case, what's happening is that the authentication fails in some point. Usually the problem is that you are trying to use an HTTPS endpoint (the google one) from and HTTP connection.

 

Try to rise up the log level of GeoServer to VERBOSE, try again and you should be able to find the cause of the issue into the geoserver.log file.

 

The typical cause when using Google is that you haven't correctly imported the SSL certificate into the trust-store.

 

See the steps here

 

 

 

 

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Mon, Jul 10, 2017 at 4:58 PM, Steve Omondi <[hidden email]> wrote:

Hi Fabian,

 

I have been able to get the oauth2-google extension working somehow but not completely.

 

Here is what happens:

 

When I Click on the Google Icon, I provide my Google credentials and according to the Logs in connects to Google and adds my Geoserver as a connected application to My Account.

 

However, I'm redirected back to the redirect_uri without logging in.

 

My Question is, how do I I declare the user_id in Geoserver (like how would I declare my email as my user id in Geoserver before hand) for Oauth2 too Authenticate against?

 

Or, how exactly does the Oauth 2, give access to a google account?


Kind regards,

Steve Omondi

 

On Fri, Jul 7, 2017 at 1:29 PM, Steve Omondi <[hidden email]> wrote:

Sure thing

Kind Regards,

Steve Omondi

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 1:27 PM
To: [hidden email]
Cc: [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

I had just a quick look at the community package

 

 

and noticed that the zip contains also jars for oauth2-geonode and oauth2-github. They should not be there, at least not into the google zip file. Although the Oauth2 plugin should be able to manage more oauth2 plugins (something that I need to double check also), each plugin should contain just its jars. Maybe an issue with the community/release.xml configuration file (I will fix it ASAP).

 

 

As a quick test you can try to remove those two jars from WEB-INF lib. I could not yet test if this solution fix the google auth, but it is worth to give a quick try if you can.

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Fri, Jul 7, 2017 at 12:55 PM, Steve Omondi <[hidden email]> wrote:

Thank you Alessio for that, if there is any way I can help with the DEBUG results, just let me know.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 12:53 PM
To: [hidden email]
Cc: [hidden email]; [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi all,

seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

 

I'll try to have a look at them as soon as I can.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

 

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

 

_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

 

 

 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users






------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Oauth2-Google and Geofence Connection

steve.omondi
Hello Alessio,

For the difference between Authentication and Authorization in Geoserver is clear...

The Authorization I'll manage manually after the authentication is successful.

My problem is I can't see the user created by Google-Oauth2 in Geoserver or perhaps it's not created.

I'm using the default GeoserverUserGroupServer or RoleService - this is based on Digest Authentication, is this okay. If it's not okay then it means I have to create a new GroupService or RoleService in Geoserver.

When I Go To  Add New GroupService, what option should I choose between XML, LDAP, JDBC? What configurations should I use in the form below?
Inline image 1

From that  form with the Oauth extensions installed, only the three (XML, LDAP & JDBC are avaiable).



Kind regards,
Steve Omondi

On Wed, Jul 19, 2017 at 12:25 PM, Alessio Fabiani <[hidden email]> wrote:
Hi Steve, sorry for the delay, I'm on leave these days.

So, Authentication is different from Authorization. The OAuth2 plugin per-se does only Authentication. In order to update the Authorization also you will need to user (or create) an, either, GeoServerRoleService or GeoServerUserGroupService.

Those are pluggable and they have interfaces allowing you to easily extend them, but they must be written in Java.

Here really depends on your use case and what you want to achieve.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.


On Mon, Jul 17, 2017 at 4:51 PM, Steve Omondi <[hidden email]> wrote:
Hello Fabiani,

Did you manage to take a look at the google-oauth2 extension and the possible reason why i't doesn't create users in geoserver. I'm stuck in this loop and I don't understand anything going on anymore.

Kindly let me know if you do find any head way.

Thank you.

Kind regards,
Steve Omondi

On Fri, Jul 14, 2017 at 11:20 AM, Steve Omondi <[hidden email]> wrote:
And BTW Fabiani, it's fair to note to you that, Google Authentication actually goes through successfully.
When I use the G+ Login
Inline image 1

When I refresh a Gmail or the Simple Website I mentioned they are Logged in.

In my own diagnosis, I think the challenge is at the point where the User_Id (for example [hidden email]) is supposed to be created in Geoserver as a User. It doesn't happen and the you are redirected back to /geoserver/web because Geoserver doesn't know this user.

So how do we make sure this user_id is created in Geoserver so that Geoserver can recognize them against the toke provided by Google-Oauth2?

Kind regards,
Steve Omondi

On Fri, Jul 14, 2017 at 10:01 AM, Steve Omondi <[hidden email]> wrote:
Hi Fabiani,

So I decided to try Oauth2 with a simpler  application hosted on Tomcat (the same Tomcat hosting my Geoserver) and it works perfectly without raising SSL certificate Exception or Bad Credentials (the same configuration and credentials that I'm using for Oauth2-geoserver Authentication Filters).

Quick question: Which Role Source should Oauth2 use here
I choose to use Role Service.

 Inline image 1

Inferring from Geonode-Oauth2 tutorial, I see AuthKey REST has been used to create a REST Role Source with Base URL as the geonode-server; is this required for google-oauth2 filter? And what would be the Base URL.


Kind regards,
Steve Omondi

On Thu, Jul 13, 2017 at 8:23 AM, Alessio Fabiani <[hidden email]> wrote:
Hello Steve,
although the geonode message should not be there, it is only a warning. The real issue is the Bad Credentials exception.

You need to double check that you secret ids and client ids are correct. That message means that the oauth handshake could not be completed for some reason.

I wil try to debug the code by today if I can.


On Jul 12, 2017 13:09, "Steve Omondi" <[hidden email]> wrote:

Dear Fabian,

 

Following your advice, I was able to import the SSL Certificates for accounts.google.com:443 and googleapis to the cacerts (Java Keystore) after which the SSLHandshakeException: PKIX: unable to find valid certification path to requested target disappeared

This gives me confidence that the Keystore is working now.

 

However, when I login to Geoserver using the Google_Oauth2, nothing happens, it redirects back to the homepage /geoserver/web without Logging in.

 

Checking on users list the expected user id is not created.

 

In my GeoServer Log I still see:

 

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

 

This is even after I removed Geonode_Oauth2 and Github_Oauth2

 

Here is the full Geoserver Log: Kindly check if you can see something interesting

 

--------------------------------------------------------------------------------------------------------------------

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:12,340 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:12,340 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:12,386 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:12,387 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:12,389 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:12,391 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:12,391 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:12,415 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:12,416 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/j_spring_oauth2_google_login, QueryString: null'; against '/web/**'

2017-07-12 12:44:13,374 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/j_spring_oauth2_google_login, QueryString: null with /web/**

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:13,375 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:13,378 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:13,381 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:13,381 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/j_spring_oauth2_google_login]

2017-07-12 12:44:13,382 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/gwc/rest/web/**'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s'; against '/'

2017-07-12 12:44:14,158 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /, QueryString: code=4/ut2thMxmlKm2ULuz3zDt5Gm1S6_kpUSjIs7fJo0sb7s with /

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:14,158 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,572 DEBUG [geoserver.security] - preAuthenticatedPrincipal = [hidden email], trying to authenticate

2017-07-12 12:44:16,592 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/]

2017-07-12 12:44:16,593 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_check/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/j_spring_security_logout/'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/gwc/rest/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /index.html, QueryString: null'; against '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Request matched by universal pattern '/**'

2017-07-12 12:44:16,603 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /index.html, QueryString: null with /**

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,603 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,604 DEBUG [geoserver.security] - Cleaned out Session Access Token Request!

2017-07-12 12:44:16,606 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/index.html]

2017-07-12 12:44:16,608 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:16,650 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:16,651 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:16,651 DEBUG [geoserver.filters] - Creating a new http session inside the web UI (normal behavior)

java.lang.Exception: Full stack trace for the session creation path

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:92)

                at org.geoserver.filters.SessionDebugFilter$SessionDebugWrapper.getSession(SessionDebugFilter.java:70)

                at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:240)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:50)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:16,680 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:16,681 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:16,682 DEBUG [geoserver.security] - preAuthenticatedPrincipal = null, trying to authenticate

2017-07-12 12:44:16,685 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:16,685 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:16,701 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:16,702 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/gwc/rest/web/**'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /j_spring_security_check, QueryString: null'; against '/j_spring_security_check'

2017-07-12 12:44:19,465 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /j_spring_security_check, QueryString: null with /j_spring_security_check

2017-07-12 12:44:19,465 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Request is to process authentication

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@96df79f2: Principal: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired: true; AccountNonLocked: true;  [ ADMIN,ROLE_ADMINISTRATOR ] ; Credentials: [PROTECTED]; Authenticated: true; Details: org.geoserver.security.filter.GeoServerWebAuthenticationDetails@380f4: RemoteIpAddress: 192.168.1.185; SessionId: 5010AF856DDCF4188D265B2B03236A22; Granted Authorities: ADMIN, ROLE_ADMINISTRATOR, ROLE_AUTHENTICATED

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Did not send remember-me cookie (principal did not set parameter '_spring_security_remember_me')

2017-07-12 12:44:19,556 DEBUG [rememberme.GeoServerTokenBasedRememberMeServices] - Remember-me login not requested.

2017-07-12 12:44:19,556 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,572 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web, QueryString: null with /web/**

2017-07-12 12:44:19,572 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,573 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,575 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web]

2017-07-12 12:44:19,576 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/, QueryString: null'; against '/web/**'

2017-07-12 12:44:19,592 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/, QueryString: null with /web/**

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:19,592 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:19,595 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:19,595 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/]

2017-07-12 12:44:19,780 DEBUG [geoserver.security] - Bad credentials

org.springframework.security.authentication.BadCredentialsException: Bad credentials

                at org.springframework.security.authentication.dao.DaoAuthenticationProvider.additionalAuthenticationChecks(DaoAuthenticationProvider.java:98)

                at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:165)

                at org.geoserver.security.auth.UsernamePasswordAuthenticationProvider.authenticate(UsernamePasswordAuthenticationProvider.java:82)

                at org.geoserver.security.GeoServerAuthenticationProvider.authenticate(GeoServerAuthenticationProvider.java:58)

                at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)

                at org.geoserver.security.GeoServerSecurityManager.checkForDefaultAdminPassword(GeoServerSecurityManager.java:1493)

                at org.geoserver.security.web.SecurityHomePageContentProvider$SecurityWarningsPanel.<init>(SecurityHomePageContentProvider.java:105)

                at org.geoserver.security.web.SecurityHomePageContentProvider.getPageBodyComponent(SecurityHomePageContentProvider.java:47)

                at org.geoserver.web.GeoServerHomePage$1.populateItem(GeoServerHomePage.java:129)

                at org.apache.wicket.markup.html.list.ListView.onPopulate(ListView.java:523)

                at org.apache.wicket.markup.repeater.AbstractRepeater.onBeforeRender(AbstractRepeater.java:124)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.MarkupContainer.onBeforeRenderChildren(MarkupContainer.java:1836)

                at org.apache.wicket.Component.onBeforeRender(Component.java:3916)

                at org.apache.wicket.Page.onBeforeRender(Page.java:801)

                at org.apache.wicket.Component.internalBeforeRender(Component.java:950)

                at org.apache.wicket.Component.beforeRender(Component.java:1018)

                at org.apache.wicket.Component.internalPrepareForRender(Component.java:2236)

                at org.apache.wicket.Page.internalPrepareForRender(Page.java:242)

                at org.apache.wicket.Component.render(Component.java:2325)

                at org.apache.wicket.Page.renderPage(Page.java:1018)

                at org.apache.wicket.request.handler.render.WebPageRenderer.renderPage(WebPageRenderer.java:124)

                at org.apache.wicket.request.handler.render.WebPageRenderer.respond(WebPageRenderer.java:236)

                at org.apache.wicket.core.request.handler.RenderPageRequestHandler.respond(RenderPageRequestHandler.java:175)

                at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)

                at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)

                at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)

                at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)

                at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)

                at org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)

                at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)

                at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:137)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.springframework.web.servlet.mvc.ServletWrappingController.handleRequestInternal(ServletWrappingController.java:158)

                at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:147)

                at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)

                at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:28)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:75)

                at org.geoserver.wms.animate.AnimatorFilter.doFilter(AnimatorFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:71)

                at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:46)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:50)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:54)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:116)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:157)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.oauth2.GeoServerOAuthAuthenticationFilter.doFilter(GeoServerOAuthAuthenticationFilter.java:167)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:69)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:53)

                at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:73)

                at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:152)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:87)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:89)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:42)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:48)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:44)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)

                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)

                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)

                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)

                at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)

                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

                at java.lang.Thread.run(Thread.java:748)

2017-07-12 12:44:19,824 DEBUG [geoserver.filters] - Compressing output for mimetype: text/html;charset=UTF-8

2017-07-12 12:44:19,826 DEBUG [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Checking match of request : 'Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null'; against '/web/**'

2017-07-12 12:44:21,005 DEBUG [security.IncludeQueryStringAntPathRequestMatcher] - Matched Path: /web/wicket/bookmarkable/org.geoserver.web.admin.logpage, QueryString: null with /web/**

2017-07-12 12:44:21,005 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-12 12:44:21,006 DEBUG [geoserver.security] - Found 1 cookies!

2017-07-12 12:44:21,008 DEBUG [geoserver.ows] - Could not a layer group named web

2017-07-12 12:44:21,008 TRACE [ows.OWSHandlerMapping] - No handler mapping found for [/web/wicket/bookmarkable/org.geoserver.web.admin.LogPage]

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 locking in mode WRITE

2017-07-12 12:44:21,009 DEBUG [org.geoserver] - Thread 118 got the lock in mode WRITE

------------------------------------------------------------------------------------------------------------------------

Kind Regards,

Steve Omondi

Geospatial Software Developer

Ramani Online, Ramani Geosystems.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, July 11, 2017 8:55 AM
To: [hidden email]
Cc: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hello Steve,

 

the protocol takes automatically the user information from the provider. Basically once the authentication is successful, GeoServer asks to the OAuth2 Provider endpoint for the user profile. It will the use those stuff to create a user. If you need more access to the resources, you will need to create or configure a RoleService or a GroupRoleService that links the user create through Google to internal GeoServer roles.

 

In your specific case, what's happening is that the authentication fails in some point. Usually the problem is that you are trying to use an HTTPS endpoint (the google one) from and HTTP connection.

 

Try to rise up the log level of GeoServer to VERBOSE, try again and you should be able to find the cause of the issue into the geoserver.log file.

 

The typical cause when using Google is that you haven't correctly imported the SSL certificate into the trust-store.

 

See the steps here

 

 

 

 

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" value="+390584962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" value="+3905841660272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" value="+393316233686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Mon, Jul 10, 2017 at 4:58 PM, Steve Omondi <[hidden email]> wrote:

Hi Fabian,

 

I have been able to get the oauth2-google extension working somehow but not completely.

 

Here is what happens:

 

When I Click on the Google Icon, I provide my Google credentials and according to the Logs in connects to Google and adds my Geoserver as a connected application to My Account.

 

However, I'm redirected back to the redirect_uri without logging in.

 

My Question is, how do I I declare the user_id in Geoserver (like how would I declare my email as my user id in Geoserver before hand) for Oauth2 too Authenticate against?

 

Or, how exactly does the Oauth 2, give access to a google account?


Kind regards,

Steve Omondi

 

On Fri, Jul 7, 2017 at 1:29 PM, Steve Omondi <[hidden email]> wrote:

Sure thing

Kind Regards,

Steve Omondi

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 1:27 PM
To: [hidden email]
Cc: [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

I had just a quick look at the community package

 

 

and noticed that the zip contains also jars for oauth2-geonode and oauth2-github. They should not be there, at least not into the google zip file. Although the Oauth2 plugin should be able to manage more oauth2 plugins (something that I need to double check also), each plugin should contain just its jars. Maybe an issue with the community/release.xml configuration file (I will fix it ASAP).

 

 

As a quick test you can try to remove those two jars from WEB-INF lib. I could not yet test if this solution fix the google auth, but it is worth to give a quick try if you can.

 


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Fri, Jul 7, 2017 at 12:55 PM, Steve Omondi <[hidden email]> wrote:

Thank you Alessio for that, if there is any way I can help with the DEBUG results, just let me know.

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Friday, July 7, 2017 12:53 PM
To: [hidden email]
Cc: [hidden email]; [hidden email]


Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi all,

seems like there may be some dependencies configuration issues with the OAuth2 Google Plugin.

 

I'll try to have a look at them as soon as I can.


Regards,

Alessio Fabiani

==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==

Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:     <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
mob:   <a href="tel:331%20623%203686" target="_blank">+39 331 6233686

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

On Thu, Jul 6, 2017 at 4:20 PM, Steve Omondi <[hidden email]> wrote:

I appreciate Nuno.

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 4:16 PM
To: [hidden email]; [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

I juts make a test and indeed Google oauth2 seems to not be working at least in
GeoServer 2.12.x. (see attached GIF) and indeed no exception is logged.

The web UI integration seems to be a bit broke too:

 

The plugin google-oauth package is also including the github and geonode bindings ... this is probably no intended.

I only used \ configured this authentication method once with GeoServer so maybe I'm missing
something ... let's see if anyone can provide you a more valuable feedback.

Otherwise I will proceed with opening a bug report.

Note, I think that the person who wrote the google-oauth module will not be available this week and next week.

Regards,

Nuno Oliveira

On 07/06/2017 10:49 AM, Steve Omondi wrote:

Hi Nuno,

 

Attached is my Log file after raising to DEBUG Level

 

I has some interesting stuff, but I can’t figure out where the problem is raised.

 

For example. There is a point where Geoserver is looking for Geonode Session ID

 

Line 152: (and several other points)

2017-07-06 12:07:35,099 DEBUG [web.FilterChainProxy] - /web/ at position 2 of 7 in additional filter chain; firing Filter: 'GoogleOAuthAuthenticationFilter'

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Inspecting the http request looking for the GeoNode Session ID.

2017-07-06 12:07:35,099 DEBUG [geoserver.security] - Found 1 cookies!

 

What has this got to do with google-oauth2. I I’m not using geonode-oauth2 even though it was installed together with google-oauth2.

 

I’m using Geoserver 2.11.1 with geoserver-2.11-SNAPSHOT-sec-oauth2-google-plugin which had both geonode-oauth2 and GitHub-oauth2 bundled with it.

 

Kindly assist where possible.

 

 

Kind Regards,

Steve Omondi

Ramani Geosystems.

 

-----------------------------------------

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Thursday, July 6, 2017 11:35 AM
To: [hidden email]
Subject: Re: [Geoserver-users] Oauth2-Google and Geofence Connection

 

Hi,

GeoFence is not required, google-oauth module should work on is own.

I don't know much of the google-oauth module ... did you see any
exception on GeoServer logs ?

You change GeoServer logging level on the Global Settings:
http://docs.geoserver.org/latest/en/user/configuration/globalsettings.html#logging-profile

and view the logs in the GeoServer Logs menu entry on the left of GeoServer web UI.

Regards,

Nuno Oliveira

On 07/06/2017 08:20 AM, Steve Omondi wrote:

Hey Guys,

 

Does Enabling authentication using OAuth2 Google Extension for Geoserver require Geofence whatsoevcer?

 

I have installed the google-oauth2 extension and configured according to the provided docs however I’m not getting the desired behavior. While Geoserver is register under connected apps in my Google Account when I login to Geoserver with the my Google account, the google account is not added in Geoserver and the login does not happen.

 

 

Sent from Mail for Windows 10

 

 

https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif

Virus-free. www.avast.com

 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

 

_______________________________________________
Geoserver-users mailing list
 
Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html
 
[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 

 

-- 
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
 
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Software Engineer
 
GeoSolutions S.A.S.
Via di Montramito 3/A
55054  Massarosa (LU)
Italy
phone: <a href="tel:0584%20962313" target="_blank">+39 0584 962313
fax:      <a href="tel:0584%20166%200272" target="_blank">+39 0584 1660272
 
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
 
-------------------------------------------------------
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
 
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility  for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

 

 

 

 

 

 

 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users







------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this list:
- Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html

[hidden email]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Kind Regards, Steve Omondi GIS & DB Developer/DBA Ramani Online, Ramani Geosystems
Loading...