Re: [geonode] GeoNode/Geoserver REST issue
- From:
- Matt Bertrand
- Date:
- 2010-10-17 @ 15:01
I took a break from this problem for awhile but got back to it this
weekend and solved it by simply adding this WSGI parameter to my
Apache configuration file:
WSGIPassAuthorization On
It might be helpful to others to add a sample WSGI snippet for Apache
to the deployment doc. Something like this:
WSGIScriptAlias / <full path to geonode wsgi file>
WSGIProcessGroup geonodegroup
WSGIDaemonProcess geonodegroup user=<apache-user> group=<apache-
user> threads=25
WSGIPassAuthorization On
-Matt
On Oct 1, 2010, at 11:34 AM, David Winslow wrote:
> GeoServer in GeoNode is configured to act as though layers do not
> exist when the current user does not have permissions to read them.
>
> GeoServer in GeoNode is also configured to connect to the Django
> application over HTTP for user information and default to no
> permissions for anyone if the connection fails.
>
> So an empty layer list usually implies that GeoServer can't
> communicate with GeoNode over HTTP. You probably need to update
> webapps/geoserver-geonode-dev/WEB-INF/web.xml with a new servlet
> parameter, like this:
>
> <context-param>
> <param-name>GEONODE_BASE_URL</param-name>
> <param-value>http://localhost/</param-value>
> </context-param>
>
> This should be at the same level in the XML hierarchy as the other
> context-params; I usually put it after the commented-out
> GEOSERVER_DATA_DIR parameter so I have a handy reference point.
>
> If this doesn't resolve the issue, I think there will be some useful
> information in data/logs/geoserver.log that you can include in the
> next email.
>
> --
> David Winslow
> OpenGeo - http://opengeo.org/
>
> On Fri, Oct 1, 2010 at 11:17 AM, Matt Bertrand <mbertrand@cga.harvard.edu
> > wrote:
> Thanks Ariel,
>
> I made a new build this morning but forgot to unzip the latest
> geonode-
> client.zip. I've done that and now have the spiffy new header.
>
> -Matt
>
>
> On Oct 1, 2010, at 10:47 AM, Ariel Nunez wrote:
>
> > Matt,
> >
> > Are you using GeoNode's latest source? I ask because GeoNode now
> has a
> > sexier header (http://demo.geonode.org/) and I know there have been
> > updates to the upload code.
> >
> > Apart from that, the usual GeoNode deployment uses Apache's
> mod_proxy
> > to proxy GeoServer and GeoNetwork (and make it look like it's in
> port
> > 80 too), it also has WSGI directive to forward basic auth.
> >
> > I am sure either David or Gabriel would be able to give you more
> > GeoServer specific feedback.
> >
> > Best,
> > Ariel.
> >
> > On Fri, Oct 1, 2010 at 9:38 AM, Matt Bertrand <mbertrand@cga.harvard.edu
> > > wrote:
> >> Hello,
> >>
> >> I built GeoNode from the latest source and deployed it on a server
> >> (geonode.openwebmap.com) with Apache wsgi, and Tomcat 6 as the
> >> container for geoserver and geonetwork. But I've run into a
> problem
> >> with data - search returns no results from geoserver, and uploading
> >> data always "fails", although the shapefiles do get placed in the
> >> geoserver data directory (../workspaces/geonode/<layer_name>, ../
> >> data/
> >> <layer_name>).
> >>
> >> So far I've tracked it down to the results returned for
> >> "featuresets.xml" REST queries sent to Geoserver. For instance:
> >>
> >>
http://www.openwebmap.com:8000/geoserver-geonode-dev/rest/workspaces/base/datastores/distrits/featuretypes.xml
> >>
> >> Just returns <featureTypes/>
> >>
> >> but if I run Geonode using "paver host" instead, this works fine:
> >>
> >> wget
http://localhost:8001/geoserver/rest/workspaces/base/datastores/distrits/featuretypes.xml
> >>
> >> <featureTypes>
> >> <featureType>
> >> <name>distrits</name>
> >> <atom:link xmlns:atom="http://www.w3.org/2005/Atom"
> >> rel="alternate"
href="http://localhost:8001/geoserver/rest/workspaces/base/datastores/distrits/featureypes/distrits.xml
> >> " type="application/xml"/>
> >> </featureType>
> >> </featureTypes>
> >>
> >>
> >> Any idea why this might be happening? Some kind of configuration
> >> issue?
> >>
> >> Thanks in advance,
> >>
> >> -Matt
> >>
> >>
>
>
Re: [geonode] GeoNode/Geoserver REST issue
- From:
- Matt Bertrand
- Date:
- 2010-10-01 @ 19:45
Thanks David,
I actually do have that parameter in my web.xml, but there does seem
to be an authorization problem
(org.acegisecurity.ui.ExceptionTranslationFilter).
Here is a snippet of the geoserver log when I upload a shapefile:
2010-10-01 15:07:44,925 DEBUG [httpclient.HttpMethodBase] - enter
HttpMethodBase.processResponseHeaders(HttpState, HttpConnection)
2010-10-01 15:07:44,925 DEBUG [httpclient.HttpMethodBase] - enter
HttpMethodBase.processCookieHeaders(Header[], HttpState, HttpConnection)
2010-10-01 15:07:44,925 DEBUG [httpclient.HttpMethodBase] - enter
HttpMethodBase.readResponseBody(HttpState, HttpConnection)
2010-10-01 15:07:44,926 DEBUG [httpclient.HttpMethodBase] - enter
HttpMethodBase.readResponseBody(HttpConnection)
2010-10-01 15:07:44,926 DEBUG [httpclient.HttpConnection] - enter
HttpConnection.getResponseInputStream()
2010-10-01 15:07:44,926 DEBUG [httpclient.HttpMethodBase] - enter
HttpMethodBase.canResponseHaveBody(int)
2010-10-01 15:07:44,926 DEBUG [wire.content] - << "{"is_superuser":
false, "rw": [], "ro": ["geonode:NIC_Rain_1000y.grd",
"geonode:NIC_0.5s_200y", "base:distrits", "geonode:NIC_0.5s_1000y",
"base:CA", "geonode:NIC_Rain_100y.grd"], "is_anonymous": true, "name":
""}"
2010-10-01 15:07:44,926 DEBUG [httpclient.HttpMethodBase] - Should NOT
close connection in response to directive: keep-alive
2010-10-01 15:07:44,926 DEBUG [httpclient.HttpConnection] - enter
HttpConnection.isResponseAvailable()
2010-10-01 15:07:44,926 DEBUG [httpclient.HttpConnection] - enter
HttpConnection.releaseConnection()
2010-10-01 15:07:44,926 DEBUG [httpclient.HttpConnection] - Releasing
connection back to connection manager.
2010-10-01 15:07:44,926 DEBUG
[httpclient.MultiThreadedHttpConnectionManager] - enter
HttpConnectionManager.releaseConnection(HttpConnection)
2010-10-01 15:07:44,926 DEBUG
[httpclient.MultiThreadedHttpConnectionManager] - Freeing connection,
hostConfig=HostConfiguration[host=http://geonode.openwebmap.com]
2010-10-01 15:07:44,926 DEBUG
[httpclient.MultiThreadedHttpConnectionManager] - enter
HttpConnectionManager.ConnectionPool.getHostPool(HostConfiguration)
2010-10-01 15:07:44,926 DEBUG [util.IdleConnectionHandler] - Adding
connection at: 1285960064926
2010-10-01 15:07:44,926 DEBUG
[httpclient.MultiThreadedHttpConnectionManager] - Notifying no-one,
there are no waiting threads
2010-10-01 15:07:44,927 DEBUG [basicauth.BasicProcessingFilter] -
Authentication success:
org
.acegisecurity
.providers.anonymous.AnonymousAuthenticationToken@1a62221d: Username:
anonymous; Password: [PROTECTED]; Authenticated: true; Details:
org.acegisecurity.ui.WebAuthenticationDetails@59b2: RemoteIpAddress:
97.107.131.60; SessionId: null; Granted Authorities:
org.geonode.security.LayersGrantedAuthority@4115fa10,
org.geonode.security.LayersGrantedAuthority@9d451d2, ROLE_ANONYMOUS
2010-10-01 15:07:44,927 DEBUG [util.FilterChainProxy] - /rest/
workspaces/geonode/datastores/tl_2008_23031_vtd003/featuretypes.xml at
position 4 of 5 in additional filter chain; firing Filter:
'org.geonode.security.GeoNodeAnonymousProcessingFilter@3bb0ff0'
2010-10-01 15:07:44,927 DEBUG [util.FilterChainProxy] - /rest/
workspaces/geonode/datastores/tl_2008_23031_vtd003/featuretypes.xml at
position 5 of 5 in additional filter chain; firing Filter:
'org.acegisecurity.ui.ExceptionTranslationFilter@6e135779'
2010-10-01 15:07:44,927 DEBUG [util.FilterChainProxy] - /rest/
workspaces/geonode/datastores/tl_2008_23031_vtd003/featuretypes.xml
reached end of additional filter chain; proceeding with original chain
2010-10-01 15:07:44,934 DEBUG [ui.ExceptionTranslationFilter] - Chain
processed normally
2010-10-01 15:07:44,934 DEBUG
[context.HttpSessionContextIntegrationFilter] - The HttpSession is
currently null, and the HttpSessionContextIntegrationFilter is
prohibited from creating an HttpSession (because the
allowSessionCreation property is false) - SecurityContext thus not
stored for next request
2010-10-01 15:07:44,934 DEBUG
[context.HttpSessionContextIntegrationFilter] - SecurityContextHolder
now cleared, as request processing completed
And here is the log when I load the featuretypes REST query for the
uploaded shapefile directly:
http://www.openwebmap.com:8000/geoserver-geonode-dev/rest/workspaces/geonode/datastores/tl_2008_23031_vtd003/featuretypes.xml
2010-10-01 15:13:15,499 DEBUG [util.FilterChainProxy] - /rest/
workspaces/geonode/datastores/tl_2008_23031_vtd003/featuretypes.xml at
position 5 of 5 in additional filter chain; firing Filter:
'org.acegisecurity.ui.ExceptionTranslationFilter@6e135779'
2010-10-01 15:13:15,499 DEBUG [util.FilterChainProxy] - /rest/
workspaces/geonode/datastores/tl_2008_23031_vtd003/featuretypes.xml
reached end of additional filter chain; proceeding with original chain
2010-10-01 15:13:15,506 DEBUG [ui.ExceptionTranslationFilter] - Chain
processed normally
2010-10-01 15:13:15,506 DEBUG
[context.HttpSessionContextIntegrationFilter] - The HttpSession is
currently null, and the HttpSessionContextIntegrationFilter is
prohibited from creating an HttpSession (because the
allowSessionCreation property is false) - SecurityContext thus not
stored for next request
2010-10-01 15:13:15,506 DEBUG
[context.HttpSessionContextIntegrationFilter] - SecurityContextHolder
now cleared, as request processing completed
Do I need to change the value of the GEOSERVER_CREDENTIALS parameter
in settings.py?
On Oct 1, 2010, at 11:34 AM, David Winslow wrote:
> GeoServer in GeoNode is configured to act as though layers do not
> exist when the current user does not have permissions to read them.
>
> GeoServer in GeoNode is also configured to connect to the Django
> application over HTTP for user information and default to no
> permissions for anyone if the connection fails.
>
> So an empty layer list usually implies that GeoServer can't
> communicate with GeoNode over HTTP. You probably need to update
> webapps/geoserver-geonode-dev/WEB-INF/web.xml with a new servlet
> parameter, like this:
>
> <context-param>
> <param-name>GEONODE_BASE_URL</param-name>
> <param-value>http://localhost/</param-value>
> </context-param>
>
> This should be at the same level in the XML hierarchy as the other
> context-params; I usually put it after the commented-out
> GEOSERVER_DATA_DIR parameter so I have a handy reference point.
>
> If this doesn't resolve the issue, I think there will be some useful
> information in data/logs/geoserver.log that you can include in the
> next email.
>
> --
> David Winslow
> OpenGeo - http://opengeo.org/
>
> On Fri, Oct 1, 2010 at 11:17 AM, Matt Bertrand <mbertrand@cga.harvard.edu
> > wrote:
> Thanks Ariel,
>
> I made a new build this morning but forgot to unzip the latest
> geonode-
> client.zip. I've done that and now have the spiffy new header.
>
> -Matt
>
>
> On Oct 1, 2010, at 10:47 AM, Ariel Nunez wrote:
>
> > Matt,
> >
> > Are you using GeoNode's latest source? I ask because GeoNode now
> has a
> > sexier header (http://demo.geonode.org/) and I know there have been
> > updates to the upload code.
> >
> > Apart from that, the usual GeoNode deployment uses Apache's
> mod_proxy
> > to proxy GeoServer and GeoNetwork (and make it look like it's in
> port
> > 80 too), it also has WSGI directive to forward basic auth.
> >
> > I am sure either David or Gabriel would be able to give you more
> > GeoServer specific feedback.
> >
> > Best,
> > Ariel.
> >
> > On Fri, Oct 1, 2010 at 9:38 AM, Matt Bertrand <mbertrand@cga.harvard.edu
> > > wrote:
> >> Hello,
> >>
> >> I built GeoNode from the latest source and deployed it on a server
> >> (geonode.openwebmap.com) with Apache wsgi, and Tomcat 6 as the
> >> container for geoserver and geonetwork. But I've run into a
> problem
> >> with data - search returns no results from geoserver, and uploading
> >> data always "fails", although the shapefiles do get placed in the
> >> geoserver data directory (../workspaces/geonode/<layer_name>, ../
> >> data/
> >> <layer_name>).
> >>
> >> So far I've tracked it down to the results returned for
> >> "featuresets.xml" REST queries sent to Geoserver. For instance:
> >>
> >>
http://www.openwebmap.com:8000/geoserver-geonode-dev/rest/workspaces/base/datastores/distrits/featuretypes.xml
> >>
> >> Just returns <featureTypes/>
> >>
> >> but if I run Geonode using "paver host" instead, this works fine:
> >>
> >> wget
http://localhost:8001/geoserver/rest/workspaces/base/datastores/distrits/featuretypes.xml
> >>
> >> <featureTypes>
> >> <featureType>
> >> <name>distrits</name>
> >> <atom:link xmlns:atom="http://www.w3.org/2005/Atom"
> >> rel="alternate"
href="http://localhost:8001/geoserver/rest/workspaces/base/datastores/distrits/featureypes/distrits.xml
> >> " type="application/xml"/>
> >> </featureType>
> >> </featureTypes>
> >>
> >>
> >> Any idea why this might be happening? Some kind of configuration
> >> issue?
> >>
> >> Thanks in advance,
> >>
> >> -Matt
> >>
> >>
>
>