Another thing that crossed my path yesterday is that after convincing my friend to use the 'genode' compatible version of Geoserver (geoserver-geonode-dev.war) I realized that he was going to have to set up the python side of GeoNode too to be able to use the basic GeoServer. As far as I know it is possible to use normal GeoServer authentication along with GeoNode auth, right? Then would it make sense to allow people to use a geoserver with the geonode kool aid in but without having to switch GeoNode right away? This might not make much sense because of the permissions framework for layers but wanted to get your thoughts (especially Gabriel's) about wether it might be feasible. Ariel.
What do you want to accomplish by adding the geonode "kool aid"? Most of the functionality in GeoNode's GeoServer is either custom functionality that isn't designed for general use (the security system) or generally available (the print extension for geoserver.) If it's just the ease of having a couple of extensions pre-installed, you can do that yourself in a few ways; one of the easiest is just to add the extensions to a GeoServer instance and zip it back up into a .war file. It definitely is possible to have multiple security backends working together in the security framework, but the previous behavior that allowed using geoserver's standard security implementation in geonode was a bug and a security hole. As you mention, it allowed bypassing the security restrictionsas configured by GeoNode users. -- David Winslow OpenGeo - http://opengeo.org/ On Thu, Jun 30, 2011 at 11:00 AM, Ariel Nunez <ingenieroariel@gmail.com>wrote: > Another thing that crossed my path yesterday is that after convincing > my friend to use the 'genode' compatible version of Geoserver > (geoserver-geonode-dev.war) I realized that he was going to have to > set up the python side of GeoNode too to be able to use the basic > GeoServer. > > As far as I know it is possible to use normal GeoServer authentication > along with GeoNode auth, right? Then would it make sense to allow > people to use a geoserver with the geonode kool aid in but without > having to switch GeoNode right away? > > This might not make much sense because of the permissions framework > for layers but wanted to get your thoughts (especially Gabriel's) > about wether it might be feasible. > > Ariel. >
David, I am just looking for the convenience of having all pre-installed and pre-configured, and because I know GeoServer would be able to work even without users defined using an existing data dir with only public layers. I was toying with the idea in my mind of showing something more friendly in localhost:8080/geoserver-geonode-dev than the stacktrace (in my case because it might come with pre-existing data that I can 'Layer Preview'). But to be fair that stacktrace has saved me a few times from ignoring a wrong set GEONODE_BASE_URL. Thanks for your ideas, I will try them some time with a nightly build of geoserver. Ariel. On Thu, Jun 30, 2011 at 11:06 AM, David Winslow <dwinslow@opengeo.org> wrote: > What do you want to accomplish by adding the geonode "kool aid"? Most of the > functionality in GeoNode's GeoServer is either custom functionality that > isn't designed for general use (the security system) or generally available > (the print extension for geoserver.) > If it's just the ease of having a couple of extensions pre-installed, you > can do that yourself in a few ways; one of the easiest is just to add the > extensions to a GeoServer instance and zip it back up into a .war file. > It definitely is possible to have multiple security backends working > together in the security framework, but the previous behavior that allowed > using geoserver's standard security implementation in geonode was a bug and > a security hole. As you mention, it allowed bypassing the security > restrictionsas configured by GeoNode users. > -- > David Winslow > OpenGeo - http://opengeo.org/ > > On Thu, Jun 30, 2011 at 11:00 AM, Ariel Nunez <ingenieroariel@gmail.com> > wrote: >> >> Another thing that crossed my path yesterday is that after convincing >> my friend to use the 'genode' compatible version of Geoserver >> (geoserver-geonode-dev.war) I realized that he was going to have to >> set up the python side of GeoNode too to be able to use the basic >> GeoServer. >> >> As far as I know it is possible to use normal GeoServer authentication >> along with GeoNode auth, right? Then would it make sense to allow >> people to use a geoserver with the geonode kool aid in but without >> having to switch GeoNode right away? >> >> This might not make much sense because of the permissions framework >> for layers but wanted to get your thoughts (especially Gabriel's) >> about wether it might be feasible. >> >> Ariel. > >
As Dave said it's not a good idea to have both security systems at the same time. But if you want to run the default geoserver one instead, it's easy. Just replace the following context parameter in web.xml: <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:/applicationContext.xml classpath*:/geonodeApplicationSecurityContext.xml</param-value> </context-param> by this one: <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:/applicationContext.xml classpath*:/applicationSecurityContext.xml</param-value> </context-param> Ans you're free of the geonode auth system. Cheers, Gabriel On Thu, Jun 30, 2011 at 12:20 PM, Ariel Nunez <ingenieroariel@gmail.com> wrote: > David, > > I am just looking for the convenience of having all pre-installed and > pre-configured, and because I know GeoServer would be able to work > even without users defined using an existing data dir with only public > layers. I was toying with the idea in my mind of showing something > more friendly in localhost:8080/geoserver-geonode-dev than the > stacktrace (in my case because it might come with pre-existing data > that I can 'Layer Preview'). But to be fair that stacktrace has saved > me a few times from ignoring a wrong set GEONODE_BASE_URL. > > Thanks for your ideas, I will try them some time with a nightly build > of geoserver. > > Ariel. > > > On Thu, Jun 30, 2011 at 11:06 AM, David Winslow <dwinslow@opengeo.org> wrote: >> What do you want to accomplish by adding the geonode "kool aid"? Most of the >> functionality in GeoNode's GeoServer is either custom functionality that >> isn't designed for general use (the security system) or generally available >> (the print extension for geoserver.) >> If it's just the ease of having a couple of extensions pre-installed, you >> can do that yourself in a few ways; one of the easiest is just to add the >> extensions to a GeoServer instance and zip it back up into a .war file. >> It definitely is possible to have multiple security backends working >> together in the security framework, but the previous behavior that allowed >> using geoserver's standard security implementation in geonode was a bug and >> a security hole. As you mention, it allowed bypassing the security >> restrictionsas configured by GeoNode users. >> -- >> David Winslow >> OpenGeo - http://opengeo.org/ >> >> On Thu, Jun 30, 2011 at 11:00 AM, Ariel Nunez <ingenieroariel@gmail.com> >> wrote: >>> >>> Another thing that crossed my path yesterday is that after convincing >>> my friend to use the 'genode' compatible version of Geoserver >>> (geoserver-geonode-dev.war) I realized that he was going to have to >>> set up the python side of GeoNode too to be able to use the basic >>> GeoServer. >>> >>> As far as I know it is possible to use normal GeoServer authentication >>> along with GeoNode auth, right? Then would it make sense to allow >>> people to use a geoserver with the geonode kool aid in but without >>> having to switch GeoNode right away? >>> >>> This might not make much sense because of the permissions framework >>> for layers but wanted to get your thoughts (especially Gabriel's) >>> about wether it might be feasible. >>> >>> Ariel. >> >> > -- Gabriel Roldan OpenGeo - http://opengeo.org Expert service straight from the developers.
That sounds great Gabriel, thanks! On Jul 4, 2011 4:03 PM, "Gabriel Roldan" <groldan@opengeo.org> wrote: > As Dave said it's not a good idea to have both security systems at the > same time. > But if you want to run the default geoserver one instead, it's easy. > Just replace the following context parameter in web.xml: > > <context-param> > <param-name>contextConfigLocation</param-name> > <param-value>classpath*:/applicationContext.xml > classpath*:/geonodeApplicationSecurityContext.xml</param-value> > </context-param> > > by this one: > > <context-param> > <param-name>contextConfigLocation</param-name> > <param-value>classpath*:/applicationContext.xml > classpath*:/applicationSecurityContext.xml</param-value> > </context-param> > > Ans you're free of the geonode auth system. > > Cheers, > Gabriel > On Thu, Jun 30, 2011 at 12:20 PM, Ariel Nunez <ingenieroariel@gmail.com> wrote: >> David, >> >> I am just looking for the convenience of having all pre-installed and >> pre-configured, and because I know GeoServer would be able to work >> even without users defined using an existing data dir with only public >> layers. I was toying with the idea in my mind of showing something >> more friendly in localhost:8080/geoserver-geonode-dev than the >> stacktrace (in my case because it might come with pre-existing data >> that I can 'Layer Preview'). But to be fair that stacktrace has saved >> me a few times from ignoring a wrong set GEONODE_BASE_URL. >> >> Thanks for your ideas, I will try them some time with a nightly build >> of geoserver. >> >> Ariel. >> >> >> On Thu, Jun 30, 2011 at 11:06 AM, David Winslow <dwinslow@opengeo.org> wrote: >>> What do you want to accomplish by adding the geonode "kool aid"? Most of the >>> functionality in GeoNode's GeoServer is either custom functionality that >>> isn't designed for general use (the security system) or generally available >>> (the print extension for geoserver.) >>> If it's just the ease of having a couple of extensions pre-installed, you >>> can do that yourself in a few ways; one of the easiest is just to add the >>> extensions to a GeoServer instance and zip it back up into a .war file. >>> It definitely is possible to have multiple security backends working >>> together in the security framework, but the previous behavior that allowed >>> using geoserver's standard security implementation in geonode was a bug and >>> a security hole. As you mention, it allowed bypassing the security >>> restrictionsas configured by GeoNode users. >>> -- >>> David Winslow >>> OpenGeo - http://opengeo.org/ >>> >>> On Thu, Jun 30, 2011 at 11:00 AM, Ariel Nunez <ingenieroariel@gmail.com> >>> wrote: >>>> >>>> Another thing that crossed my path yesterday is that after convincing >>>> my friend to use the 'genode' compatible version of Geoserver >>>> (geoserver-geonode-dev.war) I realized that he was going to have to >>>> set up the python side of GeoNode too to be able to use the basic >>>> GeoServer. >>>> >>>> As far as I know it is possible to use normal GeoServer authentication >>>> along with GeoNode auth, right? Then would it make sense to allow >>>> people to use a geoserver with the geonode kool aid in but without >>>> having to switch GeoNode right away? >>>> >>>> This might not make much sense because of the permissions framework >>>> for layers but wanted to get your thoughts (especially Gabriel's) >>>> about wether it might be feasible. >>>> >>>> Ariel. >>> >>> >> > > > > -- > Gabriel Roldan > OpenGeo - http://opengeo.org > Expert service straight from the developers.