Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    alexkey2
    @alexkey2
    Hi, I would like to implement an Oauth2 plugin for Geoserver for my custom Identity Provider. Where should I start?
    Jody Garnett
    @jodygarnett
    You probably want to look at the existing Oauth2 plugins, there are a number of them.
    Jody Garnett
    @jodygarnett
    don't suppose anyone wants to post the meeting notes?
    Toni
    @t-book
    Good morning, a question regarding cleanup. Is there some way to quickly identify styles that are not referenced by any layer?
    Brad Hards
    @bradh
    I am no-one servee. What context are you referring to as tiles (or stiles)?
    Toni
    @t-book
    Good morning brad, this should not sound offensive, sorry ;) I've corrected my question which is about styles.
    Mikko Kolehmainen
    @mikko-kolehmainen
    @t-book It seems that those could be checked layer by layer from Web UI: Style -> Publishing. But I didn't find a way to do it through REST where it could be checked by scripting
    Toni
    @t-book
    Hi @mikko-kolehmainen thanks but I would look for a automated way to check thousand of layers.
    Andrea Aime
    @aaime
    @t-book there is no such a way, you'll have to collect all references from layers and layer groups, and then scan the styles seeing if they are being referenced, or not
    will require a REST API script
    Toni
    @t-book
    Thanks, @aaime this is useful then I will stop searching and write something.
    Mikko Kolehmainen
    @mikko-kolehmainen

    @aaime I was checking solution for this one: https://osgeo-org.atlassian.net/browse/GEOS-9971 as we have an AWS environment where we have to give authorization to S3 through instance roles and are not allowed to create IAM keys.

    It seems to work by changing ".setRequired(true)" to ".setRequired(false)", but it leaves *-sign to fields. Now I'm checking if * can be removed by leaving out whole ".setRequired".

    What do you think, how should we proceed with this? Is it something that would go through as a pull request?

    Andrea Aime
    @aaime
    @mikko-kolehmainen I have no clue, sorry :-D
    just did a very small change in that module last year, but did not participate in its development, not sure how security works
    Mikko Kolehmainen
    @mikko-kolehmainen
    @aaime So I have it working as I want with those 2 changed lines, but the question was do you want the change back to github
    Andrea Aime
    @aaime
    The real question is, those two lines, will they affect other setups?
    Do they need to be made configurable?
    A change that fixes an issue for someone but breaks it for others is not going to be accepted, but I cannot tell you if this is the case or not, because I don't understand S3 auth well enough
    Mikko Kolehmainen
    @mikko-kolehmainen
    True. And not the simplest case for testing...
    Andrea Aime
    @aaime
    Making it configurable would probably solve the issue... those that might have trouble with it can just flip the flag and get back the old behavior
    Mikko Kolehmainen
    @mikko-kolehmainen

    Ok. Do you have some example of a good way to make that configurable?

    It seems I didn't get rid of that * - it comes from src\extension\gwc-s3\src\main\resources\GeoServerApplication.properties.

    Anyways, authorization seems to work as it should with following cases. I created two buckets, bucket1 allowing access with IAM role for my instance and on another account bucket2 allowing access with IAM Keys

    1. No IAM-keys & bucket1 -> OK. Uses instance role
    2. IAM Keys & Bucket2 > OK. Uses IAM Keys
    3. Wrong IAM Keys & Bucket2 -> AWS API returns signature failure
    4. No IAM-keys & Bucket2 -> AWS API returns Forbidden

    If I have understood right how AWS authentication chain works, client checks if following are available in this order:

    1. given IAM keys, empty in this case.
    2. credentials-file (~/.aws/credentials), in my case empty. As I had also ~/.aws/config empty, Geoserver managed to create a bucket to different region. So it seems, that buckets should be created before setting up BlobStore.
    3. Assumed role from the service, in my case ExecutionRole from ECS-service or InstanceRole for EC2-instance.
    Andrea Aime
    @aaime
    Looks ok but I'm out of my depth... anyone with more experience with AWS/S3 that can have a look at the above?
    About configuration, you just add a field in S3BlobStore, the config is then read/written from XML files using XStream, which does reflection on the S3BlobStore fields
    Mikko Kolehmainen
    @mikko-kolehmainen
    one of our developers also took a look on this and it seems that this shouldn't break anything as we set the fields from required to optional, add nothing and remove nothing
    rappidGIS
    @rappidGIS
    Hi guys. I'm running geoserver using tomcat9. our programmer develop a apps using leaflet with api and try to get the data from geoserver and an error cors. I amend the web.xml file at tomcat 9 as >> <filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value></param-value>
    </init-param>
    </filter>
    <filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/
    </url-pattern>
    </filter-mapping>

    Hi guys. I'm running geoserver using tomcat9. our programmer develop a apps using leaflet with api and try to get the data from geoserver and an error cors. I amend the web.xml file at tomcat 9 as >> <filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value></param-value>
    </init-param>
    </filter>
    <filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/
    </url-pattern>
    </filter-mapping>

    can somebody help about this cors..after restart the tomact and geoserver..the error still same.. pls advise guys...thanks

    Toni
    @t-book
    @rappidGIS this is how I did some time ago. https://gist.github.com/t-book/e86fb4006e47d87acc64ad3b64c0b352 maybe my web.xml can help you

    Hello, on a fresh 2.18.2 geoserver instance publishing a layer fails with following error 500:

    Handler dispatch failed; nested exception is java.lang.NoSuchMethodError: org.geoserver.geofence.services.dto.AccessInfo.getClipAreaWkt()Ljava/lang/String;

    Full error message here: https://hastebin.com/xilupocuri.apache Verbose logging did not show any useful in logs. Does one has any idea what is going wrong and why getClipAreaWkt() is missing?

    Andrea Aime
    @aaime
    I'm guessing there is a mismatch between the geofence version and the geoserver one
    Toni
    @t-book
    @aaime it's you again coming to help. thanks! Mhhh I cannot see any movement the last time. https://github.com/GeoNode/geoserver-docker (it's the geoserver that ships with geonode) but will follow your hint and check the version. I did not run into that error yesterday when installing the stack on a different vm
    Andrea Aime
    @aaime
    no clue about that docker image
    Toni
    @t-book
    @aaime may I ask as I'm not familiar with the geofence versioning:
    on the working instance from yesterday I do have gs-geofence-server-2.18-20210225.224053-83.jar the installed version today is gs-geofence-2.18-20210517.135648-138.jar which is failing. I guess the numbers behind 2.18 are some timestamp which could indicate a different build?
    Andrea Aime
    @aaime
    Yes, they seem to be timestamped nightly builds
    no idea what's happening there though :-D
    Toni
    @t-book
    thanks Andrea.
    rappidGIS
    @rappidGIS

    @rappidGIS this is how I did some time ago. https://gist.github.com/t-book/e86fb4006e47d87acc64ad3b64c0b352 maybe my web.xml can help you

    @t-book thank you sir..will check it out

    Andrea Aime
    @aaime
    @t-book That method has been added in 2.18.x something like 4 months ago, not sure why you're getting troubles today... does not sound right
    Toni
    @t-book
    @aaime indeed that is very strange. I cannot think of a reason why it should be missing but will double check everything related to versions.
    Toni
    @t-book
    @aaime so indeed using the geofence jars from yesterday works. I would not have found that without you. grazie mille!
    Andrea Aime
    @aaime
    welcome
    Brad Hards
    @bradh
    @rappidGIS Looks like you don't have anything allowed in your filters.
    rappidGIS
    @rappidGIS

    @rappidGIS Looks like you don't have anything allowed in your filters.

    @bradh I have update the filter with *, but still same error. I try to check again my API coding. thanks sir for your reply.

    Michi, der
    @michikommader
    Moin! Question regarding GeoServer translation on transifex: I am member of GeoServer translation team there but I don't know to which specific translation project to contribute. There are two active projects "GeoServer" and "GeoServer Stable". Which one is "the correct one" or should I contribute to both?
    Michi, der
    @michikommader
    Quick comparison with my installed GeoServer 2.19.0 reveals that the first project is the one which found its way into the release. Then, "GeoServer Stable" is somehow irritating/misleading.
    Brad Hards
    @bradh
    @michikommader I don't know the answer. I struggle with just my first language. Maybe you can ask on a mailing list if you don't get an answer here.
    Mikko Kolehmainen
    @mikko-kolehmainen

    Now I have Geoserver with gwc-s3-extension in AWS, connected to S3-bucket without credentials (see GEOS-9971) . It required a little bit of adjusting the platforms IAM-roles: EC2 (used for setting the configuration) requires InstanceRole with policy allowing some S3-operations. ECS Fargate (docker containers) required TaskExecutionRole with similar S3-policy. I have check what are minimal required S3-privileges, or has someone already sorted that out?

    I think that kind of thinks would be helpful to be documented, but what's right place for them? Geoserver extension documentation or maybe a Github Gist about "running Geoserver in the cloud"?

    loridigia
    @loridigia

    Hi guys, i have a question about "reload band definition" in edit layer page on WEB UI.
    What does it do? Because basically i have a layer associated to a custom store that retrive data from my BE.
    Now, initially the store is empty (no image on it), then i upload it .... The point is, when i do "compute from data" (for the bounding box) it actually download the image from the store and read the image to get the BBOX.... But when i click on "reload band definition" it's too fast, there is no download, and put "empty" as band.
    Differently if i create the layer when the store has image on it, the band are loaded right....
    Why? What does "reload band definition" should do? Thanks

    P.S. in order to create the layer without having an image on the store, my plugin if the store is empty create a 100 x 100 black image so geoserver doesn't go in nullPointer...

    4 replies
    Michi, der
    @michikommader
    Anybody here having experience in configuring GeoServer LDAP authentication provider for Active Directory in conjunction with an LDAP UserGroup service? I cannot get the simplified Filter used to lookup user running as stated in the official tutorial.
    5 replies