Roles not assigned when authorizing using headers and LDAP

Description

When authorizing using headers and an active directory account, roles are not assigned (tried it using cURL). Using a local GeoServer account it works fine, cURL returns the response from getCapabilities. Using an AD-account it seems as though the login is successful in the GeoServer log:

2017-05-08 16:37:32,839 TRACE [geoserver.security] - logged in as USER

But in the Tomcat logs I encounter the following message:

08-May-2017 16:37:32.854 SEVERE [http-nio-8080-exec-1] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [dispatcher] in context with path /geoserver threw exception
at org.geoserver.security.filter.GeoServerCredentialsFromRequestHeaderFilter.doAuthenticate(GeoServerCredentialsFromRequestHeaderFilter.java:165)
java.lang.ClassCastException: org.springframework.security.core.authority.SimpleGrantedAuthority cannot be cast to org.geoserver.security.impl.GeoServerRole

Full Tomcat log is attached.

Environment

GeoServer: 2.11.0
Java: 1.8.0_92 (64 bits)
OS: Windows Server 2012 R2
Web server: Apache httpd 2.4.25
Application server: Tomcat 8.5

Attachments

1

Activity

Brad Hards
September 21, 2022 at 11:38 AM
Abdelhafid El Idrissi
November 6, 2019 at 11:57 AM

Quick workaround for this issue:

In the methode: org.geoserver.security.filter.GeoServerCredentialsFromRequestHeaderFilter.doAuthenticate(HttpServletRequest, HttpServletResponse):

replace the line with the casting issue:

roles.add((GeoServerRole) grauth);

With:

GeoServerRole r = new GeoServerRole(grauth.getAuthority());
r.setUserName(us);
roles.add(r);

Tested. It work’s fine.

Carsten Felz
October 18, 2019 at 7:02 AM

Hey guys,

is there any solution for this issue? We have exactly the same probem with GeoServer and LDAP with 2.16. Would be nice to here some news about it.

Thanks, Carsten

Details

Assignee

Reporter

Priority

Created May 9, 2017 at 2:22 PM
Updated September 21, 2022 at 11:38 AM