summary

GWC fails to cache tiles if GeoFence with source IP driven rules are used for authentication

Description

GWC creates a mock request for the WMS to generate tiles to be cached, but it uses "127.0.0.1" as RemoteHost:
https://github.com/geoserver/geoserver/blob/master/src/gwc/src/main/java/org/geoserver/gwc/FakeHttpServletRequest.java#L303

This will make the WMS check for a rule about "127.0.0.1", and not the actual IP of the request, changing the resulting image, or (if 127.0.0.1 is not allowed at all) failing to provide it.

The remote hostname and ip should be made available to the WMS that needs to render the tile.

Environment

GeoServer 2.13.2 with external GeoFence

Assignee

Nuno Oliveira

Reporter

Gnafu

Triage

None

Fix versions

2.15.0

2.14.1

2.13.3

Affects versions

2.13.2

Components

GWC

Priority

Medium

Configure