配置 Geoserver 以在 Azure 应用服务上工作
Configuring Geoserver to work on an Azure app service
我有一个 Azure 应用程序服务 (Tomcat 9.0 & Java 11) 配置了 AD 身份验证,我已经在上面部署了 Geoserver 2.18 WAR。
当我尝试访问地理服务器时,主页正常,但是当我尝试使用默认地理服务器凭据登录时,我得到堆栈跟踪:
java.lang.IllegalArgumentException: Failed to parse address1.2.3.4, 5.6.7.8, 9.10.11.12
org.springframework.security.web.util.matcher.IpAddressMatcher.parseAddress(IpAddressMatcher.java:107)
org.springframework.security.web.util.matcher.IpAddressMatcher.matches(IpAddressMatcher.java:66)
org.springframework.security.web.util.matcher.IpAddressMatcher.matches(IpAddressMatcher.java:62)
org.geoserver.security.BruteForceListener.lambda$requestAddressInWhiteList[=10=](BruteForceListener.java:126)
java.base/java.util.stream.MatchOpsMatchSink.accept(Unknown Source)
java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(Unknown Source)
java.base/java.util.stream.ReferencePipeline.forEachWithCancel(Unknown Source)
java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(Unknown Source)
java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source)
java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source)
java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
java.base/java.util.stream.ReferencePipeline.anyMatch(Unknown Source)
org.geoserver.security.BruteForceListener.requestAddressInWhiteList(BruteForceListener.java:126)
org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:65)
org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:28)
org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:360)
org.springframework.security.authentication.DefaultAuthenticationEventPublisher.publishAuthenticationSuccess(DefaultAuthenticationEventPublisher.java:99)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:224)
org.geoserver.security.GeoServerSecurityManager.authenticate(GeoServerSecurityManager.java:315)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:122)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
com.microsoft.azure.appservice.filters.AppServiceFilter.doFilter(AppServiceFilter.java:53)
com.microsoft.azure.appservice.EasyAuthFilter.doFilter(EasyAuthFilter.java:42)
(出于隐私原因,我已将堆栈跟踪中的 3 个 IP 替换为虚拟 IP)
检查 Azure 的身份验证代理发送到地理服务器的 HTTP headers 和 x-forwarded-for HTTP header 中的 3 个 IP 字符串匹配正常。
我是不是配置了什么东西失败了?由于我无法登录,因此很难进入地理服务器安全设置!
好的,经过更深入的挖掘,我认为我找到了解决方案。 Geoserver 在其暴力登录预防中使用 IpAddressMatcher。 IpAddressMatcher 需要 HTTP headers 中的单个 IP 地址。 Azure 有多个,所以这会导致问题。
可以通过编辑 $GEOSERVER_DATA_DIR/security/config.xml 来禁用暴力登录检测,并在底部附近将 bruteForcePrevention 更改为 false,如下所示:
<bruteForcePrevention>
<enabled>false</enabled>
<minDelaySeconds>1</minDelaySeconds>
<maxDelaySeconds>5</maxDelaySeconds>
<maxBlockedThreads>100</maxBlockedThreads>
<whitelistedMasks>
<string>127.0.0.1</string>
</whitelistedMasks>
</bruteForcePrevention>
重新启动 tomcat 现在地理服务器可以正常登录了。
我有一个 Azure 应用程序服务 (Tomcat 9.0 & Java 11) 配置了 AD 身份验证,我已经在上面部署了 Geoserver 2.18 WAR。
当我尝试访问地理服务器时,主页正常,但是当我尝试使用默认地理服务器凭据登录时,我得到堆栈跟踪:
java.lang.IllegalArgumentException: Failed to parse address1.2.3.4, 5.6.7.8, 9.10.11.12
org.springframework.security.web.util.matcher.IpAddressMatcher.parseAddress(IpAddressMatcher.java:107)
org.springframework.security.web.util.matcher.IpAddressMatcher.matches(IpAddressMatcher.java:66)
org.springframework.security.web.util.matcher.IpAddressMatcher.matches(IpAddressMatcher.java:62)
org.geoserver.security.BruteForceListener.lambda$requestAddressInWhiteList[=10=](BruteForceListener.java:126)
java.base/java.util.stream.MatchOpsMatchSink.accept(Unknown Source)
java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(Unknown Source)
java.base/java.util.stream.ReferencePipeline.forEachWithCancel(Unknown Source)
java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(Unknown Source)
java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source)
java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source)
java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
java.base/java.util.stream.ReferencePipeline.anyMatch(Unknown Source)
org.geoserver.security.BruteForceListener.requestAddressInWhiteList(BruteForceListener.java:126)
org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:65)
org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:28)
org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:360)
org.springframework.security.authentication.DefaultAuthenticationEventPublisher.publishAuthenticationSuccess(DefaultAuthenticationEventPublisher.java:99)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:224)
org.geoserver.security.GeoServerSecurityManager.authenticate(GeoServerSecurityManager.java:315)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:122)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
com.microsoft.azure.appservice.filters.AppServiceFilter.doFilter(AppServiceFilter.java:53)
com.microsoft.azure.appservice.EasyAuthFilter.doFilter(EasyAuthFilter.java:42)
(出于隐私原因,我已将堆栈跟踪中的 3 个 IP 替换为虚拟 IP)
检查 Azure 的身份验证代理发送到地理服务器的 HTTP headers 和 x-forwarded-for HTTP header 中的 3 个 IP 字符串匹配正常。
我是不是配置了什么东西失败了?由于我无法登录,因此很难进入地理服务器安全设置!
好的,经过更深入的挖掘,我认为我找到了解决方案。 Geoserver 在其暴力登录预防中使用 IpAddressMatcher。 IpAddressMatcher 需要 HTTP headers 中的单个 IP 地址。 Azure 有多个,所以这会导致问题。
可以通过编辑 $GEOSERVER_DATA_DIR/security/config.xml 来禁用暴力登录检测,并在底部附近将 bruteForcePrevention 更改为 false,如下所示:
<bruteForcePrevention>
<enabled>false</enabled>
<minDelaySeconds>1</minDelaySeconds>
<maxDelaySeconds>5</maxDelaySeconds>
<maxBlockedThreads>100</maxBlockedThreads>
<whitelistedMasks>
<string>127.0.0.1</string>
</whitelistedMasks>
</bruteForcePrevention>
重新启动 tomcat 现在地理服务器可以正常登录了。