Hi Torben, Andrea, I have found a solution that appears to remove the problem.
I found out that if I installed GeoServer and just used the default user, admin, i.e. I did not create customized users/groups/roles, I did not have a problem seeding, so I figured it had to do with my custom settings. To make a long story short, I found that in the GeoServer's data directory in the security folder, there is a file named rest.properties. In that file there are two lines: /**;GET=ADMIN /**;POST,DELETE,PUT=ADMIN As far as I can tell/guess, that allows the default ADMIN role to access the REST interface. When I created a new role service and supplied a new role name as an administrator, it no longer worked. So I changed the two lines in the rest.properties file to this: /**;GET=ROLE_ADMINISTRATOR /**;POST,DELETE,PUT=ROLE_ADMINISTRATOR And then it worked. Thanks for your input on this! Med venlig hilsen Carsten Rossau Christiansen GIS konsulent ARTOGIS a/s Direkte +45 76 30 82 20 Eltangvej 61 Mobil +45 60 21 96 88 6000 Kolding Tlf. +45 75 53 73 93 c...@artogis.dk Fra: Torben Barsballe [mailto:tbarsba...@boundlessgeo.com] Sendt: 2. januar 2018 21:00 Til: Andrea Aime Cc: Carsten Rossau Christiansen; Kevin Smith; GeoServer Mailing List List Emne: Re: [Geoserver-users] Seeding layers tiling fails Hi Carsten, What version of GeoWebCache are / GeoServer are you using? If you are using GWC 1.12.* / GeoServer 2.12.*, then you may have encountered one of the recent bugs in the seeding page: • GEOS-8471 • GEOS-8401 • GEOS-8312 I believe at some point between those various issues (possibly in GeoServer 2.12.1?), certain configurations would give a 403 error (instead of one of the errors mentioned in those bug reports) when seeding. The latest 2.12 nightly should be working properly (Or 2.12.2, when it is released later this month). Torben On Thu, Dec 28, 2017 at 2:26 AM, Andrea Aime <andrea.a...@geo-solutions.it> wrote: On Thu, Dec 21, 2017 at 8:55 AM, Carsten Rossau Christiansen <c...@artogis.dk> wrote: I've defined a gridset and applied it to a layer or a layer group. I select 'Tile Layers' and find the layer or layer group I want to seed, click on Seed/Truncate and I end up with 'HTTP status 403 - Access is denied'. This is just a guess, but maybe the layer is subject to security, the thread pools running seeding lack the authentication information, does not matter if you start them as admin, as far as I know the auth is not passed down in the seeding threads. I believe there is a design mismatch between GWC (whose code is used to do the seeding), assuming all that's needed to talk to the WMS is in the layer configuration (including eventual credentials) and the GeoServer integration, where the users can change and are normally attached to the request as a thread local. Some redesign is likely needed so that GeoServer can pass down the information of who submitted the seeding request (and/or just mark the seeding thread in a special way so that GeoServer can assume the admin user "safely"). As said, just a guess. Cheers Andrea == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it AVVERTENZE AI SENSI DEL D.Lgs. 196/2003 Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003. The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
