MapStore2 Test OpenID support

Description

Testing OpenID support may require:

For google, to allow login to everyone OR to limit the users allowed to login. (see #8429 )
For keycloak, to install an running instance with some test users.

Waiting for one of this solution to be implemented. In order to test live the openId support, at least for google, we need to:

Follow the steps defined here using the data dir of the dev environment (mapstore-ovr.properties for configuration, configs/localConfig.json.patch to add authenticationProviders entries) and of course the google developer console.
Test the openID login
Revert the changes on the data dir (we can disable the googleOAuth2Config.enabled=true setting it to false, for future usage, and remove the entries from localConfig.json.patch)

Jul 26 '22 09:07 offtherailz

@offtherailz thank you for defining this. @MV88 we need the open ID support for google enabled for DEV to allow @ElenaGallo to define functional tests for it. We will see to make it always enabled on DEV only for our domain in a second time with #8429.

As soon as you have done move the issue in Test column so that @ElenaGallo can start testing.

Jul 26 '22 09:07 tdipisa

@MV88 please setup a quick call with @offtherailz if you need some clarifications to proceed with this. Thank you so much.

Jul 27 '22 08:07 tdipisa

@tdipisa after having configured open id i get this error when clicking on my google account idk if i have configured something wrong, i would like to speak with the developer and if it is @offtherailz i'll disable it for now

HTTP Status 500 – Internal Server Error
Type Exception Report

Message could not execute statement; SQL [n/a]; nested exception is org.hibernate.exception.DataException: could not execute statement

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

org.springframework.dao.DataIntegrityViolationException: could not execute statement; SQL [n/a]; nested exception is org.hibernate.exception.DataException: could not execute statement
	org.springframework.orm.jpa.vendor.HibernateJpaDialect.convertHibernateAccessException(HibernateJpaDialect.java:280)
	org.springframework.orm.jpa.vendor.HibernateJpaDialect.translateExceptionIfPossible(HibernateJpaDialect.java:233)
	org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:566)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:743)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:711)
	org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:654)
	org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:407)
	org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
	org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
	com.sun.proxy.$Proxy84.persist(Unknown Source)
	it.geosolutions.geostore.services.UserServiceImpl.insert(UserServiceImpl.java:146)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.createUser(OAuth2GeoStoreAuthenticationFilter.java:462)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.retrieveUserWithAuthorities(OAuth2GeoStoreAuthenticationFilter.java:431)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.createPreAuthentication(OAuth2GeoStoreAuthenticationFilter.java:367)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.performOAuthAuthentication(OAuth2GeoStoreAuthenticationFilter.java:236)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.authenticateAndUpdateCache(OAuth2GeoStoreAuthenticationFilter.java:174)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.attemptAuthentication(OAuth2GeoStoreAuthenticationFilter.java:158)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.doFilter(OAuth2GeoStoreAuthenticationFilter.java:130)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:155)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.keycloak.KeyCloakFilter.doFilter(KeyCloakFilter.java:110)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:52)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:216)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.GeoStoreAuthenticationFilter.doFilter(GeoStoreAuthenticationFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.GeoStoreAuthenticationFilter.doFilter(GeoStoreAuthenticationFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
	org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
	org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
Root Cause

org.hibernate.exception.DataException: could not execute statement
	org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:115)
	org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:42)
	org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:113)
	org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:99)
	org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.executeUpdate(ResultSetReturnImpl.java:200)
	org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3298)
	org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3825)
	org.hibernate.action.internal.EntityInsertAction.execute(EntityInsertAction.java:107)
	org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:604)
	org.hibernate.engine.spi.ActionQueue.lambda$executeActions$1(ActionQueue.java:478)
	java.base/java.util.LinkedHashMap.forEach(LinkedHashMap.java:684)
	org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:475)
	org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:344)
	org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:40)
	org.hibernate.event.service.internal.EventListenerGroupImpl.fireEventOnEachListener(EventListenerGroupImpl.java:99)
	org.hibernate.internal.SessionImpl.doFlush(SessionImpl.java:1362)
	org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:453)
	org.hibernate.internal.SessionImpl.flushBeforeTransactionCompletion(SessionImpl.java:3212)
	org.hibernate.internal.SessionImpl.beforeTransactionCompletion(SessionImpl.java:2380)
	org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl.beforeTransactionCompletion(JdbcCoordinatorImpl.java:448)
	org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl.beforeCompletionCallback(JdbcResourceLocalTransactionCoordinatorImpl.java:183)
	org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl.access$300(JdbcResourceLocalTransactionCoordinatorImpl.java:40)
	org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl$TransactionDriverControlImpl.commit(JdbcResourceLocalTransactionCoordinatorImpl.java:281)
	org.hibernate.engine.transaction.internal.TransactionImpl.commit(TransactionImpl.java:101)
	org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:562)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:743)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:711)
	org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:654)
	org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:407)
	org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
	org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
	com.sun.proxy.$Proxy84.persist(Unknown Source)
	it.geosolutions.geostore.services.UserServiceImpl.insert(UserServiceImpl.java:146)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.createUser(OAuth2GeoStoreAuthenticationFilter.java:462)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.retrieveUserWithAuthorities(OAuth2GeoStoreAuthenticationFilter.java:431)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.createPreAuthentication(OAuth2GeoStoreAuthenticationFilter.java:367)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.performOAuthAuthentication(OAuth2GeoStoreAuthenticationFilter.java:236)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.authenticateAndUpdateCache(OAuth2GeoStoreAuthenticationFilter.java:174)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.attemptAuthentication(OAuth2GeoStoreAuthenticationFilter.java:158)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.doFilter(OAuth2GeoStoreAuthenticationFilter.java:130)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:155)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.keycloak.KeyCloakFilter.doFilter(KeyCloakFilter.java:110)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:52)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:216)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.GeoStoreAuthenticationFilter.doFilter(GeoStoreAuthenticationFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.GeoStoreAuthenticationFilter.doFilter(GeoStoreAuthenticationFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
	org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
	org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
Root Cause

org.postgresql.util.PSQLException: ERROR: value too long for type character varying(20)
	org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2552)
	org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2284)
	org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:322)
	org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:481)
	org.postgresql.jdbc.PgStatement.execute(PgStatement.java:401)
	org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:164)
	org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:130)
	org.apache.commons.dbcp.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:102)
	org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.executeUpdate(ResultSetReturnImpl.java:197)
	org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3298)
	org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:3825)
	org.hibernate.action.internal.EntityInsertAction.execute(EntityInsertAction.java:107)
	org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:604)
	org.hibernate.engine.spi.ActionQueue.lambda$executeActions$1(ActionQueue.java:478)
	java.base/java.util.LinkedHashMap.forEach(LinkedHashMap.java:684)
	org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:475)
	org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:344)
	org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:40)
	org.hibernate.event.service.internal.EventListenerGroupImpl.fireEventOnEachListener(EventListenerGroupImpl.java:99)
	org.hibernate.internal.SessionImpl.doFlush(SessionImpl.java:1362)
	org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:453)
	org.hibernate.internal.SessionImpl.flushBeforeTransactionCompletion(SessionImpl.java:3212)
	org.hibernate.internal.SessionImpl.beforeTransactionCompletion(SessionImpl.java:2380)
	org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl.beforeTransactionCompletion(JdbcCoordinatorImpl.java:448)
	org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl.beforeCompletionCallback(JdbcResourceLocalTransactionCoordinatorImpl.java:183)
	org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl.access$300(JdbcResourceLocalTransactionCoordinatorImpl.java:40)
	org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl$TransactionDriverControlImpl.commit(JdbcResourceLocalTransactionCoordinatorImpl.java:281)
	org.hibernate.engine.transaction.internal.TransactionImpl.commit(TransactionImpl.java:101)
	org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:562)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:743)
	org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:711)
	org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:654)
	org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:407)
	org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
	org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
	org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:215)
	com.sun.proxy.$Proxy84.persist(Unknown Source)
	it.geosolutions.geostore.services.UserServiceImpl.insert(UserServiceImpl.java:146)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.createUser(OAuth2GeoStoreAuthenticationFilter.java:462)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.retrieveUserWithAuthorities(OAuth2GeoStoreAuthenticationFilter.java:431)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.createPreAuthentication(OAuth2GeoStoreAuthenticationFilter.java:367)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.performOAuthAuthentication(OAuth2GeoStoreAuthenticationFilter.java:236)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.authenticateAndUpdateCache(OAuth2GeoStoreAuthenticationFilter.java:174)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.attemptAuthentication(OAuth2GeoStoreAuthenticationFilter.java:158)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2GeoStoreAuthenticationFilter.doFilter(OAuth2GeoStoreAuthenticationFilter.java:130)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:155)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.keycloak.KeyCloakFilter.doFilter(KeyCloakFilter.java:110)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter.doFilterInternal(DefaultLogoutPageGeneratingFilter.java:52)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:216)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.GeoStoreAuthenticationFilter.doFilter(GeoStoreAuthenticationFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	it.geosolutions.geostore.services.rest.security.GeoStoreAuthenticationFilter.doFilter(GeoStoreAuthenticationFilter.java:87)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
	org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
	org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
	org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
	org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
Note The full stack trace of the root cause is available in the server logs.

Aug 05 '22 16:08 MV88

at the moment i have disabled open id config. I'll restore it on monday

Aug 05 '22 16:08 MV88

The error seems to indicate there is a limit on the db( for the name of the user probably) of 20 chars. On the code the limit is 255, so probably the limit comes for the old database that wasn't updated in column sizes. Contact DevOps

Aug 05 '22 16:08 offtherailz

@tdipisa @offtherailz

I have altered the length of column name inside gs_user, in this way the previous error is gone and login with google seems to be working fine

for reference

ALTER TABLE "geostore_mapstore2_dev"."geostore"."gs_user" ALTER COLUMN "name" TYPE CHARACTER VARYING(255)

i'm gonna include this in our migration guidelines

Aug 08 '22 07:08 MV88

@ElenaGallo google setup is testable in DEV

Aug 08 '22 07:08 MV88

@MV88 @offtherailz it seems to me there are functional problems in DEV with the OpenID support for Google. I've asked @ElenaGallo do an extensive test in DEV and report back here with the status of inconsistencies we have found (fyi @ale-cristofori).

Aug 08 '22 09:08 tdipisa

@offtherailz @MV88 @ale-cristofori @tdipisa here all the issues I found when testing OpenID:

1) By logging in with OpenID user the "No access token found" page open (to be able to login with OpenID you must be in Incognito)

How to Reproduce

Current Result This page opens: https://dev-mapstore.geosolutionsgroup.com/mapstore/rest/geostore/openid/google/callback?code=4%2F0AdQt8qj1Tu8iX0myVpMLjYkgsXbbSkochFlJ5PueVAOt2Hk0xJK51upxBfdrNoJvV48FAg&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&hd=geosolutionsgroup.com&prompt=none

2) The login with the OpenID user has been logged out after a few minutes and this token error is displayed in the console:

POST https://dev-mapstore.geosolutionsgroup.com/mapstore/rest/geostore/session/refreshToken 500 (500)

How to Reproduce

Login as OpenID user
wait a few minutes

Current Result You are logged out

3) Login problem between openID user and normal user

How to Reproduce

Login as OpenID user
Logout as OpenID user
Login as admin or normal user
Click on Login dropdown menu

Current Result Instead of being logged in as admin you are logged in with the OpenID user

4) A resource, created by an MS user or an OpenID user, is also visible by an anonymous user

How to Reproduce

Login as MS user or OpenID user
Open a new map
Click on Save as
Enter a title
Click on Save
Logout

Current Result The map is visible

Expected Result The map is not visible

5) When an OpenID user try to open gs-stable a authkey token error appears

How to Reproduce

Login as OpenID user
Open a map
Click on Catalog

Current Result Access to XMLHttpRequest at 'https://gs-stable.geo-solutions.it/geoserver/csw?service=CSW&version=2.0.2&request=&authkey=ya29.A0AVA9y1sYesh9Z_JC4BP7Ap_yUFm6mi5tKIOwBbx8gwzXnmESLYmFaRoLcy_OlZeGKxrw6on_dZGoHLVbw7x1oj3oqqrbSEB16iomKiJSdX6azzIHjqR9-t1gprakYyEdSFR1JyDb3K49WEjzC4t7N4IrllIFaCgYKATASATASFQE65dr8JwoWWieeH_AYfMN9AsJHfA0163' from origin 'https://dev-mapstore.geosolutionsgroup.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Aug 08 '22 12:08 ElenaGallo

@offtherailz @taba90 I've asked @ElenaGallo to report above test results of the functional test for the OpenID. Can you please check what's wrong in DEV and maybe have a synch with @MV88 who configured it in DEV? @ale-cristofori can coordinate this activity during my absence.

Aug 12 '22 09:08 tdipisa

@tdipisa @ale-cristofori @offtherailz @taba90 In addition to this with recent changes on the modular plugin this is no longer working in DEV. so we have configured it on QA directly in the datadir to be tested and investigated there (branch 2022.02.xx) see https://github.com/geosolutions-it/MapStore2/issues/8487

Aug 16 '22 13:08 MV88

Here my feedback about the issues notified by @ElenaGallo

1) By logging in with OpenID user the "No access token found" page open (to be able to login with OpenID you must be in Incognito)

This is probably due to a server side. It seems also to have a JSESSIONID that should not be there.

2) The login with the OpenID user has been logged out after a few minutes and this token error is displayed in the console:

Checking the response to /tokens entry point, MapStore receives only the accessToken, without any refreshToken

access_token: "...",
token_type: "Bearer"

For this reason probably on /refreshToken request, we receive a nullPointerException.

java.lang.NullPointerException
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2SessionServiceDelegate.retrieveAccessToken(OAuth2SessionServiceDelegate.java:192)
	it.geosolutions.geostore.services.rest.security.oauth2.OAuth2SessionServiceDelegate.refresh(OAuth2SessionServiceDelegate.java:99)
	it.geosolutions.geostore.services.rest.impl.RESTSessionServiceImpl.refresh(RESTSessionServiceImpl.java:184)
	it.geosolutions.geostore.services.rest.impl.RESTSessionServiceImpl.refresh(RESTSessionServiceImpl.java:211)
	java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	java.base/java.lang.reflect.Method.invoke(Method.java:566)

3) Login problem between openID user and normal user

I think this is related to JSESSIONID too, or other kind of cache. The google user is associated to the token on /login instead of the one that matched the login. Probably this regression has been introduced by keycloak implementation.

4) A resource, created by an MS user or an OpenID user, is also visible by an anonymous user

Also this is caused by JSESSIONID. Removing the JSESSIONID cookie, the private map is not visible anymore.

Summarizing

There is the #8487 problem (notified by @MV88) that regards DEV env, so please make sure to solve or mitigate this first, to allow to test

Moreover, in my opinion there are a couple of problems, all located on the back-end (geostore) :

Refresh token not present on google login
JSESSIONID causes mess in sessions of the user, and it should be removed.

Please @ale-cristofori or @tdipisa sync with @taba90 about this.

Aug 16 '22 14:08 offtherailz

@offtherailz, @taba90 will be back Monday.

Aug 17 '22 12:08 nmco

two note:

Now dev is working ( #8487 has been solved) so we can proceed fixing backend and testing on dev (backports to proper geotstore branch are steel required of course)
Here a video that explains the login/logut/login wrong name + no token found.

https://user-images.githubusercontent.com/1279510/185894727-4db8101a-ab93-4294-9e02-fb18e6095c96.mp4

Aug 22 '22 10:08 offtherailz

Opened pr on main. The issue seems to be caused by a spring bean lookup not properly handled.

Aug 29 '22 08:08 taba90

Opened pr on main. The issue seems to be caused by a spring bean lookup not properly handled.

@taba90 can you please link the PR here?

Aug 29 '22 10:08 tdipisa

https://github.com/geosolutions-it/geostore/pull/303

Aug 29 '22 10:08 taba90

HI @offtherailz @tdipisa @taba90 I tested the issue on DEV and this is what I found:

Point 4 is still present. Open this map create by admin and this map create by openID user, without logging into MS

A resource, created by an MS user or an OpenID user, is also visible by an anonymous user

How to Reproduce

Login as MS user or OpenID user

Open a new map

Click on Save as

Enter a title

Click on Save

Logout

Current Result The map is visible

Expected Result The map is not visible

Point 5 has not been solved, is it not an issue?

When an OpenID user try to open gs-stable a authkey token error appears

How to Reproduce

Login as OpenID user

Open a map

Click on Catalog

Current Result Access to XMLHttpRequest at 'https://gs-stable.geo-solutions.it/geoserver/csw?service=CSW&version=2.0.2&request=&authkey=ya29.A0AVA9y1sYesh9Z_JC4BP7Ap_yUFm6mi5tKIOwBbx8gwzXnmESLYmFaRoLcy_OlZeGKxrw6on_dZGoHLVbw7x1oj3oqqrbSEB16iomKiJSdX6azzIHjqR9-t1gprakYyEdSFR1JyDb3K49WEjzC4t7N4IrllIFaCgYKATASATASFQE65dr8JwoWWieeH_AYfMN9AsJHfA0163' from origin 'https://dev-mapstore.geosolutionsgroup.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The issue reported by @offtherailz is still present

Here a video that explains the login/logut/login wrong name + no token found.

https://user-images.githubusercontent.com/1279510/185894727-4db8101a-ab93-4294-9e02-fb18e6095c96.mp4

Sep 08 '22 08:09 ElenaGallo

Point 4 is still present. Open this map create by admin and this map create by openID user, without logging into MS

It seems working fine for me when I'm anonymous

Point 5 has not been solved, is it not an issue?

I saw the user is synchronized in MS DB, therefore I think it should work. It seems to be an issue in my opinion but let's hear from @offtherailz for a confirmation

The issue reported by @offtherailz is still present

I confirm it is still present with the only difference that in my case the name of the admin user is correct when I login as admin after the first login with the google user.

Furthermore, I would like to add another issue here: after around 20 seconds I'm logged in with the google account, the application log me out.

@offtherailz @taba90 it seems to me here we are too far to release this new feature in 2022.02.xx. It seems still quite unstable.

Sep 08 '22 08:09 tdipisa

@tdipisa I've tested this again on dev everything works fine now I've tested them on dev. The geostore jars were from august on the maven repo, I don't know why were not updated. I've opened the backport for this fix already landed to master https://github.com/geosolutions-it/geostore/pull/309. When this will be merged I will backport the auth key integration fix as well that has been provided in context of keycloak fix for the same functionality. This is due the fact that the geostore api is common for both even if the authentication mechanism are different.

One thing to pay attention to is the regex configured on the auth key geoserver side: the default one is not suitable for email like username like the one we have with a google login.

Sep 13 '22 11:09 taba90

backport pr https://github.com/geosolutions-it/geostore/pull/309

Sep 13 '22 11:09 taba90

@ElenaGallo could you do one more test on dev for openid authentication with google? thank you

Sep 13 '22 12:09 taba90

Test passed on DEV, @tdipisa backport is possible for this issue.

Sep 13 '22 14:09 ElenaGallo

Since the last fixes provided by @taba90 are on the backend and the backend release (used by QA) will be regenerated @ElenaGallo, I think there is nothing to backport here, all is already in QA codebase (correct me if I'm wrong @taba90).

Sep 13 '22 14:09 tdipisa

@tdipisa I guess QA is 2022.02.xx right? then I've to backport to geostore 1.9.x. Things have been contributed on master aka 2.0-SNAPSHOT so far.

Sep 13 '22 14:09 taba90

@taba90

@tdipisa I guess QA is 2022.02.xx right?

Yes.

then I've to backport to geostore 1.9.x. Things have been contributed on master aka 2.0-SNAPSHOT so far.

I know that, I meant there is nothing to be backported for the front-end part.

Sep 13 '22 14:09 tdipisa

right, I thought you were referring to geostore as well

Sep 13 '22 14:09 taba90

@taba90 ask @etj for a review of the backport and let us know as soon ad the version of the backend used by QA has been regenerated

Sep 13 '22 14:09 tdipisa

@tdipisa backport merged on 1.9.x. Let me know when I can re-release 1.9.0

Sep 15 '22 07:09 taba90

@tdipisa backport merged on 1.9.x. Let me know when I can re-release 1.9.0

@taba90 if you have done, as soon as you can. @ElenaGallo did you tested this in DEV? Let's wait for the @ElenaGallo feedback.

Sep 15 '22 07:09 tdipisa

MapStore2 MapStore2 copied to clipboard

Test OpenID support

Description

Summarizing

MapStore2
MapStore2 copied to clipboard