Task #5338
closed
Allow XHR requests on D4science Geoserver WFS
100%
Description
At now JS clients are not able to perform XHRs on GeoServer. This is blocking for implementing UIs that require WFS XHRs.
Example:
XMLHttpRequest cannot load http://geoserver-dev.d4science-ii.research-infrastructures.eu/geoserver/ows?service=wfs&version=1.0.0&request=GetFeature&typeName=W_mpa:ecoregions&outputFormat=json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
Related issues
Updated by Pasquale Pagano over 8 years ago
- Assignee set to Francesco Mangiacrapa
- Target version changed from UnSprintable to External Tools
Updated by Emmanuel Blondel over 8 years ago
Please be sure to target also dev geoservers (and not only), required for the ongoing UI developments (http://geoserver-dev.d4science-ii.research-infrastructures.eu/geoserver/)
Many thanks, and looking forward to your feedback
Updated by Emmanuel Blondel over 8 years ago
Blocking for https://support.d4science.org/issues/4991
Updated by Emmanuel Blondel over 8 years ago
Any update on this?
I remind this is blocking the MPA web-app VRE integration, and i hope that this restriction preventing XHR requests on D4Science WFS could be removed soon.
Thanks in advance
Updated by Pasquale Pagano over 8 years ago
I believe that we should consider to move this work in production since the activity #5214 clearly illustrate that:
- ENG did not start yet to implement the proxy service
- CNR is working to move the dev infrastructure to modern instances of the services and this will require still some days.
Moving in production is easier. It is sufficient to create a VRE accessible only by accepted members. If you agree, please proceed with the request for creating a new VRE.
Updated by Emmanuel Blondel over 8 years ago
In principle, i have nothing against moving to prod, if it can boost the overall MPA activity and solve its blocking tasks (including this ticket, + HTTPS on Geoserver). But with this i think that moving all data to production is becoming a bottleneck. I'm not sure that @levi.westerveld@gmail.com can do this in the short-term (he's on leave), unless CNR can support to move all the data he published in dev. Resources includes 27 feature types/layers in geoserver (all under 'W_mpa' workspace) and its associated styles. Let me know if this is doable, and if i have to create a ticket for it.
We don't need a VRE, there is yet an MPA VRE in prod for later, and in any case the developments and integration will be done in https://next.d4science.org/group/nextnext/mpa (yet a portlet there to test this integration and layout compatibility with liferay), invoking runtime resources (that could be from prod or dev, as long it doesn't prevent the UI to work). Please note also that the portlet has only one role: grab VRE token at JS level and pass it to a web-app simply embedded. This flexible approach allows customer to be modular:
- to have the app running outside (if a public token is provided for WPS invokation)
- to have the app running inside a VRE: inheriting the VRE token
Note that the portlet could be generic (and i'd like to make it as configurable liferay portlet for future, this would simplify a lot integration of js web-apps that could run outside/inside VRE, this respecting the token-based authorization mechanism)
For now, app can be run outside (and under evaluation by Levi), but still not within in VRE because of the known issues: XHR prevented on WFS, HTTPS needed on geoservers (yet the other domain needed under as https support it: data.d4science.org, access.d4science.org , and wps /dataminer).
Updated by Pasquale Pagano over 8 years ago
- Related to Task #5501: Move data from development to production GeoNetwork added
Updated by Pasquale Pagano over 8 years ago
I opened a ticket, #5501, and related to this activity. It is about the porting of data from development to production.
However, it is needed I believe to clarify if the data are public or private. In the first case the porting should not be a problem. In the second case, they have to be associated to a production VRE. Please clarify.
Updated by Emmanuel Blondel over 8 years ago
- Priority changed from High to Urgent
Until now we were relying directly on VLIZ Geoserver WFS (temporarily) to let GRID-ARENDAL test their web-app (using dynamic WFS selectors). However, VLIZ just released a new version of their EEZ layer, changing the featureType (schema), which breaks our current app. For all GIS resources used in the MPA analysis we need to rely on D4Science Geoserver, to make the app working again, and stop relying on remote sources out of our control.
Given these considerations, Can you please let us know if this Cross-Origin restriction on WFS can be removed, and when.
Updated by Emmanuel Blondel over 8 years ago
Please note that it's not really about "external tools", it's about to query a D4Science Geoserver WFS, which is not external, but unfortunately from server POV seen as cross origin when querying it under access.d4science.org and the portal domain. Clearly it's a limitation if we are not able to query WFS data from web-clients, in particular web-clients hosted in D4Science.
Updated by Pasquale Pagano over 8 years ago
Please @francesco.mangiacrapa@isti.cnr.it, @andrea.dellamico@isti.cnr.it, and @gianpaolo.coro@isti.cnr.it look at this request. It is urgent and it s blocking the activity of WP7. Can you clarify when and how you can satisfy this request? Thanks.
Updated by Andrea Dell'Amico over 8 years ago
- Status changed from New to In Progress
- Assignee changed from Francesco Mangiacrapa to Andrea Dell'Amico
Updated by Andrea Dell'Amico over 8 years ago
- % Done changed from 0 to 80
@emmanuel.blondel@fao.org I've just enabled both CORS and https on the dev geoserver. Are you able to test if it solves your problem? The CORS configuration only permits requests from the d4science.org domain right now. It can be relaxed if needed.
If it works I'll reconfigure the production geoservers on monday.
Updated by Emmanuel Blondel over 8 years ago
Hi Andrea, thanks for pushing on this. I've tried it with dev geoserver under http://access.d4science.org, but it didn't work:
XMLHttpRequest cannot load http://geoserver-dev.d4science-ii.research-infrastructures.eu/geoserver/wfs…rsion=1.0.0&request=GetFeature&typeName=W_mpa:ecoregions&outputFormat=json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://access.d4science.org' is therefore not allowed access. The response had HTTP status code 404.
Better if could relax domain restrictions.
Thanks in advance
Updated by Andrea Dell'Amico over 8 years ago
My fault, I assumed that the request were made over https. Now it should work over http too.
Updated by Pasquale Pagano over 8 years ago
- Status changed from In Progress to Feedback
Please @emmanuel.blondel@fao.org can you check it again?
Thanks
Updated by Emmanuel Blondel over 8 years ago
It's not working with dev Geoserver on http (invoking on http://access.d4science.org)
Updated by Andrea Dell'Amico over 8 years ago
Can you check now?
Or can you show me a way to test by myself?
Updated by Emmanuel Blondel over 8 years ago
I couldn't test this time, geoserver-dev seems down.
This test app is a way to check http://access.d4science.org/webpub_96283386-8925-4310-a3ac-9d45793ad782/mpa-web
You can test by selecting "Ecoregion" with the first dropdown-list, it will trigger the WFS request (FYI, the default selector "EEZ" still relies directly on VLIZ Geoserver not D4S geoserver)
Updated by Andrea Dell'Amico over 8 years ago
I reworked the CORS configuration because it seems that geoserver gets confused (or is the caller to get confused?)
The behaviour I'm seeing now is the following:
- When I set limits to the allow-origin headers, going to http://access.d4science.org/webpub_96283386-8925-4310-a3ac-9d45793ad782/mpa-web gives me results and I can see that the geoserver is queried successfully when EEZ is selected. Example:
127.0.0.1 - - [25/Oct/2016:09:46:58 +0200] "GET /geoserver/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&FORMAT=image%2Fpng&TRANSPARENT=true&LAYERS=W_mpa%3Ageo_fea_shelf&TI LED=true&TILESORIGIN=-180%2C-90&WIDTH=256&HEIGHT=256&SRS=EPSG%3A4326&STYLES=&BBOX=-101.25%2C0%2C-90%2C11.25 HTTP/1.1" 200 855 127.0.0.1 - - [25/Oct/2016:09:46:58 +0200] "GET /geoserver/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&FORMAT=image%2Fpng&TRANSPARENT=true&LAYERS=W_mpa%3Ageo_fea_hadal&TI LED=true&TILESORIGIN=-180%2C-90&WIDTH=256&HEIGHT=256&SRS=EPSG%3A4326&STYLES=&BBOX=-101.25%2C0%2C-90%2C11.25 HTTP/1.1" 200 674 127.0.0.1 - - [25/Oct/2016:09:46:58 +0200] "GET /geoserver/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMap&FORMAT=image%2Fpng&TRANSPARENT=true&LAYERS=W_mpa%3Ageo_fea_abyss&TI LED=true&TILESORIGIN=-180%2C-90&WIDTH=256&HEIGHT=256&SRS=EPSG%3A4326&STYLES=&BBOX=-101.25%2C0%2C-90%2C11.25 HTTP/1.1" 200 1278
- When I set limits to the allow-origin headers (so the same configuration of the previous case), going to http://access.d4science.org/webpub_96283386-8925-4310-a3ac-9d45793ad782/mpa-web fails if I select
Ecoregions. The tomcat error is puzzling:
127.0.0.1 - - [25/Oct/2016:09:49:49 +0200] "GET /geoserver/geoserver/wfs?version=1.0.0&request=GetFeature&typeName=W_mpa:ecoregion&bbox=-99.27246093750001,8.54736328125001 4,-55.327148437500014,31.618652343750014&outputFormat=json HTTP/1.1" 404 967 25 Oct 09:49:49 WARN [servlet.PageNotFound] - No mapping found for HTTP request with URI [/geoserver/geoserver/wfs] in DispatcherServlet with name 'dispatcher'
But the request from the reverse proxy (nginx) seems correct:
146.48.122.27 - - [25/Oct/2016:09:49:49 +0200] "GET /geoserver/wfs?version=1.0.0&request=GetFeature&typeName=W_mpa:ecoregion&bbox=-99.27246093750001,8.547363281250014,-55. 327148437500014,31.618652343750014&outputFormat=json HTTP/1.1" 404 967 "http://access.d4science.org/webpub_96283386-8925-4310-a3ac-9d45793ad782/mpa-web/" "Mozilla/5.0 (Mac intosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36"
- If I relax the CORS settings, allowing calls from anywhere, I still obtain results when EEZ is selected but tomcat gives an exception when I select
Ecoregions
The tomcat access log:
127.0.0.1 - - [25/Oct/2016:09:55:12 +0200] "GET /geoserver/wfs?version=1.0.0&request=GetFeature&typeName=W_mpa:ecoregion&bbox=-99.27246093750001,8.547363281250014,-5│-- --│5.327148437500014,31.618652343750014&outputFormat=json HTTP/1.1" 200 260
And the tomcat exception:
25 Oct 09:55:12 ERROR [geoserver.ows] -
org.geoserver.wfs.WFSException: Feature type W_mpa:ecoregion unknown
at org.geoserver.wfs.kvp.GetFeatureKvpRequestReader.checkTypeName(GetFeatureKvpRequestReader.java:370)
at org.geoserver.wfs.kvp.GetFeatureKvpRequestReader.read(GetFeatureKvpRequestReader.java:137)
at org.geoserver.ows.Dispatcher.parseRequestKVP(Dispatcher.java:1405)
at org.geoserver.ows.Dispatcher.dispatch(Dispatcher.java:622)
at org.geoserver.ows.Dispatcher.handleRequestInternal(Dispatcher.java:263)
at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.geoserver.filters.ThreadLocalsCleanupFilter.doFilter(ThreadLocalsCleanupFilter.java:23)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.geoserver.filters.SpringDelegatingFilter$Chain.doFilter(SpringDelegatingFilter.java:74)
at org.geoserver.filters.SpringDelegatingFilter.doFilter(SpringDelegatingFilter.java:45)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.geoserver.platform.AdvancedDispatchFilter.doFilter(AdvancedDispatchFilter.java:49)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.vfny.geoserver.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:311)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:68)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:72)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:68)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:72)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.geoserver.security.filter.GeoServerAnonymousAuthenticationFilter.doFilter(GeoServerAnonymousAuthenticationFilter.java:53)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:68)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:72)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
at org.geoserver.security.filter.GeoServerBasicAuthenticationFilter.doFilter(GeoServerBasicAuthenticationFilter.java:82)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:68)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:72)
at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:97)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:71)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:41)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Updated by Emmanuel Blondel over 8 years ago
Hi Andrea, thanks for this, indeed now we don't get any cross-origin exception on the client (the good news!). But instead, as you said, we had some issue with the featuretype name in geoserver, that i've fixed now (and sorry if it created confusion when doing your final test). The remote WFS can be queried now! I suppose you will proceed in prod? Many thanks for your support
PS: as said, the EEZ was called from another remote server (not D4science), that's why you always got the WFS working on it
Updated by Francesco Mangiacrapa over 8 years ago
- Tracker changed from Support to Task
Thanks @andrea.dellamico@isti.cnr.it for your support, I'm going to change this ticket as Task Ticket
Updated by Andrea Dell'Amico over 8 years ago
- % Done changed from 80 to 100
Emmanuel Blondel wrote:
Hi Andrea, thanks for this, indeed now we don't get any cross-origin exception on the client (the good news!). But instead, as you said, we had some issue with the featuretype name in geoserver, that i've fixed now (and sorry if it created confusion when doing your final test). The remote WFS can be queried now! I suppose you will proceed in prod? Many thanks for your support
Yes. The production geoservers have CORS enabled now.
PS: as said, the EEZ was called from another remote server (not D4science), that's why you always got the WFS working on it
Hm. But I saw queries to the geoserver when I used it, and each time I added/removed a layer...
Updated by Emmanuel Blondel over 8 years ago
I confirm it works as well on prod. Many thanks for your support @andrea.dellamico@isti.cnr.it , much appreciated!
Updated by Andrea Dell'Amico over 8 years ago
- Status changed from Feedback to Closed
