如何解决配置 Geoserver 以处理 Azure 应用服务
我有一个配置了 AD 身份验证的 Azure 应用服务(Tomcat 9.0 和 Java 11),并且我已经在其上部署了 Geoserver 2.18 WAR。
当我尝试访问 geoserver 时,我的主页正常,但是当我尝试使用默认的 geoserver 凭据登录时,我得到了一个堆栈跟踪:
java.lang.IllegalArgumentException: Failed to parse address1.2.3.4,5.6.7.8,9.10.11.12
org.springframework.security.web.util.matcher.IpAddressMatcher.parseAddress(IpAddressMatcher.java:107)
org.springframework.security.web.util.matcher.IpAddressMatcher.matches(IpAddressMatcher.java:66)
org.springframework.security.web.util.matcher.IpAddressMatcher.matches(IpAddressMatcher.java:62)
org.geoserver.security.BruteForceListener.lambda$requestAddressInWhiteList$0(BruteForceListener.java:126)
java.base/java.util.stream.MatchOps$1MatchSink.accept(Unknown Source)
java.base/java.util.ArrayList$ArrayListSpliterator.tryAdvance(Unknown Source)
java.base/java.util.stream.ReferencePipeline.forEachWithCancel(Unknown Source)
java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(Unknown Source)
java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source)
java.base/java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source)
java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
java.base/java.util.stream.ReferencePipeline.anyMatch(Unknown Source)
org.geoserver.security.BruteForceListener.requestAddressInWhiteList(BruteForceListener.java:126)
org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:65)
org.geoserver.security.BruteForceListener.onApplicationEvent(BruteForceListener.java:28)
org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:403)
org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:360)
org.springframework.security.authentication.DefaultAuthenticationEventPublisher.publishAuthenticationSuccess(DefaultAuthenticationEventPublisher.java:99)
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:224)
org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:315)
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:122)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:70)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:74)
org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
org.geoserver.filters.LoggingFilter.doFilter(LoggingFilter.java:101)
org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:47)
org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:46)
org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
com.microsoft.azure.appservice.filters.AppServiceFilter.doFilter(AppServiceFilter.java:53)
com.microsoft.azure.appservice.EasyAuthFilter.doFilter(EasyAuthFilter.java:42)
(出于隐私原因,我已将堆栈跟踪中的 3 个 IP 替换为虚拟 IP)
检查 Azure 的身份验证代理发送到 geoserver 的 HTTP 标头以及 x-forwarded-for HTTP 标头中的 3 个 IP 字符串是否匹配。
我是否未能配置某些内容?由于无法登录,因此很难进入地理服务器安全设置!
解决方法
好的,经过一些更深入的挖掘,我认为我找到了解决方案。 Geoserver 在其蛮力登录预防中使用 IpAddressMatcher。 IpAddressMatcher 需要 HTTP 标头中的单个 IP 地址。 Azure 有多个,所以这会导致问题。
可以通过编辑 $GEOSERVER_DATA_DIR/security/config.xml 并在底部附近将 bruteForcePrevention 更改为 false 来禁用暴力登录检测,如下所示:
<bruteForcePrevention>
<enabled>false</enabled>
<minDelaySeconds>1</minDelaySeconds>
<maxDelaySeconds>5</maxDelaySeconds>
<maxBlockedThreads>100</maxBlockedThreads>
<whitelistedMasks>
<string>127.0.0.1</string>
</whitelistedMasks>
</bruteForcePrevention>
重启 tomcat,现在 geoserver 可以工作了,我可以登录了。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。