Last active
July 20, 2018 12:01
-
-
Save fvanderbiest/1049126fc13a921f2d9a1adb6f5dc5a1 to your computer and use it in GitHub Desktop.
geOrchestra datadir changes between 17.12 and 18.06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/.gitignore b/.gitignore | |
new file mode 100644 | |
index 0000000..b25c15b | |
--- /dev/null | |
+++ b/.gitignore | |
@@ -0,0 +1 @@ | |
+*~ | |
diff --git a/README.md b/README.md | |
index cd7bf81..2ae95bc 100644 | |
--- a/README.md | |
+++ b/README.md | |
@@ -42,7 +42,7 @@ Remember to change it in your LDAP too ! | |
Finally, you should head to [ReCAPTCHA](https://www.google.com/recaptcha/) and get an account for your service. | |
-Once you're done, fill in the public and private keys in the [ldapadmin/ldapadmin.properties](https://github.com/georchestra/datadir/blob/master/ldapadmin/ldapadmin.properties) file. | |
+Once you're done, fill in the public and private keys in the [console/console.properties](https://github.com/georchestra/datadir/blob/master/console/console.properties) file. | |
**Restart your tomcat or jetty services when done with datadir editing**. | |
@@ -54,6 +54,5 @@ There are plenty of other configuration options available, so feel free to brows | |
We do recommend that you: | |
* change your SDI logo, with [header/logo.png](header/logo.png) | |
* update the viewer config with [mapfishapp/js/GEOR_custom.js](mapfishapp/js/GEOR_custom.js) | |
- * update the extractor config with [extractorapp/js/GEOR_custom.js](extractorapp/js/GEOR_custom.js) | |
- * translate to your language the ldapadmin ([ldapadmin/templates](ldapadmin/templates)) and extractor ([extractorapp/templates](extractorapp/templates)) email templates | |
+ * translate to your language the console ([console/templates](console/templates)) and extractor ([extractorapp/templates](extractorapp/templates)) email templates | |
diff --git a/analytics/analytics.properties b/analytics/analytics.properties | |
index a89e065..48c059a 100644 | |
--- a/analytics/analytics.properties | |
+++ b/analytics/analytics.properties | |
@@ -1,6 +1,6 @@ | |
# This variable configures the JDBC URL to the database where the statistics | |
# gathered by the OGC-server-statistics module are stored | |
-dlJdbcUrlOGC=jdbc:postgresql://localhost:5432/georchestra?user=www-data&password=www-data | |
+dlJdbcUrlOGC=jdbc:postgresql://localhost:5432/georchestra?user=georchestra&password=georchestra | |
language=en | |
instance=geOrchestra | |
diff --git a/atlas/atlas.properties b/atlas/atlas.properties | |
index 0b623b2..b450eb4 100644 | |
--- a/atlas/atlas.properties | |
+++ b/atlas/atlas.properties | |
@@ -1,15 +1,15 @@ | |
# PostGreSQL | |
psql.url=jdbc:postgresql://localhost:5432/georchestra | |
-psql.user=www-data | |
-psql.pass=www-data | |
+psql.user=georchestra | |
+psql.pass=georchestra | |
# SMTP configuration | |
smtpHost=localhost | |
smtpPort=25 | |
# Other | |
-atlas.baseUrl=https://georchestra.mydomain.org/atlas | |
+atlas.baseUrl=${publicUrl}/atlas | |
atlas.emailFrom=noreply+atlas@georchestra.org | |
atlas.emailSubject=[geOrchestra] Your Atlas request | |
-atlas.temporaryDirectory=/tmp/georchestra/atlas | |
+atlas.temporaryDirectory=/tmp/atlas | |
diff --git a/cadastrapp/cadastrapp.properties b/cadastrapp/cadastrapp.properties | |
index 9fd5b68..9699cfb 100644 | |
--- a/cadastrapp/cadastrapp.properties | |
+++ b/cadastrapp/cadastrapp.properties | |
@@ -11,7 +11,7 @@ user.search.are.filtered=1 | |
# Database schema name | |
schema.name=cadastrapp_qgis | |
-## CNIL ROLE NAME for ldap group. Only Cnil 1 and Cnil 2 make some limitation | |
+## CNIL ROLE NAME for ldap role. Only Cnil 1 and Cnil 2 make some limitation | |
cnil1RoleName=ROLE_EL_CAD_CNIL1 | |
cnil2RoleName=ROLE_EL_CAD_CNIL2 | |
diff --git a/cas/cas.properties b/cas/cas.properties | |
index 6c74bdd..8440657 100644 | |
--- a/cas/cas.properties | |
+++ b/cas/cas.properties | |
@@ -1,14 +1,16 @@ | |
-server.name=https://georchestra.mydomain.org | |
-server.prefix=https://georchestra.mydomain.org/cas | |
+server.name=${publicUrl} | |
+server.prefix=${publicUrl}/cas | |
instance.name=geOrchestra | |
-homepage.url=https://georchestra.mydomain.org/ | |
-header.height=90 | |
+# Uncomment to override header height (size in px) or header url in the console | |
+# defaults to values defined in ../default.properties | |
+# headerHeight=90 | |
+# headerUrl=/header/ | |
# IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information | |
cas.securityContext.status.allowedSubnet=127.0.0.1 | |
-ldapadmin.contextpath=/ldapadmin | |
+console.contextpath=/console | |
cas.themeResolver.defaultThemeName=cas-theme-default | |
cas.viewResolver.basename=default_views | |
@@ -20,14 +22,14 @@ cas.viewResolver.basename=default_views | |
host.name=georchestra.mydomain.org | |
ldap.url=ldap://127.0.1.1:389 | |
-ldap.authn.groupSearchBaseDn=ou=roles,dc=georchestra,dc=org | |
+ldap.authn.roleSearchBaseDn=ou=roles,dc=georchestra,dc=org | |
ldap.authn.userSearchBaseDn=ou=users,dc=georchestra,dc=org | |
ldap.authn.searchFilter=(uid={user}) | |
ldap.admin.username=cn=admin,dc=georchestra,dc=org | |
ldap.admin.password=secret | |
-ldap.authn.groupSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org) | |
-ldap.authn.groupRoleAttribute=cn | |
-ldap.authn.pendingGroupName=PENDING | |
+ldap.authn.roleSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org) | |
+ldap.authn.roleRoleAttribute=cn | |
+ldap.authn.pendingRoleName=PENDING | |
# See http://www.ldaptive.org/ for information about ldap parameters | |
ldap.connectTimeout=30000 | |
diff --git a/ldapadmin/ldapadmin.properties b/console/console.properties | |
similarity index 69% | |
rename from ldapadmin/ldapadmin.properties | |
rename to console/console.properties | |
index e90b2be..5b89a51 100644 | |
--- a/ldapadmin/ldapadmin.properties | |
+++ b/console/console.properties | |
@@ -2,21 +2,24 @@ | |
# General purposes properties | |
instanceName=geOrchestra | |
-publicContextPath=/ldapadmin | |
+publicContextPath=/console | |
protectedUser.uid1=geoserver_privileged_user | |
-# Header height (size in px) | |
-headerHeight=90 | |
+# Uncomment to override header height (size in px) or header url in the console | |
+# defaults to values defined in ../default.properties | |
+# headerHeight=90 | |
+# headerUrl=/header/ | |
# Account moderation | |
# If moderatedSignup is true, each time a new user requests an account: | |
-# * an email is sent to moderatorEmail for validation, | |
-# * user has role PENDING (which grants nothing). | |
+# * an email is sent to all users having the SUPERUSER role and also to those | |
+# which hold and admin delegation for the declared Org (if any) | |
+# * user gets the PENDING role (which grants nothing on the SDI). | |
# Otherwise, the user is immediately considered as registered, | |
-# and is granted the USER role. | |
-# | |
+# and is granted the USER role. An email is also sent to SUPERUSER user | |
+# and delegated admins if any. | |
+ | |
moderatedSignup=true | |
-moderatorEmail=georchestra+testadmin@georchestra.mydomain.org | |
# Delay in days before the "I lost my password" token expires | |
delayInDays=1 | |
@@ -24,47 +27,48 @@ delayInDays=1 | |
# Possible values for org creation form : "orgShortName", "orgAddress" and "orgType" | |
requiredFields=firstName,surname,org,orgType | |
-# Org type values is used to populate the drop down list from /ldapadmin/account/new | |
+# Org type values is used to populate the drop down list from /console/account/new | |
orgTypeValues=Association,Company,NGO,Individual,Other | |
# Areas map configuration | |
-# This map appears on the /ldapadmin/account/new page, when the user checks the "my org does not exist" checkbox. | |
+# This map appears on the /console/account/new page, when the user checks the "my org does not exist" checkbox. | |
# Currently the map is configured with the EPSG:4326 SRS. | |
-AreaMapCenter=1.77, 47.3 | |
-AreaMapZoom=6 | |
+# Optional center and zoom of map, uncomment following line and also AreaMapZoom to force center and zoom | |
+#AreaMapCenter=1.77, 47.3 | |
+#AreaMapZoom=6 | |
# AreasUrl is the URL of a static file or a service with a GeoJSON FeatureCollection object string in EPSG:4326. | |
AreasUrl=https://www.geopicardie.fr/public/communes_simplified.json | |
# example "dynamic" AreasUrl=https://my.server.org/geoserver/ows?SERVICE=WFS&REQUEST=GetFeature&typeName=gadm:gadm_for_countries&outputFormat=json&cql_filter=ISO='FRA' or ISO='BEL' | |
# The following properties are used to configure the map widget behavior: | |
-AreasKey=OBJECTID | |
+AreasKey=INSEE_COM | |
# AreasKey is the key stored in the org LDAP record to uniquely identify a feature. | |
-AreasValue=OBJECTID | |
+AreasValue=NOM_COM | |
# AreasValue is the feature "nice name" which appears in the widget list once selected. | |
-AreasGroup=ISO | |
+AreasGroup=NOM_DEP | |
# AreasGroup is the feature property which is used to group together areas. | |
# eg: if the GeoJSON file represents regions, then AreasGroup might be the property with the "state name". | |
# CAUTION: AreasGroup **has to** be a string, not a numeric ! | |
# reCaptcha V2 | |
verificationURL=https://www.google.com/recaptcha/api/siteverify | |
-privateKey=6LeStlMUAAAAAMjUHn-srYb_rXDs5EUvkDBW5UbQ | |
-publicKey=6LeStlMUAAAAAHHcDH0RJ1wGos5I5G0iTcxxlJrZ | |
+privateKey=6LfTgF4UAAAAAL-FJJecf36W69hEaC4qZ1yu_s5- | |
+publicKey=6LfTgF4UAAAAADphdZKi6ocxIpn9MSzt8wRBFmmd | |
# LDAP related | |
ldapUrl=ldap://localhost:389 | |
baseDN=dc=georchestra,dc=org | |
ldapAdminDn=cn=admin,dc=georchestra,dc=org | |
ldap.admin.password=secret | |
-groupUniqueNumberField=ou | |
+roleUniqueNumberField=ou | |
userSearchBaseDN=ou=users | |
-groupSearchBaseDN=ou=roles | |
+roleSearchBaseDN=ou=roles | |
+orgSearchBaseDN=ou=orgs | |
accountUniqueNumberField=employeeNumber | |
-orgsSearchBaseDN=ou=orgs | |
# PostGreSQL database connection parameters | |
psql.url=jdbc:postgresql://localhost:5432/georchestra | |
-psql.user=www-data | |
-psql.pass=www-data | |
+psql.user=georchestra | |
+psql.pass=georchestra | |
# SMTP configuration | |
smtpHost=localhost | |
@@ -74,17 +78,19 @@ smtpPort=25 | |
emailHtml=false | |
replyTo=georchestra+testadmin@georchestra.mydomain.org | |
from=georchestra+testadmin@georchestra.mydomain.org | |
-language=en | |
subject.account.created=[geOrchestra] Your account has been created | |
subject.account.in.process=[geOrchestra] Your new account is waiting for validation | |
subject.requires.moderation=[geOrchestra] New account waiting for validation | |
subject.change.password=[geOrchestra] Update your password | |
subject.account.uid.renamed=[geOrchestra] New login for your account | |
+subject.new.account.notification=[geOrchestra] New account created | |
+templateEncoding=UTF-8 | |
warnUserIfUidModified=true | |
+# This "�" char should display nicely in a ISO 8859-1 configured editor | |
# Email proxy configuration | |
# Basically, this webapp can send emails on behalf of LDAP users. | |
-# The service endpoint is available at /ldapadmin/emailProxy | |
+# The service endpoint is available at /console/emailProxy | |
# Usage is restricted to users having the MOD_EMAILPROXY role by default, | |
# cf https://github.com/georchestra/datadir/blob/master/security-proxy/security-mappings.xml | |
# see https://github.com/georchestra/georchestra/pull/1572 for more information. | |
diff --git a/ldapadmin/log4j/log4j.properties b/console/log4j/log4j.properties | |
similarity index 80% | |
rename from ldapadmin/log4j/log4j.properties | |
rename to console/log4j/log4j.properties | |
index d8ef621..c9cddfe 100644 | |
--- a/ldapadmin/log4j/log4j.properties | |
+++ b/console/log4j/log4j.properties | |
@@ -16,14 +16,13 @@ | |
#------------------------------------------------------------------------------ | |
log4j.rootLogger=WARN, R | |
-log4j.logger.org.georchestra.ldapadmin=WARN, R | |
-log4j.logger.org.georchestra.ldapadmin.ws.utils=INFO, R | |
+log4j.logger.org.georchestra.console=WARN, R | |
+log4j.logger.org.georchestra.console.ws.utils=INFO, R | |
log4j.appender.R = org.apache.log4j.rolling.RollingFileAppender | |
log4j.appender.R.RollingPolicy = org.apache.log4j.rolling.TimeBasedRollingPolicy | |
-log4j.appender.R.RollingPolicy.FileNamePattern = /tmp/ldapadmin.%d.log.gz | |
-log4j.appender.R.RollingPolicy.ActiveFileName = /tmp/ldapadmin.log | |
+log4j.appender.R.RollingPolicy.FileNamePattern = /tmp/console.%d.log.gz | |
+log4j.appender.R.RollingPolicy.ActiveFileName = /tmp/console.log | |
log4j.appender.R.Append = true | |
log4j.appender.R.layout = org.apache.log4j.PatternLayout | |
log4j.appender.R.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n | |
- | |
diff --git a/console/protectedroles.properties b/console/protectedroles.properties | |
new file mode 100644 | |
index 0000000..869122e | |
--- /dev/null | |
+++ b/console/protectedroles.properties | |
@@ -0,0 +1,2 @@ | |
+# protected roles list separated by comma. Case sensitive. Reg ex is allowed | |
+protectedRolesList=SUPERUSER,ADMINISTRATOR,ORGADMIN,PENDING,USER,EXTRACTORAPP,GN_.* | |
diff --git a/ldapadmin/templates/account-creation-in-progress-template.txt b/console/templates/account-creation-in-progress-template.txt | |
similarity index 64% | |
rename from ldapadmin/templates/account-creation-in-progress-template.txt | |
rename to console/templates/account-creation-in-progress-template.txt | |
index 452ab09..b141915 100644 | |
--- a/ldapadmin/templates/account-creation-in-progress-template.txt | |
+++ b/console/templates/account-creation-in-progress-template.txt | |
@@ -5,4 +5,4 @@ Your request for a new account will be processed very soon. | |
Your login is: {uid} | |
--- | |
-Sent by geOrchestra (https://georchestra.mydomain.org) | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/ldapadmin/templates/account-uid-renamed.txt b/console/templates/account-uid-renamed.txt | |
similarity index 73% | |
rename from ldapadmin/templates/account-uid-renamed.txt | |
rename to console/templates/account-uid-renamed.txt | |
index 1bf8731..0f614ad 100644 | |
--- a/ldapadmin/templates/account-uid-renamed.txt | |
+++ b/console/templates/account-uid-renamed.txt | |
@@ -6,4 +6,4 @@ geOrchestra platform has been modified. | |
Your new login is now: {uid} | |
--- | |
-Sent by geOrchestra (https://georchestra.mydomain.org/) | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/ldapadmin/templates/changepassword-email-template.txt b/console/templates/changepassword-email-template.txt | |
similarity index 64% | |
rename from ldapadmin/templates/changepassword-email-template.txt | |
rename to console/templates/changepassword-email-template.txt | |
index ac09d91..809de62 100644 | |
--- a/ldapadmin/templates/changepassword-email-template.txt | |
+++ b/console/templates/changepassword-email-template.txt | |
@@ -1,6 +1,6 @@ | |
Dear {name}, | |
-You (or someone else) asked to reset your password on https://georchestra.mydomain.org/. | |
+You (or someone else) asked to reset your password on {publicUrl}/. | |
If you did not request any password update, just ignore this e-mail, you're safe. | |
To set a new password for your user ({uid}), go to {url}. | |
@@ -9,4 +9,4 @@ You will then be able to connect to the platform. | |
Caution: this e-mail is personal, don't forward it. | |
--- | |
-Sent by geOrchestra (https://georchestra.mydomain.org/) | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/console/templates/newaccount-notification-template.txt b/console/templates/newaccount-notification-template.txt | |
new file mode 100644 | |
index 0000000..e4250b3 | |
--- /dev/null | |
+++ b/console/templates/newaccount-notification-template.txt | |
@@ -0,0 +1,10 @@ | |
+Dear admin, | |
+ | |
+A new user signed up on {publicUrl}/ ! | |
+ | |
+User name: {name} | |
+User email: {email} | |
+User ID: {uid} | |
+ | |
+--- | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/console/templates/newaccount-requires-moderation-template.txt b/console/templates/newaccount-requires-moderation-template.txt | |
new file mode 100644 | |
index 0000000..8deeeff | |
--- /dev/null | |
+++ b/console/templates/newaccount-requires-moderation-template.txt | |
@@ -0,0 +1,11 @@ | |
+Dear admin, | |
+ | |
+A new account has been created on {publicUrl}/ and is waiting for validation. | |
+ | |
+User name: {name} | |
+User ID: {uid} | |
+ | |
+Visit {publicUrl}/console/manager/#/roles/PENDING/users to review the pending users. | |
+ | |
+--- | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/console/templates/newaccount-was-created-template.txt b/console/templates/newaccount-was-created-template.txt | |
new file mode 100644 | |
index 0000000..b0de399 | |
--- /dev/null | |
+++ b/console/templates/newaccount-was-created-template.txt | |
@@ -0,0 +1,10 @@ | |
+Dear {name}, | |
+ | |
+Your account on {publicUrl}/ has been successfully created ! | |
+Visit {publicUrl}/cas/login to login with your identifier "{uid}" and your password. | |
+ | |
+Have fun with geOrchestra, | |
+ | |
+Your platform administrator | |
+--- | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/default.properties b/default.properties | |
new file mode 100644 | |
index 0000000..f5c9409 | |
--- /dev/null | |
+++ b/default.properties | |
@@ -0,0 +1,9 @@ | |
+# This file holds some property shared across all geOrchestra webapps | |
+ | |
+# Public URL of this geOrchestra instance | |
+# URL must not include the trailing slash | |
+publicUrl=https://georchestra.mydomain.org | |
+ | |
+# Configure Header | |
+headerHeight=90 | |
+headerUrl=/header/ | |
diff --git a/extractorapp/extractorapp.properties b/extractorapp/extractorapp.properties | |
index 7c129a7..4855520 100644 | |
--- a/extractorapp/extractorapp.properties | |
+++ b/extractorapp/extractorapp.properties | |
@@ -1,12 +1,5 @@ | |
-instance=georchestra | |
language=en | |
-# The base url of the extractorapp as accessible from outside the intranet | |
-servletUrl=https://georchestra.mydomain.org/extractorapp | |
- | |
-# Hostname of the geoserver that is secured for geOrchestra. | |
-secureHost=georchestra.mydomain.org | |
- | |
# Email properties | |
smtpHost=localhost | |
smtpPort=25 | |
@@ -18,7 +11,7 @@ privileged_admin_name=geoserver_privileged_user | |
privileged_admin_pass=gerlsSnFd6SmM | |
# Link to DB to store extraction statistics in 'extractorapp' schema | |
-jdbcurl=jdbc:postgresql://localhost:5432/georchestra?user=www-data&password=www-data | |
+jdbcurl=jdbc:postgresql://localhost:5432/georchestra?user=georchestra&password=georchestra | |
# max extraction size in pixels | |
maxCoverageExtractionSize=99999999 | |
diff --git a/extractorapp/js/GEOR_custom.js b/extractorapp/js/GEOR_custom.js | |
deleted file mode 100644 | |
index bb310be..0000000 | |
--- a/extractorapp/js/GEOR_custom.js | |
+++ /dev/null | |
@@ -1,317 +0,0 @@ | |
-/** | |
- * Sample geOrchestra extractor config file | |
- * | |
- * Instructions: uncomment lines you wish to modify and | |
- * modify the corresponding values to suit your needs. | |
- */ | |
-Ext.namespace("GEOR"); | |
- | |
-GEOR.custom = { | |
- | |
- /** | |
- * Constant: HEADER_HEIGHT | |
- * Integer value representing the header height, as set in the shared maven filters | |
- * Defaults to 90 | |
- */ | |
- HEADER_HEIGHT: 90, | |
- | |
- /** | |
- * Constant: PDF_URL | |
- * String: the URL to the downloaded data Terms Of Use | |
- * Defaults to /header/cgu.pdf (see shared.download_form.pdf_url var in shared.maven.filters file) | |
- */ | |
- PDF_URL: "/header/cgu.pdf", | |
- | |
- /***** Beginning of config options which can be set in this file *****/ | |
- | |
- /** | |
- * Constant: SUPPORTED_RASTER_FORMATS | |
- * List of supported raster formats. | |
- * Defaults to GeoTiff & Tiff | |
- * | |
- SUPPORTED_RASTER_FORMATS: [ | |
- ["geotiff", "GeoTiff"], | |
- ["tiff", "Tif + TFW"] | |
- ],*/ | |
- | |
- /** | |
- * Constant: SUPPORTED_VECTOR_FORMATS | |
- * List of supported vector formats. | |
- * Defaults to SHP, MIF/MID, TAB, KML | |
- * | |
- SUPPORTED_VECTOR_FORMATS: [ | |
- ["shp", "Shapefile"], | |
- ["mif", "Mif/Mid"], | |
- ["tab", "TAB"], | |
- ["kml", "KML"] | |
- ],*/ | |
- | |
- /** | |
- * Constant: SUPPORTED_RESOLUTIONS | |
- * List of supported resolutions. | |
- * Defaults to 0.2 0.5 1 2 5 10 meters | |
- * | |
- SUPPORTED_RESOLUTIONS: [ | |
- ["0.2", "0.2"], | |
- ["0.5", "0.5"], | |
- ["1", "1"], | |
- ["2", "2"], | |
- ["5", "5"], | |
- ["10", "10"] | |
- ],*/ | |
- | |
- /** | |
- * Constant: DEFAULT_RESOLUTION | |
- * Defaults to 10 meters | |
- * Please read https://github.com/georchestra/georchestra/issues/726 | |
- * | |
- DEFAULT_RESOLUTION: 10,*/ | |
- | |
- /** | |
- * Constant: GEOSERVER_WMS_URL | |
- * The URL to GeoServer WMS. | |
- */ | |
- GEOSERVER_WMS_URL: "/geoserver/wms", | |
- | |
- /** | |
- * Constant: GEOSERVER_WFS_URL | |
- * The URL to GeoServer WFS. | |
- */ | |
- //GEOSERVER_WFS_URL: "/geoserver/wfs", | |
- | |
- /** | |
- * Constant: MAX_FEATURES | |
- * The maximum number of vector features displayed. | |
- */ | |
- //MAX_FEATURES: 500, | |
- | |
- /** | |
- * Constant: MAX_LENGTH | |
- * The maximum number of chars in a XML response | |
- * before triggering an alert. | |
- */ | |
- //MAX_LENGTH: 500000, | |
- | |
- /** | |
- * Constant: MAP_DOTS_PER_INCH | |
- * {Float} Sets the resolution used for scale computation. | |
- * Defaults to 1000 / 39.37 / 0.28 | |
- * see https://github.com/georchestra/georchestra/issues/736 | |
- */ | |
- //MAP_DOTS_PER_INCH: 1000 / 39.37 / 0.28, | |
- | |
- /** | |
- * Constant: GLOBAL_EPSG | |
- * SRS of the map used to select the global extraction parameters | |
- */ | |
- //GLOBAL_EPSG: "EPSG:4326", | |
- | |
- /** | |
- * Constant: MAP_XMIN aka "left" | |
- * {Float} The max extent xmin in GLOBAL_EPSG coordinates. | |
- * Defaults to -180 | |
- */ | |
- //MAP_XMIN: -180, | |
- | |
- /** | |
- * Constant: MAP_YMIN aka "bottom" | |
- * {Float} The max extent ymin in GLOBAL_EPSG coordinates. | |
- * Defaults to -90 | |
- */ | |
- //MAP_YMIN: -90, | |
- | |
- /** | |
- * Constant: MAP_XMAX aka "right" | |
- * {Float} The max extent xmax in GLOBAL_EPSG coordinates. | |
- * Defaults to 180 | |
- */ | |
- //MAP_XMAX: 180, | |
- | |
- /** | |
- * Constant: MAP_YSMAX aka "top" | |
- * {Float} The max extent ymax in GLOBAL_EPSG coordinates | |
- * Defaults to 90 | |
- */ | |
- //MAP_YMAX: 90, | |
- | |
- /** | |
- * Constant: BASE_LAYER_NAME | |
- * The WMS base layer which will be displayed under each extracted layer. | |
- * Defaults to "geor:countries" | |
- */ | |
- BASE_LAYER_NAME: "geor:countries", | |
- | |
- /** | |
- * Constant: NS_LOC | |
- * {String} The referentials layers' namespace alias as defined in | |
- * the GeoServer configuration. | |
- * Defaults to "geor_loc" | |
- */ | |
- //NS_LOC: "geor_loc", | |
- | |
- /** | |
- * Constant: DEFAULT_WCS_EXTRACTION_WIDTH | |
- * Default width of the extracted image from WCS. This constant | |
- * is to be used to calculate the default resolution of WCS. | |
- * Defaults to 1024 | |
- * | |
- * FIXME: not sure it is really useful. | |
- * | |
- */ | |
- //DEFAULT_WCS_EXTRACTION_WIDTH: 1024, | |
- | |
- /** | |
- * Constant: SUPPORTED_REPROJECTIONS | |
- * List of projections that extractor supports for reprojection | |
- */ | |
- /*SUPPORTED_REPROJECTIONS: [ | |
- ["EPSG:4326", "EPSG:4326 - WGS84"], | |
- ["EPSG:3857", "Spherical Mercator"] | |
- ],*/ | |
- | |
- /** | |
- * Constant: METRIC_MAP_SCALES | |
- * {Array} The map scales for the case where the SRS is metric. | |
- * Defaults to null, which means scales will be automatically computed | |
- * | |
- METRIC_MAP_SCALES: [ | |
- 266.5911979812228585, | |
- 533.1823959624461134, | |
- 1066.3647919248918304, | |
- 2132.7295838497840572, | |
- 4265.4591676995681144, | |
- 8530.9183353991362289, | |
- 17061.8366707982724577, | |
- 34123.6733415965449154, | |
- 68247.3466831930771477, | |
- 136494.6933663861796617, | |
- 272989.3867327723085907, | |
- 545978.7734655447186469, | |
- 1091957.5469310886252288, | |
- 2183915.0938621788745877, | |
- 4367830.1877243577491754, | |
- 8735660.3754487154983508, | |
- 17471320.7508974309967016, | |
- 34942641.5017948619934032, | |
- 69885283.0035897239868063, | |
- 139770566.0071793960087234, | |
- 279541132.0143588959472254, | |
- 559082264.0287178958533332 | |
- ],*/ | |
- | |
- /** | |
- * Constant: GEOGRAPHIC_MAP_SCALES | |
- * {Array} The map scales for the case where the SRS is based on angles. | |
- * Defaults to null, which means scales will be automatically computed | |
- */ | |
- //GEOGRAPHIC_MAP_SCALES: null, | |
- | |
- /** | |
- * Constant: MAP_POS_SRS1 | |
- * {String} The cursor position will be displayed using this SRS. | |
- * Defaults to "EPSG:4326" | |
- */ | |
- //MAP_POS_SRS1: "EPSG:4326", | |
- | |
- /** | |
- * Constant: MAP_POS_SRS2 | |
- * {String} The cursor position will be displayed using this SRS. | |
- * Defaults to "" | |
- */ | |
- //MAP_POS_SRS2: "", | |
- | |
- /** | |
- * Constant: EXTRACT_BTN_DISABLE_TIME | |
- * Duration in seconds for the extract button being disabled after an extraction | |
- * Defaults to 30 | |
- */ | |
- //EXTRACT_BTN_DISABLE_TIME: 30, | |
- | |
- /** | |
- * Constant: LAYERS_CHECKED | |
- * Layers checked by default or not ? | |
- * Defaults to true | |
- */ | |
- //LAYERS_CHECKED: true, | |
- | |
- /** | |
- * Constant: BUFFER_VALUES | |
- * {Array} Array of buffer values with their display name | |
- */ | |
- /*BUFFER_VALUES: [ | |
- [0, "None"], | |
- [10, "BUFFER meters"], | |
- [50, "BUFFER meters"], | |
- [100, "BUFFER meters"], | |
- [500, "BUFFER meters"], | |
- [1000, "BUFFER kilometer"], | |
- [5000, "BUFFER kilometers"], | |
- [10000, "BUFFER kilometers"] | |
- ],*/ | |
- | |
- /** | |
- * Constant: DEFAULT_BUFFER_VALUE | |
- * Default buffer value in meters. | |
- * Valid values are those from BUFFER_VALUES | |
- * Defaults to 0 | |
- */ | |
- //DEFAULT_BUFFER_VALUE: 0, | |
- | |
- /** | |
- * Constant: STARTUP_LAYERS | |
- * {Array} OGC layers loaded at startup if none are sent | |
- */ | |
- STARTUP_LAYERS: [/* | |
- { | |
- owstype: "WMS", | |
- owsurl: "https://my.server.org/geoserver/wms", | |
- layername: "gshhs:GSHHS_l_L2" | |
- }*/ | |
- ], | |
- | |
- /** | |
- * Constant: STARTUP_SERVICES | |
- * {Array} OGC services loaded at startup if none are sent | |
- */ | |
- STARTUP_SERVICES: [ | |
- { | |
- text: "Local OGC service", | |
- owstype: "WMS", | |
- owsurl: "/geoserver/wms" | |
- } | |
- ] | |
- | |
- /** | |
- * Constant: SPLASH_SCREEN | |
- * {String} The message to display on extractorapp startup | |
- * Defaults to null, which means no message will be displayed | |
- * | |
- ,SPLASH_SCREEN: [ | |
- "Afin d'utiliser au mieux la fonctionnalité d'extraction en ligne, nous vous ", | |
- "invitons à respecter les conseils suivants : ", | |
- "<br/><br/>", | |
- "Pour les données <b>image</b> : ", | |
- "La taille maximale pour une extraction de l'orthophotographie à 50cm est d'environ 9 Km². ", | |
- "Au-delà, l'extraction risque de ne pas aboutir. ", | |
- "<br/>", | |
- "Le format ECW est limité à des fichiers de 500 Mo maximum. ", | |
- "Privilégiez plutôt les formats JPEG 2000 ou TIF. ", | |
- "<br/><br/>", | |
- "Pour les données <b>vecteur</b> : ", | |
- "Les couches comportant un trop grand nombre d'objets (~ million) ", | |
- "ne pourront pas être extraites. ", | |
- "<br/><br/>", | |
- "Si vous ne parvenez pas à extraire une couche à l'aide de l'extracteur en ", | |
- "ligne, <a href=\"mailto:psc@georchestra.org\">prenez contact</a> avec l'administrateur."].join(""), | |
- */ | |
- | |
- /** | |
- * Constant: HELP_URL | |
- * {String} URL of the help ressource. | |
- * Defaults to "https://cms.geobretagne.fr/etiquettes/tutoriels" | |
- * | |
- ,HELP_URL: "https://cms.geobretagne.fr/etiquettes/tutoriels" | |
- */ | |
- | |
- // No trailing comma for the last line (or IE will complain) | |
-}; | |
diff --git a/extractorapp/templates/extractor-email-ack-template.tpl b/extractorapp/templates/extractor-email-ack-template.tpl | |
index abd16c9..ff61099 100644 | |
--- a/extractorapp/templates/extractor-email-ack-template.tpl | |
+++ b/extractorapp/templates/extractor-email-ack-template.tpl | |
@@ -5,4 +5,4 @@ If you have not requested an extraction, please just ignore this message. | |
This e-mail is sent automatically, any answer will be ignored. | |
--- | |
-Sent by geOrchestra (https://georchestra.mydomain.org/) | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/extractorapp/templates/extractor-email-template.tpl b/extractorapp/templates/extractor-email-template.tpl | |
index 5c0a1f1..3d13174 100644 | |
--- a/extractorapp/templates/extractor-email-template.tpl | |
+++ b/extractorapp/templates/extractor-email-template.tpl | |
@@ -13,4 +13,4 @@ Your extraction can be downloaded during {expiry} days at the following address: | |
For more information, please contact your SDI administrator | |
--- | |
-Sent by geOrchestra (https://georchestra.mydomain.org/) | |
+Sent by geOrchestra ({publicUrl}/) | |
diff --git a/geonetwork/config/config-security-georchestra.xml b/geonetwork/config/config-security-georchestra.xml | |
index e8cd57e..9daf092 100644 | |
--- a/geonetwork/config/config-security-georchestra.xml | |
+++ b/geonetwork/config/config-security-georchestra.xml | |
@@ -86,13 +86,13 @@ | |
</map> | |
</property> | |
<property name="importPrivilegesFromLdap" value="${ldap.privilege.import}"/> | |
- <property name="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.groups}"/> | |
+ <property name="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.roles}"/> | |
<property name="createNonExistingLdapUser" value="${ldap.privilege.create.nonexisting.users}"/> | |
<property name="ldapManager" ref="ldapUserDetailsService"/> | |
- <property name="groupAttribute" value="${ldap.privilege.search.group.attribute}"/> | |
- <property name="groupObject" value="${ldap.privilege.search.group.object}"/> | |
- <property name="groupQuery" value="${ldap.privilege.search.group.query}"/> | |
- <property name="groupQueryPattern" value="${ldap.privilege.search.group.pattern}"/> | |
+ <property name="groupAttribute" value="${ldap.privilege.search.role.attribute}"/> | |
+ <property name="groupObject" value="${ldap.privilege.search.role.object}"/> | |
+ <property name="groupQuery" value="${ldap.privilege.search.role.query}"/> | |
+ <property name="groupQueryPattern" value="${ldap.privilege.search.privilege.pattern}"/> | |
<property name="privilegeAttribute" value="${ldap.privilege.search.privilege.attribute}"/> | |
<property name="privilegeObject" value="${ldap.privilege.search.privilege.object}"/> | |
<property name="privilegeQuery" value="${ldap.privilege.search.privilege.query}"/> | |
@@ -107,11 +107,11 @@ | |
<entry key="ldapUserSearchBase" value="${ldap.sync.user.search.base}"/> | |
<entry key="ldapUserSearchFilter" value="${ldap.sync.user.search.filter}"/> | |
<entry key="ldapUserSearchAttribute" value="${ldap.sync.user.search.attribute}"/> | |
- <entry key="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.groups}"/> | |
- <entry key="ldapGroupSearchBase" value="${ldap.sync.group.search.base}"/> | |
- <entry key="ldapGroupSearchFilter" value="${ldap.sync.group.search.filter}"/> | |
- <entry key="ldapGroupSearchAttribute" value="${ldap.sync.group.search.attribute}"/> | |
- <entry key="ldapGroupSearchPattern" value="${ldap.sync.group.search.pattern}"/> | |
+ <entry key="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.roles}"/> | |
+ <entry key="ldapGroupSearchBase" value="${ldap.sync.role.search.base}"/> | |
+ <entry key="ldapGroupSearchFilter" value="${ldap.sync.role.search.filter}"/> | |
+ <entry key="ldapGroupSearchAttribute" value="${ldap.sync.role.search.attribute}"/> | |
+ <entry key="ldapGroupSearchPattern" value="${ldap.sync.role.search.pattern}"/> | |
</map> | |
</property> | |
</bean> | |
@@ -132,9 +132,9 @@ | |
</bean> | |
<bean id="ldapUserDetailsService" class="org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager"> | |
<constructor-arg ref="contextSource"/> | |
- <constructor-arg name="groupMemberAttributeName" value="${ldap.privilege.search.group.queryprop}"/> | |
- <constructor-arg name="query" value="${ldap.privilege.search.group.query}"/> | |
- <property name="groupSearchBase" value="${ldap.privilege.search.group.object}"/> | |
+ <constructor-arg name="groupMemberAttributeName" value="${ldap.privilege.search.role.queryprop}"/> | |
+ <constructor-arg name="query" value="${ldap.privilege.search.role.query}"/> | |
+ <property name="groupSearchBase" value="${ldap.privilege.search.role.object}"/> | |
<property name="usernameMapper" ref="usernameMapper"/> | |
<property name="userDetailsMapper" ref="ldapUserContextMapper"/> | |
</bean> | |
@@ -142,4 +142,11 @@ | |
<constructor-arg index="0" type="java.lang.String" name="userDnBase" value="${ldap.base.search.base}"/> | |
<constructor-arg index="1" type="java.lang.String" name="usernameAttribute" value="${ldap.sync.user.search.attribute}"/> | |
</bean> | |
+ | |
+ <!-- redirect to cas when need to be logged in --> | |
+ <bean id="authenticationEntryPoint" | |
+ class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> | |
+ <constructor-arg index="0" value="/?login" /> | |
+ </bean> | |
+ | |
</beans> | |
diff --git a/geonetwork/geonetwork.properties b/geonetwork/geonetwork.properties | |
index 6ced624..c248d50 100644 | |
--- a/geonetwork/geonetwork.properties | |
+++ b/geonetwork/geonetwork.properties | |
@@ -18,7 +18,7 @@ jdbc.port=5432 | |
jdbc.database=georchestra | |
jdbc.schema=geonetwork | |
jdbc.username=geonetwork | |
-jdbc.password=www-data | |
+jdbc.password=georchestra | |
jdbc.basic.maxActive=33 | |
jdbc.basic.maxWait=200 | |
@@ -34,21 +34,23 @@ ldap.base.dn.pattern=uid={0} | |
ldap.sync.user.search.base=ou=users | |
ldap.sync.user.search.filter=(&(objectClass=*)(mail=*@*)(givenName=*)) | |
ldap.sync.user.search.attribute=uid | |
-ldap.privilege.create.nonexisting.groups=true | |
+ldap.privilege.create.nonexisting.roles=true | |
ldap.privilege.create.nonexisting.users=true | |
-ldap.sync.group.search.base=ou=roles | |
-ldap.sync.group.search.filter=(&(objectClass=groupOfMembers)(cn=EL_*)) | |
-ldap.sync.group.search.attribute=cn | |
-ldap.sync.group.search.pattern=EL_(.*) | |
+ldap.sync.role.search.base=ou=roles | |
+ldap.sync.role.search.filter=(&(objectClass=groupOfMembers)(cn=EL_*)) | |
+ldap.sync.role.search.attribute=cn | |
+ldap.sync.role.search.pattern=EL_(.*) | |
ldap.sync.cron=0 * * * * ? | |
ldap.sync.startDelay=60000 | |
ldap.privilege.import=true | |
-ldap.privilege.search.group.queryprop=member | |
-ldap.privilege.search.group.query=(&(objectClass=groupOfMembers)(member=uid={0},${ldap.base.search.base},${ldap.base.dn})(cn=EL_*)) | |
-ldap.privilege.search.group.object=ou=roles | |
+ldap.privilege.search.role.queryprop=member | |
+ldap.privilege.search.role.query=(&(objectClass=groupOfMembers)(member=uid={0},${ldap.base.search.base},${ldap.base.dn})(cn=EL_*)) | |
+ldap.privilege.search.role.object=ou=roles | |
ldap.base.search.base=ou=users | |
ldap.privilege.search.privilege.pattern=GN_(.*) | |
ldap.privilege.search.privilege.query=(&(objectClass=groupOfMembers)(member=uid={0},${ldap.base.search.base},${ldap.base.dn})) | |
ldap.privilege.search.privilege.object=ou=roles | |
+ldap.privilege.search.privilege.attribute=cn | |
+ldap.privilege.search.role.attribute=cn | |
diff --git a/geowebcache/geowebcache.properties b/geowebcache/geowebcache.properties | |
index c801abc..eee89f4 100644 | |
--- a/geowebcache/geowebcache.properties | |
+++ b/geowebcache/geowebcache.properties | |
@@ -1,4 +1,3 @@ | |
-baseUrl=https://georchestra.mydomain.org | |
contextPath=/geowebcache | |
instance.name=geOrchestra | |
diff --git a/header/header.properties b/header/header.properties | |
index 1666acf..0d97d7e 100644 | |
--- a/header/header.properties | |
+++ b/header/header.properties | |
@@ -1,2 +1,2 @@ | |
language=en | |
-ldapadminPublicContextPath=/ldapadmin | |
+consolePublicContextPath=/console | |
diff --git a/ldapadmin/protectedgroups.properties b/ldapadmin/protectedgroups.properties | |
deleted file mode 100644 | |
index 48df289..0000000 | |
--- a/ldapadmin/protectedgroups.properties | |
+++ /dev/null | |
@@ -1,2 +0,0 @@ | |
-# protected groups list separated by comma. Case sensitive. Reg ex is allowed | |
-protectedGroupsList=ADMINISTRATOR,PENDING,USER,GN_.*,MOD_.* | |
diff --git a/ldapadmin/templates/newaccount-requires-moderation-template.txt b/ldapadmin/templates/newaccount-requires-moderation-template.txt | |
deleted file mode 100644 | |
index cc95c2a..0000000 | |
--- a/ldapadmin/templates/newaccount-requires-moderation-template.txt | |
+++ /dev/null | |
@@ -1,11 +0,0 @@ | |
-Dear admin, | |
- | |
-A new account has been created on https://georchestra.mydomain.org/ and is waiting for validation. | |
- | |
-User name: {name} | |
-User ID: {uid} | |
- | |
-Visit https://georchestra.mydomain.org/ldapadmin/console/#/groups/PENDING/users to review the pending users. | |
- | |
---- | |
-Sent by geOrchestra (https://georchestra.mydomain.org) | |
diff --git a/ldapadmin/templates/newaccount-was-created-template.txt b/ldapadmin/templates/newaccount-was-created-template.txt | |
deleted file mode 100644 | |
index 6b5dd0d..0000000 | |
--- a/ldapadmin/templates/newaccount-was-created-template.txt | |
+++ /dev/null | |
@@ -1,10 +0,0 @@ | |
-Dear {name}, | |
- | |
-Your account on https://georchestra.mydomain.org/ has been successfully created ! | |
-Visit https://georchestra.mydomain.org/cas/login to login with your identifier "{uid}" and your password. | |
- | |
-Have fun with geOrchestra, | |
- | |
-Your platform administrator | |
---- | |
-Sent by geOrchestra (https://georchestra.mydomain.org/) | |
diff --git a/mapfishapp/js/GEOR_custom.js b/mapfishapp/js/GEOR_custom.js | |
index eda6bcf..26ab0a4 100644 | |
--- a/mapfishapp/js/GEOR_custom.js | |
+++ b/mapfishapp/js/GEOR_custom.js | |
@@ -10,13 +10,6 @@ Ext.namespace("GEOR"); | |
GEOR.custom = { | |
- /** | |
- * Constant: HEADER_HEIGHT | |
- * Integer value representing the header height, as set in the shared maven filters | |
- * Defaults to 90 | |
- */ | |
- HEADER_HEIGHT: 90, | |
- | |
/** | |
* Constant: DEFAULT_WMC | |
* The relative path to the default context. | |
diff --git a/mapfishapp/mapfishapp.properties b/mapfishapp/mapfishapp.properties | |
index 30f6a05..0f47ac7 100644 | |
--- a/mapfishapp/mapfishapp.properties | |
+++ b/mapfishapp/mapfishapp.properties | |
@@ -3,6 +3,6 @@ instance=geOrchestra | |
language=en | |
-jdbcUrl=jdbc:postgresql://localhost:5432/georchestra?user=www-data&password=www-data | |
+jdbcUrl=jdbc:postgresql://localhost:5432/georchestra?user=georchestra&password=georchestra | |
docTempDir=/tmp | |
diff --git a/mapfishapp/wfs.servers.json b/mapfishapp/wfs.servers.json | |
index 96e1f84..ae22197 100644 | |
--- a/mapfishapp/wfs.servers.json | |
+++ b/mapfishapp/wfs.servers.json | |
@@ -2,7 +2,7 @@ | |
"servers": [ | |
{ | |
"name": "Local WFS service", | |
- "url": "/geoserver/wfs" | |
+ "url": "https://georchestra.mydomain.org/geoserver/wfs" | |
}, | |
{ | |
"name": "GéoBretagne", | |
diff --git a/mapfishapp/wms.servers.json b/mapfishapp/wms.servers.json | |
index 355100b..a177a45 100644 | |
--- a/mapfishapp/wms.servers.json | |
+++ b/mapfishapp/wms.servers.json | |
@@ -2,7 +2,7 @@ | |
"servers": [ | |
{ | |
"name": "Local WMS service", | |
- "url": "/geoserver/wms" | |
+ "url": "https://georchestra.mydomain.org/geoserver/wms" | |
}, | |
{ | |
"name": "GeoBretagne cadastre - regional SDI", | |
diff --git a/mapfishapp/wmts.servers.json b/mapfishapp/wmts.servers.json | |
index a02c19b..a5f49c6 100644 | |
--- a/mapfishapp/wmts.servers.json | |
+++ b/mapfishapp/wmts.servers.json | |
@@ -2,7 +2,7 @@ | |
"servers": [ | |
{ | |
"name": "Local WMTS service", | |
- "url": "/geoserver/gwc/service/wmts" | |
+ "url": "https://georchestra.mydomain.org/geoserver/gwc/service/wmts" | |
}, | |
{ | |
"name": "GéoBretagne OSM", | |
@@ -12,6 +12,10 @@ | |
"name": "GéoBretagne rasters", | |
"url": "https://tile.geobretagne.fr/gwc02/service/wmts" | |
}, | |
+ { | |
+ "name": "GéoPicardie OSM", | |
+ "url": "https://osm.geopicardie.fr/mapproxy/service" | |
+ }, | |
{ | |
"name": "IGN GéoPortail", | |
"url": "https://wxs.ign.fr/opbnnt8s6esy6680ptjfqmwo/geoportail/wmts" | |
diff --git a/security-proxy/log4j/log4j.properties b/security-proxy/log4j/log4j.properties | |
index 105c828..88e43c1 100644 | |
--- a/security-proxy/log4j/log4j.properties | |
+++ b/security-proxy/log4j/log4j.properties | |
@@ -6,6 +6,7 @@ log4j.logger.org.georchestra.security.statistics=INFO, OGCSTATISTICS | |
log4j.logger.OGCServiceMessageFormatter=INFO | |
log4j.logger.org.springframework=INFO | |
+log4j.logger.org.springframework.security=INFO | |
log4j.logger.org.jasig=INFO | |
log4j.appender.R = org.apache.log4j.rolling.RollingFileAppender | |
@@ -25,5 +26,5 @@ log4j.appender.R.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] % | |
log4j.appender.OGCSTATISTICS=org.georchestra.ogcservstatistics.log4j.OGCServicesAppender | |
log4j.appender.OGCSTATISTICS.activated=true | |
log4j.appender.OGCSTATISTICS.jdbcURL=jdbc:postgresql://localhost:5432/georchestra | |
-log4j.appender.OGCSTATISTICS.databaseUser=www-data | |
-log4j.appender.OGCSTATISTICS.databasePassword=www-data | |
+log4j.appender.OGCSTATISTICS.databaseUser=georchestra | |
+log4j.appender.OGCSTATISTICS.databasePassword=georchestra | |
diff --git a/security-proxy/security-mappings.xml b/security-proxy/security-mappings.xml | |
index 877c4e1..0410cec 100644 | |
--- a/security-proxy/security-mappings.xml | |
+++ b/security-proxy/security-mappings.xml | |
@@ -1,25 +1,24 @@ | |
<http> | |
- <intercept-url pattern=".*\?.*login.*" access="ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR" /> | |
- <intercept-url pattern=".*\?.*casLogin.*" access="ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR" /> | |
+ <intercept-url pattern="/cas/login.*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> | |
+ <intercept-url pattern=".*\?.*login.*" access="ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR,ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
<intercept-url pattern="/extractorapp/admin.*" access="ROLE_ADMINISTRATOR" /> | |
<intercept-url pattern="/extractorapp/jobs/.*" access="ROLE_ADMINISTRATOR" /> | |
- <intercept-url pattern="/extractorapp/.*" access="ROLE_MOD_EXTRACTORAPP" /> | |
+ <intercept-url pattern="/extractorapp/.*" access="ROLE_EXTRACTORAPP" /> | |
<intercept-url pattern="/geofence/.*" access="ROLE_ADMINISTRATOR" /> | |
- <intercept-url pattern="/analytics/.*" access="ROLE_MOD_ANALYTICS" /> | |
- <intercept-url pattern="/ldapadmin/private/.*" access="ROLE_MOD_LDAPADMIN" /> | |
- <!-- this path is used by ws that return configuration for map that allow selection of areas (/ldapadmin/public/orgs/areaConfig.json) --> | |
- <intercept-url pattern="/ldapadmin/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> | |
- <intercept-url pattern="/ldapadmin/console/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> | |
- <intercept-url pattern="/ldapadmin/console/.*" access="ROLE_MOD_LDAPADMIN" /> | |
- <intercept-url pattern="/ldapadmin/account/userdetails" access="IS_AUTHENTICATED_FULLY" /> | |
- <intercept-url pattern="/ldapadmin/account/changePassword" access="IS_AUTHENTICATED_FULLY" /> | |
- <intercept-url pattern="/ldapadmin/.*/emails" access="ROLE_MOD_LDAPADMIN" /> | |
- <intercept-url pattern="/ldapadmin/.*/sendEmail" access="ROLE_MOD_LDAPADMIN" /> | |
- <intercept-url pattern="/ldapadmin/attachments" access="ROLE_MOD_LDAPADMIN" /> | |
- <intercept-url pattern="/ldapadmin/emailTemplates" access="ROLE_MOD_LDAPADMIN" /> | |
- <intercept-url pattern="/ldapadmin/emailProxy" access="ROLE_MOD_EMAILPROXY" /> | |
+ <intercept-url pattern="/analytics/.*" access="ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
+ <intercept-url pattern="/console/private/.*" access="ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
+ <!-- this path is used by ws that return configuration for map that allow selection of areas (/console/public/orgs/areaConfig.json) --> | |
+ <intercept-url pattern="/console/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> | |
+ <intercept-url pattern="/console/manager/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> | |
+ <intercept-url pattern="/console/manager/.*" access="ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
+ <intercept-url pattern="/console/account/userdetails" access="IS_AUTHENTICATED_FULLY" /> | |
+ <intercept-url pattern="/console/account/changePassword" access="IS_AUTHENTICATED_FULLY" /> | |
+ <intercept-url pattern="/console/.*/emails" access="ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
+ <intercept-url pattern="/console/.*/sendEmail" access="ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
+ <intercept-url pattern="/console/attachments" access="ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
+ <intercept-url pattern="/console/emailTemplates" access="ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
+ <intercept-url pattern="/console/emailProxy" access="ROLE_EMAILPROXY" /> | |
<intercept-url pattern="/testPage" access="IS_AUTHENTICATED_FULLY" /> | |
<intercept-url pattern=".*/ogcproxy/.*" access="ROLE_NO_ONE" /> | |
- <intercept-url pattern=".*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR" /> | |
+ <intercept-url pattern=".*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR,ROLE_SUPERUSER,ROLE_ORGADMIN" /> | |
</http> | |
- | |
diff --git a/security-proxy/security-proxy.properties b/security-proxy/security-proxy.properties | |
index 498f161..418043c 100644 | |
--- a/security-proxy/security-proxy.properties | |
+++ b/security-proxy/security-proxy.properties | |
@@ -1,5 +1,5 @@ | |
# ------ proxy-servlet.xml --------- | |
-public.host=https://georchestra.mydomain.org/ | |
+public.host=${publicUrl} | |
# default timeout : 20min should be enough to handle big extraction (~ 4x10^9 pixels) | |
http_client_timeout=1200000 | |
@@ -7,13 +7,13 @@ http_client_timeout=1200000 | |
anonymousRole=ROLE_ANONYMOUS | |
proxy.contextPath=/sec | |
# url called when user has logged out | |
-logout-success-url=https://georchestra.mydomain.org/cas/logout?fromgeorchestra | |
+logout-success-url=${publicUrl}/cas/logout?fromgeorchestra | |
# url where the user can login | |
-casLoginUrl=https://georchestra.mydomain.org/cas/login | |
+casLoginUrl=${publicUrl}/cas/login | |
# url that the security system uses to validate the cas tickets | |
-casTicketValidation=https://georchestra.mydomain.org/cas | |
+casTicketValidation=${publicUrl}/cas | |
# After going to the cas login cas forwards to this URL where the authorities and permissions are checked | |
-proxyCallback=https://georchestra.mydomain.org/j_spring_cas_security_check | |
+proxyCallback=${publicUrl}/login/cas | |
# list of trusted proxy, all request from listed server will be trusted and will bypass security | |
trustedProxy=127.0.0.1, localhost | |
# the ldap url | |
@@ -22,7 +22,7 @@ baseDN=dc=georchestra,dc=org | |
# The base DN from where to search for the logged in user. This mostly to verify the user exists | |
userSearchBaseDN=ou=users | |
# The base DN from where to search for organization. Use to fill sec-org http header | |
-orgsSearchBaseDN=ou=orgs | |
+orgSearchBaseDN=ou=orgs | |
# the second part of looking up the user | |
userSearchFilter=(uid={0}) | |
# The base DN to use for looking up the roles/groups/authorities of the logged in user. Normally the ldap is configured like: | |
@@ -32,11 +32,11 @@ userSearchFilter=(uid={0}) | |
# | |
# ou can be cn, ou, or some other option. member is often uniquemember as well. | |
authoritiesBaseDN=ou=roles | |
-# The attribute of the group which is the rolename | |
-groupRoleAttribute=cn | |
-# the search filter that selects the groups that the user is part of. | |
-# If a match is found the containing object is one of the groups the user is part of | |
-groupSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org) | |
+# The attribute of the role which is the rolename | |
+roleRoleAttribute=cn | |
+# the search filter that selects the roles that the user belongs to. | |
+# If a match is found, the containing object is one of the roles the user belongs to | |
+roleSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org) | |
# the admin user's DN (distinguished name) | |
# Depending on how the LDAP is configured you may be able to comment this and password out and add | |
# <property name="anonymousReadOnly" value="true" /> | |
diff --git a/security-proxy/targets-mapping.properties b/security-proxy/targets-mapping.properties | |
index 46ec585..5eb45f4 100644 | |
--- a/security-proxy/targets-mapping.properties | |
+++ b/security-proxy/targets-mapping.properties | |
@@ -1,8 +1,8 @@ | |
analytics=http://localhost:8280/analytics/ | |
+atlas=http://localhost:8280/atlas/ | |
+console=http://localhost:8280/console/ | |
extractorapp=http://localhost:8280/extractorapp/ | |
geonetwork=http://localhost:8280/geonetwork/ | |
geoserver=http://localhost:8380/geoserver/ | |
header=http://localhost:8280/header/ | |
-ldapadmin=http://localhost:8280/ldapadmin/ | |
mapfishapp=http://localhost:8280/mapfishapp/ | |
-atlas=http://localhost:8280/atlas/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment