Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save fvanderbiest/1049126fc13a921f2d9a1adb6f5dc5a1 to your computer and use it in GitHub Desktop.
Save fvanderbiest/1049126fc13a921f2d9a1adb6f5dc5a1 to your computer and use it in GitHub Desktop.
geOrchestra datadir changes between 17.12 and 18.06
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b25c15b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/README.md b/README.md
index cd7bf81..2ae95bc 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ Remember to change it in your LDAP too !
Finally, you should head to [ReCAPTCHA](https://www.google.com/recaptcha/) and get an account for your service.
-Once you're done, fill in the public and private keys in the [ldapadmin/ldapadmin.properties](https://github.com/georchestra/datadir/blob/master/ldapadmin/ldapadmin.properties) file.
+Once you're done, fill in the public and private keys in the [console/console.properties](https://github.com/georchestra/datadir/blob/master/console/console.properties) file.
**Restart your tomcat or jetty services when done with datadir editing**.
@@ -54,6 +54,5 @@ There are plenty of other configuration options available, so feel free to brows
We do recommend that you:
* change your SDI logo, with [header/logo.png](header/logo.png)
* update the viewer config with [mapfishapp/js/GEOR_custom.js](mapfishapp/js/GEOR_custom.js)
- * update the extractor config with [extractorapp/js/GEOR_custom.js](extractorapp/js/GEOR_custom.js)
- * translate to your language the ldapadmin ([ldapadmin/templates](ldapadmin/templates)) and extractor ([extractorapp/templates](extractorapp/templates)) email templates
+ * translate to your language the console ([console/templates](console/templates)) and extractor ([extractorapp/templates](extractorapp/templates)) email templates
diff --git a/analytics/analytics.properties b/analytics/analytics.properties
index a89e065..48c059a 100644
--- a/analytics/analytics.properties
+++ b/analytics/analytics.properties
@@ -1,6 +1,6 @@
# This variable configures the JDBC URL to the database where the statistics
# gathered by the OGC-server-statistics module are stored
-dlJdbcUrlOGC=jdbc:postgresql://localhost:5432/georchestra?user=www-data&password=www-data
+dlJdbcUrlOGC=jdbc:postgresql://localhost:5432/georchestra?user=georchestra&password=georchestra
language=en
instance=geOrchestra
diff --git a/atlas/atlas.properties b/atlas/atlas.properties
index 0b623b2..b450eb4 100644
--- a/atlas/atlas.properties
+++ b/atlas/atlas.properties
@@ -1,15 +1,15 @@
# PostGreSQL
psql.url=jdbc:postgresql://localhost:5432/georchestra
-psql.user=www-data
-psql.pass=www-data
+psql.user=georchestra
+psql.pass=georchestra
# SMTP configuration
smtpHost=localhost
smtpPort=25
# Other
-atlas.baseUrl=https://georchestra.mydomain.org/atlas
+atlas.baseUrl=${publicUrl}/atlas
atlas.emailFrom=noreply+atlas@georchestra.org
atlas.emailSubject=[geOrchestra] Your Atlas request
-atlas.temporaryDirectory=/tmp/georchestra/atlas
+atlas.temporaryDirectory=/tmp/atlas
diff --git a/cadastrapp/cadastrapp.properties b/cadastrapp/cadastrapp.properties
index 9fd5b68..9699cfb 100644
--- a/cadastrapp/cadastrapp.properties
+++ b/cadastrapp/cadastrapp.properties
@@ -11,7 +11,7 @@ user.search.are.filtered=1
# Database schema name
schema.name=cadastrapp_qgis
-## CNIL ROLE NAME for ldap group. Only Cnil 1 and Cnil 2 make some limitation
+## CNIL ROLE NAME for ldap role. Only Cnil 1 and Cnil 2 make some limitation
cnil1RoleName=ROLE_EL_CAD_CNIL1
cnil2RoleName=ROLE_EL_CAD_CNIL2
diff --git a/cas/cas.properties b/cas/cas.properties
index 6c74bdd..8440657 100644
--- a/cas/cas.properties
+++ b/cas/cas.properties
@@ -1,14 +1,16 @@
-server.name=https://georchestra.mydomain.org
-server.prefix=https://georchestra.mydomain.org/cas
+server.name=${publicUrl}
+server.prefix=${publicUrl}/cas
instance.name=geOrchestra
-homepage.url=https://georchestra.mydomain.org/
-header.height=90
+# Uncomment to override header height (size in px) or header url in the console
+# defaults to values defined in ../default.properties
+# headerHeight=90
+# headerUrl=/header/
# IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information
cas.securityContext.status.allowedSubnet=127.0.0.1
-ldapadmin.contextpath=/ldapadmin
+console.contextpath=/console
cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views
@@ -20,14 +22,14 @@ cas.viewResolver.basename=default_views
host.name=georchestra.mydomain.org
ldap.url=ldap://127.0.1.1:389
-ldap.authn.groupSearchBaseDn=ou=roles,dc=georchestra,dc=org
+ldap.authn.roleSearchBaseDn=ou=roles,dc=georchestra,dc=org
ldap.authn.userSearchBaseDn=ou=users,dc=georchestra,dc=org
ldap.authn.searchFilter=(uid={user})
ldap.admin.username=cn=admin,dc=georchestra,dc=org
ldap.admin.password=secret
-ldap.authn.groupSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org)
-ldap.authn.groupRoleAttribute=cn
-ldap.authn.pendingGroupName=PENDING
+ldap.authn.roleSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org)
+ldap.authn.roleRoleAttribute=cn
+ldap.authn.pendingRoleName=PENDING
# See http://www.ldaptive.org/ for information about ldap parameters
ldap.connectTimeout=30000
diff --git a/ldapadmin/ldapadmin.properties b/console/console.properties
similarity index 69%
rename from ldapadmin/ldapadmin.properties
rename to console/console.properties
index e90b2be..5b89a51 100644
--- a/ldapadmin/ldapadmin.properties
+++ b/console/console.properties
@@ -2,21 +2,24 @@
# General purposes properties
instanceName=geOrchestra
-publicContextPath=/ldapadmin
+publicContextPath=/console
protectedUser.uid1=geoserver_privileged_user
-# Header height (size in px)
-headerHeight=90
+# Uncomment to override header height (size in px) or header url in the console
+# defaults to values defined in ../default.properties
+# headerHeight=90
+# headerUrl=/header/
# Account moderation
# If moderatedSignup is true, each time a new user requests an account:
-# * an email is sent to moderatorEmail for validation,
-# * user has role PENDING (which grants nothing).
+# * an email is sent to all users having the SUPERUSER role and also to those
+# which hold and admin delegation for the declared Org (if any)
+# * user gets the PENDING role (which grants nothing on the SDI).
# Otherwise, the user is immediately considered as registered,
-# and is granted the USER role.
-#
+# and is granted the USER role. An email is also sent to SUPERUSER user
+# and delegated admins if any.
+
moderatedSignup=true
-moderatorEmail=georchestra+testadmin@georchestra.mydomain.org
# Delay in days before the "I lost my password" token expires
delayInDays=1
@@ -24,47 +27,48 @@ delayInDays=1
# Possible values for org creation form : "orgShortName", "orgAddress" and "orgType"
requiredFields=firstName,surname,org,orgType
-# Org type values is used to populate the drop down list from /ldapadmin/account/new
+# Org type values is used to populate the drop down list from /console/account/new
orgTypeValues=Association,Company,NGO,Individual,Other
# Areas map configuration
-# This map appears on the /ldapadmin/account/new page, when the user checks the "my org does not exist" checkbox.
+# This map appears on the /console/account/new page, when the user checks the "my org does not exist" checkbox.
# Currently the map is configured with the EPSG:4326 SRS.
-AreaMapCenter=1.77, 47.3
-AreaMapZoom=6
+# Optional center and zoom of map, uncomment following line and also AreaMapZoom to force center and zoom
+#AreaMapCenter=1.77, 47.3
+#AreaMapZoom=6
# AreasUrl is the URL of a static file or a service with a GeoJSON FeatureCollection object string in EPSG:4326.
AreasUrl=https://www.geopicardie.fr/public/communes_simplified.json
# example "dynamic" AreasUrl=https://my.server.org/geoserver/ows?SERVICE=WFS&REQUEST=GetFeature&typeName=gadm:gadm_for_countries&outputFormat=json&cql_filter=ISO='FRA' or ISO='BEL'
# The following properties are used to configure the map widget behavior:
-AreasKey=OBJECTID
+AreasKey=INSEE_COM
# AreasKey is the key stored in the org LDAP record to uniquely identify a feature.
-AreasValue=OBJECTID
+AreasValue=NOM_COM
# AreasValue is the feature "nice name" which appears in the widget list once selected.
-AreasGroup=ISO
+AreasGroup=NOM_DEP
# AreasGroup is the feature property which is used to group together areas.
# eg: if the GeoJSON file represents regions, then AreasGroup might be the property with the "state name".
# CAUTION: AreasGroup **has to** be a string, not a numeric !
# reCaptcha V2
verificationURL=https://www.google.com/recaptcha/api/siteverify
-privateKey=6LeStlMUAAAAAMjUHn-srYb_rXDs5EUvkDBW5UbQ
-publicKey=6LeStlMUAAAAAHHcDH0RJ1wGos5I5G0iTcxxlJrZ
+privateKey=6LfTgF4UAAAAAL-FJJecf36W69hEaC4qZ1yu_s5-
+publicKey=6LfTgF4UAAAAADphdZKi6ocxIpn9MSzt8wRBFmmd
# LDAP related
ldapUrl=ldap://localhost:389
baseDN=dc=georchestra,dc=org
ldapAdminDn=cn=admin,dc=georchestra,dc=org
ldap.admin.password=secret
-groupUniqueNumberField=ou
+roleUniqueNumberField=ou
userSearchBaseDN=ou=users
-groupSearchBaseDN=ou=roles
+roleSearchBaseDN=ou=roles
+orgSearchBaseDN=ou=orgs
accountUniqueNumberField=employeeNumber
-orgsSearchBaseDN=ou=orgs
# PostGreSQL database connection parameters
psql.url=jdbc:postgresql://localhost:5432/georchestra
-psql.user=www-data
-psql.pass=www-data
+psql.user=georchestra
+psql.pass=georchestra
# SMTP configuration
smtpHost=localhost
@@ -74,17 +78,19 @@ smtpPort=25
emailHtml=false
replyTo=georchestra+testadmin@georchestra.mydomain.org
from=georchestra+testadmin@georchestra.mydomain.org
-language=en
subject.account.created=[geOrchestra] Your account has been created
subject.account.in.process=[geOrchestra] Your new account is waiting for validation
subject.requires.moderation=[geOrchestra] New account waiting for validation
subject.change.password=[geOrchestra] Update your password
subject.account.uid.renamed=[geOrchestra] New login for your account
+subject.new.account.notification=[geOrchestra] New account created
+templateEncoding=UTF-8
warnUserIfUidModified=true
+# This "�" char should display nicely in a ISO 8859-1 configured editor
# Email proxy configuration
# Basically, this webapp can send emails on behalf of LDAP users.
-# The service endpoint is available at /ldapadmin/emailProxy
+# The service endpoint is available at /console/emailProxy
# Usage is restricted to users having the MOD_EMAILPROXY role by default,
# cf https://github.com/georchestra/datadir/blob/master/security-proxy/security-mappings.xml
# see https://github.com/georchestra/georchestra/pull/1572 for more information.
diff --git a/ldapadmin/log4j/log4j.properties b/console/log4j/log4j.properties
similarity index 80%
rename from ldapadmin/log4j/log4j.properties
rename to console/log4j/log4j.properties
index d8ef621..c9cddfe 100644
--- a/ldapadmin/log4j/log4j.properties
+++ b/console/log4j/log4j.properties
@@ -16,14 +16,13 @@
#------------------------------------------------------------------------------
log4j.rootLogger=WARN, R
-log4j.logger.org.georchestra.ldapadmin=WARN, R
-log4j.logger.org.georchestra.ldapadmin.ws.utils=INFO, R
+log4j.logger.org.georchestra.console=WARN, R
+log4j.logger.org.georchestra.console.ws.utils=INFO, R
log4j.appender.R = org.apache.log4j.rolling.RollingFileAppender
log4j.appender.R.RollingPolicy = org.apache.log4j.rolling.TimeBasedRollingPolicy
-log4j.appender.R.RollingPolicy.FileNamePattern = /tmp/ldapadmin.%d.log.gz
-log4j.appender.R.RollingPolicy.ActiveFileName = /tmp/ldapadmin.log
+log4j.appender.R.RollingPolicy.FileNamePattern = /tmp/console.%d.log.gz
+log4j.appender.R.RollingPolicy.ActiveFileName = /tmp/console.log
log4j.appender.R.Append = true
log4j.appender.R.layout = org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %m%n
-
diff --git a/console/protectedroles.properties b/console/protectedroles.properties
new file mode 100644
index 0000000..869122e
--- /dev/null
+++ b/console/protectedroles.properties
@@ -0,0 +1,2 @@
+# protected roles list separated by comma. Case sensitive. Reg ex is allowed
+protectedRolesList=SUPERUSER,ADMINISTRATOR,ORGADMIN,PENDING,USER,EXTRACTORAPP,GN_.*
diff --git a/ldapadmin/templates/account-creation-in-progress-template.txt b/console/templates/account-creation-in-progress-template.txt
similarity index 64%
rename from ldapadmin/templates/account-creation-in-progress-template.txt
rename to console/templates/account-creation-in-progress-template.txt
index 452ab09..b141915 100644
--- a/ldapadmin/templates/account-creation-in-progress-template.txt
+++ b/console/templates/account-creation-in-progress-template.txt
@@ -5,4 +5,4 @@ Your request for a new account will be processed very soon.
Your login is: {uid}
---
-Sent by geOrchestra (https://georchestra.mydomain.org)
+Sent by geOrchestra ({publicUrl}/)
diff --git a/ldapadmin/templates/account-uid-renamed.txt b/console/templates/account-uid-renamed.txt
similarity index 73%
rename from ldapadmin/templates/account-uid-renamed.txt
rename to console/templates/account-uid-renamed.txt
index 1bf8731..0f614ad 100644
--- a/ldapadmin/templates/account-uid-renamed.txt
+++ b/console/templates/account-uid-renamed.txt
@@ -6,4 +6,4 @@ geOrchestra platform has been modified.
Your new login is now: {uid}
---
-Sent by geOrchestra (https://georchestra.mydomain.org/)
+Sent by geOrchestra ({publicUrl}/)
diff --git a/ldapadmin/templates/changepassword-email-template.txt b/console/templates/changepassword-email-template.txt
similarity index 64%
rename from ldapadmin/templates/changepassword-email-template.txt
rename to console/templates/changepassword-email-template.txt
index ac09d91..809de62 100644
--- a/ldapadmin/templates/changepassword-email-template.txt
+++ b/console/templates/changepassword-email-template.txt
@@ -1,6 +1,6 @@
Dear {name},
-You (or someone else) asked to reset your password on https://georchestra.mydomain.org/.
+You (or someone else) asked to reset your password on {publicUrl}/.
If you did not request any password update, just ignore this e-mail, you're safe.
To set a new password for your user ({uid}), go to {url}.
@@ -9,4 +9,4 @@ You will then be able to connect to the platform.
Caution: this e-mail is personal, don't forward it.
---
-Sent by geOrchestra (https://georchestra.mydomain.org/)
+Sent by geOrchestra ({publicUrl}/)
diff --git a/console/templates/newaccount-notification-template.txt b/console/templates/newaccount-notification-template.txt
new file mode 100644
index 0000000..e4250b3
--- /dev/null
+++ b/console/templates/newaccount-notification-template.txt
@@ -0,0 +1,10 @@
+Dear admin,
+
+A new user signed up on {publicUrl}/ !
+
+User name: {name}
+User email: {email}
+User ID: {uid}
+
+---
+Sent by geOrchestra ({publicUrl}/)
diff --git a/console/templates/newaccount-requires-moderation-template.txt b/console/templates/newaccount-requires-moderation-template.txt
new file mode 100644
index 0000000..8deeeff
--- /dev/null
+++ b/console/templates/newaccount-requires-moderation-template.txt
@@ -0,0 +1,11 @@
+Dear admin,
+
+A new account has been created on {publicUrl}/ and is waiting for validation.
+
+User name: {name}
+User ID: {uid}
+
+Visit {publicUrl}/console/manager/#/roles/PENDING/users to review the pending users.
+
+---
+Sent by geOrchestra ({publicUrl}/)
diff --git a/console/templates/newaccount-was-created-template.txt b/console/templates/newaccount-was-created-template.txt
new file mode 100644
index 0000000..b0de399
--- /dev/null
+++ b/console/templates/newaccount-was-created-template.txt
@@ -0,0 +1,10 @@
+Dear {name},
+
+Your account on {publicUrl}/ has been successfully created !
+Visit {publicUrl}/cas/login to login with your identifier "{uid}" and your password.
+
+Have fun with geOrchestra,
+
+Your platform administrator
+---
+Sent by geOrchestra ({publicUrl}/)
diff --git a/default.properties b/default.properties
new file mode 100644
index 0000000..f5c9409
--- /dev/null
+++ b/default.properties
@@ -0,0 +1,9 @@
+# This file holds some property shared across all geOrchestra webapps
+
+# Public URL of this geOrchestra instance
+# URL must not include the trailing slash
+publicUrl=https://georchestra.mydomain.org
+
+# Configure Header
+headerHeight=90
+headerUrl=/header/
diff --git a/extractorapp/extractorapp.properties b/extractorapp/extractorapp.properties
index 7c129a7..4855520 100644
--- a/extractorapp/extractorapp.properties
+++ b/extractorapp/extractorapp.properties
@@ -1,12 +1,5 @@
-instance=georchestra
language=en
-# The base url of the extractorapp as accessible from outside the intranet
-servletUrl=https://georchestra.mydomain.org/extractorapp
-
-# Hostname of the geoserver that is secured for geOrchestra.
-secureHost=georchestra.mydomain.org
-
# Email properties
smtpHost=localhost
smtpPort=25
@@ -18,7 +11,7 @@ privileged_admin_name=geoserver_privileged_user
privileged_admin_pass=gerlsSnFd6SmM
# Link to DB to store extraction statistics in 'extractorapp' schema
-jdbcurl=jdbc:postgresql://localhost:5432/georchestra?user=www-data&password=www-data
+jdbcurl=jdbc:postgresql://localhost:5432/georchestra?user=georchestra&password=georchestra
# max extraction size in pixels
maxCoverageExtractionSize=99999999
diff --git a/extractorapp/js/GEOR_custom.js b/extractorapp/js/GEOR_custom.js
deleted file mode 100644
index bb310be..0000000
--- a/extractorapp/js/GEOR_custom.js
+++ /dev/null
@@ -1,317 +0,0 @@
-/**
- * Sample geOrchestra extractor config file
- *
- * Instructions: uncomment lines you wish to modify and
- * modify the corresponding values to suit your needs.
- */
-Ext.namespace("GEOR");
-
-GEOR.custom = {
-
- /**
- * Constant: HEADER_HEIGHT
- * Integer value representing the header height, as set in the shared maven filters
- * Defaults to 90
- */
- HEADER_HEIGHT: 90,
-
- /**
- * Constant: PDF_URL
- * String: the URL to the downloaded data Terms Of Use
- * Defaults to /header/cgu.pdf (see shared.download_form.pdf_url var in shared.maven.filters file)
- */
- PDF_URL: "/header/cgu.pdf",
-
- /***** Beginning of config options which can be set in this file *****/
-
- /**
- * Constant: SUPPORTED_RASTER_FORMATS
- * List of supported raster formats.
- * Defaults to GeoTiff & Tiff
- *
- SUPPORTED_RASTER_FORMATS: [
- ["geotiff", "GeoTiff"],
- ["tiff", "Tif + TFW"]
- ],*/
-
- /**
- * Constant: SUPPORTED_VECTOR_FORMATS
- * List of supported vector formats.
- * Defaults to SHP, MIF/MID, TAB, KML
- *
- SUPPORTED_VECTOR_FORMATS: [
- ["shp", "Shapefile"],
- ["mif", "Mif/Mid"],
- ["tab", "TAB"],
- ["kml", "KML"]
- ],*/
-
- /**
- * Constant: SUPPORTED_RESOLUTIONS
- * List of supported resolutions.
- * Defaults to 0.2 0.5 1 2 5 10 meters
- *
- SUPPORTED_RESOLUTIONS: [
- ["0.2", "0.2"],
- ["0.5", "0.5"],
- ["1", "1"],
- ["2", "2"],
- ["5", "5"],
- ["10", "10"]
- ],*/
-
- /**
- * Constant: DEFAULT_RESOLUTION
- * Defaults to 10 meters
- * Please read https://github.com/georchestra/georchestra/issues/726
- *
- DEFAULT_RESOLUTION: 10,*/
-
- /**
- * Constant: GEOSERVER_WMS_URL
- * The URL to GeoServer WMS.
- */
- GEOSERVER_WMS_URL: "/geoserver/wms",
-
- /**
- * Constant: GEOSERVER_WFS_URL
- * The URL to GeoServer WFS.
- */
- //GEOSERVER_WFS_URL: "/geoserver/wfs",
-
- /**
- * Constant: MAX_FEATURES
- * The maximum number of vector features displayed.
- */
- //MAX_FEATURES: 500,
-
- /**
- * Constant: MAX_LENGTH
- * The maximum number of chars in a XML response
- * before triggering an alert.
- */
- //MAX_LENGTH: 500000,
-
- /**
- * Constant: MAP_DOTS_PER_INCH
- * {Float} Sets the resolution used for scale computation.
- * Defaults to 1000 / 39.37 / 0.28
- * see https://github.com/georchestra/georchestra/issues/736
- */
- //MAP_DOTS_PER_INCH: 1000 / 39.37 / 0.28,
-
- /**
- * Constant: GLOBAL_EPSG
- * SRS of the map used to select the global extraction parameters
- */
- //GLOBAL_EPSG: "EPSG:4326",
-
- /**
- * Constant: MAP_XMIN aka "left"
- * {Float} The max extent xmin in GLOBAL_EPSG coordinates.
- * Defaults to -180
- */
- //MAP_XMIN: -180,
-
- /**
- * Constant: MAP_YMIN aka "bottom"
- * {Float} The max extent ymin in GLOBAL_EPSG coordinates.
- * Defaults to -90
- */
- //MAP_YMIN: -90,
-
- /**
- * Constant: MAP_XMAX aka "right"
- * {Float} The max extent xmax in GLOBAL_EPSG coordinates.
- * Defaults to 180
- */
- //MAP_XMAX: 180,
-
- /**
- * Constant: MAP_YSMAX aka "top"
- * {Float} The max extent ymax in GLOBAL_EPSG coordinates
- * Defaults to 90
- */
- //MAP_YMAX: 90,
-
- /**
- * Constant: BASE_LAYER_NAME
- * The WMS base layer which will be displayed under each extracted layer.
- * Defaults to "geor:countries"
- */
- BASE_LAYER_NAME: "geor:countries",
-
- /**
- * Constant: NS_LOC
- * {String} The referentials layers' namespace alias as defined in
- * the GeoServer configuration.
- * Defaults to "geor_loc"
- */
- //NS_LOC: "geor_loc",
-
- /**
- * Constant: DEFAULT_WCS_EXTRACTION_WIDTH
- * Default width of the extracted image from WCS. This constant
- * is to be used to calculate the default resolution of WCS.
- * Defaults to 1024
- *
- * FIXME: not sure it is really useful.
- *
- */
- //DEFAULT_WCS_EXTRACTION_WIDTH: 1024,
-
- /**
- * Constant: SUPPORTED_REPROJECTIONS
- * List of projections that extractor supports for reprojection
- */
- /*SUPPORTED_REPROJECTIONS: [
- ["EPSG:4326", "EPSG:4326 - WGS84"],
- ["EPSG:3857", "Spherical Mercator"]
- ],*/
-
- /**
- * Constant: METRIC_MAP_SCALES
- * {Array} The map scales for the case where the SRS is metric.
- * Defaults to null, which means scales will be automatically computed
- *
- METRIC_MAP_SCALES: [
- 266.5911979812228585,
- 533.1823959624461134,
- 1066.3647919248918304,
- 2132.7295838497840572,
- 4265.4591676995681144,
- 8530.9183353991362289,
- 17061.8366707982724577,
- 34123.6733415965449154,
- 68247.3466831930771477,
- 136494.6933663861796617,
- 272989.3867327723085907,
- 545978.7734655447186469,
- 1091957.5469310886252288,
- 2183915.0938621788745877,
- 4367830.1877243577491754,
- 8735660.3754487154983508,
- 17471320.7508974309967016,
- 34942641.5017948619934032,
- 69885283.0035897239868063,
- 139770566.0071793960087234,
- 279541132.0143588959472254,
- 559082264.0287178958533332
- ],*/
-
- /**
- * Constant: GEOGRAPHIC_MAP_SCALES
- * {Array} The map scales for the case where the SRS is based on angles.
- * Defaults to null, which means scales will be automatically computed
- */
- //GEOGRAPHIC_MAP_SCALES: null,
-
- /**
- * Constant: MAP_POS_SRS1
- * {String} The cursor position will be displayed using this SRS.
- * Defaults to "EPSG:4326"
- */
- //MAP_POS_SRS1: "EPSG:4326",
-
- /**
- * Constant: MAP_POS_SRS2
- * {String} The cursor position will be displayed using this SRS.
- * Defaults to ""
- */
- //MAP_POS_SRS2: "",
-
- /**
- * Constant: EXTRACT_BTN_DISABLE_TIME
- * Duration in seconds for the extract button being disabled after an extraction
- * Defaults to 30
- */
- //EXTRACT_BTN_DISABLE_TIME: 30,
-
- /**
- * Constant: LAYERS_CHECKED
- * Layers checked by default or not ?
- * Defaults to true
- */
- //LAYERS_CHECKED: true,
-
- /**
- * Constant: BUFFER_VALUES
- * {Array} Array of buffer values with their display name
- */
- /*BUFFER_VALUES: [
- [0, "None"],
- [10, "BUFFER meters"],
- [50, "BUFFER meters"],
- [100, "BUFFER meters"],
- [500, "BUFFER meters"],
- [1000, "BUFFER kilometer"],
- [5000, "BUFFER kilometers"],
- [10000, "BUFFER kilometers"]
- ],*/
-
- /**
- * Constant: DEFAULT_BUFFER_VALUE
- * Default buffer value in meters.
- * Valid values are those from BUFFER_VALUES
- * Defaults to 0
- */
- //DEFAULT_BUFFER_VALUE: 0,
-
- /**
- * Constant: STARTUP_LAYERS
- * {Array} OGC layers loaded at startup if none are sent
- */
- STARTUP_LAYERS: [/*
- {
- owstype: "WMS",
- owsurl: "https://my.server.org/geoserver/wms",
- layername: "gshhs:GSHHS_l_L2"
- }*/
- ],
-
- /**
- * Constant: STARTUP_SERVICES
- * {Array} OGC services loaded at startup if none are sent
- */
- STARTUP_SERVICES: [
- {
- text: "Local OGC service",
- owstype: "WMS",
- owsurl: "/geoserver/wms"
- }
- ]
-
- /**
- * Constant: SPLASH_SCREEN
- * {String} The message to display on extractorapp startup
- * Defaults to null, which means no message will be displayed
- *
- ,SPLASH_SCREEN: [
- "Afin d'utiliser au mieux la fonctionnalité d'extraction en ligne, nous vous ",
- "invitons à respecter les conseils suivants : ",
- "<br/><br/>",
- "Pour les données <b>image</b> : ",
- "La taille maximale pour une extraction de l'orthophotographie à 50cm est d'environ 9 Km². ",
- "Au-delà, l'extraction risque de ne pas aboutir. ",
- "<br/>",
- "Le format ECW est limité à des fichiers de 500 Mo maximum. ",
- "Privilégiez plutôt les formats JPEG 2000 ou TIF. ",
- "<br/><br/>",
- "Pour les données <b>vecteur</b> : ",
- "Les couches comportant un trop grand nombre d'objets (~ million) ",
- "ne pourront pas être extraites. ",
- "<br/><br/>",
- "Si vous ne parvenez pas à extraire une couche à l'aide de l'extracteur en ",
- "ligne, <a href=\"mailto:psc@georchestra.org\">prenez contact</a> avec l'administrateur."].join(""),
- */
-
- /**
- * Constant: HELP_URL
- * {String} URL of the help ressource.
- * Defaults to "https://cms.geobretagne.fr/etiquettes/tutoriels"
- *
- ,HELP_URL: "https://cms.geobretagne.fr/etiquettes/tutoriels"
- */
-
- // No trailing comma for the last line (or IE will complain)
-};
diff --git a/extractorapp/templates/extractor-email-ack-template.tpl b/extractorapp/templates/extractor-email-ack-template.tpl
index abd16c9..ff61099 100644
--- a/extractorapp/templates/extractor-email-ack-template.tpl
+++ b/extractorapp/templates/extractor-email-ack-template.tpl
@@ -5,4 +5,4 @@ If you have not requested an extraction, please just ignore this message.
This e-mail is sent automatically, any answer will be ignored.
---
-Sent by geOrchestra (https://georchestra.mydomain.org/)
+Sent by geOrchestra ({publicUrl}/)
diff --git a/extractorapp/templates/extractor-email-template.tpl b/extractorapp/templates/extractor-email-template.tpl
index 5c0a1f1..3d13174 100644
--- a/extractorapp/templates/extractor-email-template.tpl
+++ b/extractorapp/templates/extractor-email-template.tpl
@@ -13,4 +13,4 @@ Your extraction can be downloaded during {expiry} days at the following address:
For more information, please contact your SDI administrator
---
-Sent by geOrchestra (https://georchestra.mydomain.org/)
+Sent by geOrchestra ({publicUrl}/)
diff --git a/geonetwork/config/config-security-georchestra.xml b/geonetwork/config/config-security-georchestra.xml
index e8cd57e..9daf092 100644
--- a/geonetwork/config/config-security-georchestra.xml
+++ b/geonetwork/config/config-security-georchestra.xml
@@ -86,13 +86,13 @@
</map>
</property>
<property name="importPrivilegesFromLdap" value="${ldap.privilege.import}"/>
- <property name="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.groups}"/>
+ <property name="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.roles}"/>
<property name="createNonExistingLdapUser" value="${ldap.privilege.create.nonexisting.users}"/>
<property name="ldapManager" ref="ldapUserDetailsService"/>
- <property name="groupAttribute" value="${ldap.privilege.search.group.attribute}"/>
- <property name="groupObject" value="${ldap.privilege.search.group.object}"/>
- <property name="groupQuery" value="${ldap.privilege.search.group.query}"/>
- <property name="groupQueryPattern" value="${ldap.privilege.search.group.pattern}"/>
+ <property name="groupAttribute" value="${ldap.privilege.search.role.attribute}"/>
+ <property name="groupObject" value="${ldap.privilege.search.role.object}"/>
+ <property name="groupQuery" value="${ldap.privilege.search.role.query}"/>
+ <property name="groupQueryPattern" value="${ldap.privilege.search.privilege.pattern}"/>
<property name="privilegeAttribute" value="${ldap.privilege.search.privilege.attribute}"/>
<property name="privilegeObject" value="${ldap.privilege.search.privilege.object}"/>
<property name="privilegeQuery" value="${ldap.privilege.search.privilege.query}"/>
@@ -107,11 +107,11 @@
<entry key="ldapUserSearchBase" value="${ldap.sync.user.search.base}"/>
<entry key="ldapUserSearchFilter" value="${ldap.sync.user.search.filter}"/>
<entry key="ldapUserSearchAttribute" value="${ldap.sync.user.search.attribute}"/>
- <entry key="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.groups}"/>
- <entry key="ldapGroupSearchBase" value="${ldap.sync.group.search.base}"/>
- <entry key="ldapGroupSearchFilter" value="${ldap.sync.group.search.filter}"/>
- <entry key="ldapGroupSearchAttribute" value="${ldap.sync.group.search.attribute}"/>
- <entry key="ldapGroupSearchPattern" value="${ldap.sync.group.search.pattern}"/>
+ <entry key="createNonExistingLdapGroup" value="${ldap.privilege.create.nonexisting.roles}"/>
+ <entry key="ldapGroupSearchBase" value="${ldap.sync.role.search.base}"/>
+ <entry key="ldapGroupSearchFilter" value="${ldap.sync.role.search.filter}"/>
+ <entry key="ldapGroupSearchAttribute" value="${ldap.sync.role.search.attribute}"/>
+ <entry key="ldapGroupSearchPattern" value="${ldap.sync.role.search.pattern}"/>
</map>
</property>
</bean>
@@ -132,9 +132,9 @@
</bean>
<bean id="ldapUserDetailsService" class="org.fao.geonet.kernel.security.ldap.LdapUserDetailsManager">
<constructor-arg ref="contextSource"/>
- <constructor-arg name="groupMemberAttributeName" value="${ldap.privilege.search.group.queryprop}"/>
- <constructor-arg name="query" value="${ldap.privilege.search.group.query}"/>
- <property name="groupSearchBase" value="${ldap.privilege.search.group.object}"/>
+ <constructor-arg name="groupMemberAttributeName" value="${ldap.privilege.search.role.queryprop}"/>
+ <constructor-arg name="query" value="${ldap.privilege.search.role.query}"/>
+ <property name="groupSearchBase" value="${ldap.privilege.search.role.object}"/>
<property name="usernameMapper" ref="usernameMapper"/>
<property name="userDetailsMapper" ref="ldapUserContextMapper"/>
</bean>
@@ -142,4 +142,11 @@
<constructor-arg index="0" type="java.lang.String" name="userDnBase" value="${ldap.base.search.base}"/>
<constructor-arg index="1" type="java.lang.String" name="usernameAttribute" value="${ldap.sync.user.search.attribute}"/>
</bean>
+
+ <!-- redirect to cas when need to be logged in -->
+ <bean id="authenticationEntryPoint"
+ class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
+ <constructor-arg index="0" value="/?login" />
+ </bean>
+
</beans>
diff --git a/geonetwork/geonetwork.properties b/geonetwork/geonetwork.properties
index 6ced624..c248d50 100644
--- a/geonetwork/geonetwork.properties
+++ b/geonetwork/geonetwork.properties
@@ -18,7 +18,7 @@ jdbc.port=5432
jdbc.database=georchestra
jdbc.schema=geonetwork
jdbc.username=geonetwork
-jdbc.password=www-data
+jdbc.password=georchestra
jdbc.basic.maxActive=33
jdbc.basic.maxWait=200
@@ -34,21 +34,23 @@ ldap.base.dn.pattern=uid={0}
ldap.sync.user.search.base=ou=users
ldap.sync.user.search.filter=(&(objectClass=*)(mail=*@*)(givenName=*))
ldap.sync.user.search.attribute=uid
-ldap.privilege.create.nonexisting.groups=true
+ldap.privilege.create.nonexisting.roles=true
ldap.privilege.create.nonexisting.users=true
-ldap.sync.group.search.base=ou=roles
-ldap.sync.group.search.filter=(&(objectClass=groupOfMembers)(cn=EL_*))
-ldap.sync.group.search.attribute=cn
-ldap.sync.group.search.pattern=EL_(.*)
+ldap.sync.role.search.base=ou=roles
+ldap.sync.role.search.filter=(&(objectClass=groupOfMembers)(cn=EL_*))
+ldap.sync.role.search.attribute=cn
+ldap.sync.role.search.pattern=EL_(.*)
ldap.sync.cron=0 * * * * ?
ldap.sync.startDelay=60000
ldap.privilege.import=true
-ldap.privilege.search.group.queryprop=member
-ldap.privilege.search.group.query=(&(objectClass=groupOfMembers)(member=uid={0},${ldap.base.search.base},${ldap.base.dn})(cn=EL_*))
-ldap.privilege.search.group.object=ou=roles
+ldap.privilege.search.role.queryprop=member
+ldap.privilege.search.role.query=(&(objectClass=groupOfMembers)(member=uid={0},${ldap.base.search.base},${ldap.base.dn})(cn=EL_*))
+ldap.privilege.search.role.object=ou=roles
ldap.base.search.base=ou=users
ldap.privilege.search.privilege.pattern=GN_(.*)
ldap.privilege.search.privilege.query=(&(objectClass=groupOfMembers)(member=uid={0},${ldap.base.search.base},${ldap.base.dn}))
ldap.privilege.search.privilege.object=ou=roles
+ldap.privilege.search.privilege.attribute=cn
+ldap.privilege.search.role.attribute=cn
diff --git a/geowebcache/geowebcache.properties b/geowebcache/geowebcache.properties
index c801abc..eee89f4 100644
--- a/geowebcache/geowebcache.properties
+++ b/geowebcache/geowebcache.properties
@@ -1,4 +1,3 @@
-baseUrl=https://georchestra.mydomain.org
contextPath=/geowebcache
instance.name=geOrchestra
diff --git a/header/header.properties b/header/header.properties
index 1666acf..0d97d7e 100644
--- a/header/header.properties
+++ b/header/header.properties
@@ -1,2 +1,2 @@
language=en
-ldapadminPublicContextPath=/ldapadmin
+consolePublicContextPath=/console
diff --git a/ldapadmin/protectedgroups.properties b/ldapadmin/protectedgroups.properties
deleted file mode 100644
index 48df289..0000000
--- a/ldapadmin/protectedgroups.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-# protected groups list separated by comma. Case sensitive. Reg ex is allowed
-protectedGroupsList=ADMINISTRATOR,PENDING,USER,GN_.*,MOD_.*
diff --git a/ldapadmin/templates/newaccount-requires-moderation-template.txt b/ldapadmin/templates/newaccount-requires-moderation-template.txt
deleted file mode 100644
index cc95c2a..0000000
--- a/ldapadmin/templates/newaccount-requires-moderation-template.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-Dear admin,
-
-A new account has been created on https://georchestra.mydomain.org/ and is waiting for validation.
-
-User name: {name}
-User ID: {uid}
-
-Visit https://georchestra.mydomain.org/ldapadmin/console/#/groups/PENDING/users to review the pending users.
-
----
-Sent by geOrchestra (https://georchestra.mydomain.org)
diff --git a/ldapadmin/templates/newaccount-was-created-template.txt b/ldapadmin/templates/newaccount-was-created-template.txt
deleted file mode 100644
index 6b5dd0d..0000000
--- a/ldapadmin/templates/newaccount-was-created-template.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Dear {name},
-
-Your account on https://georchestra.mydomain.org/ has been successfully created !
-Visit https://georchestra.mydomain.org/cas/login to login with your identifier "{uid}" and your password.
-
-Have fun with geOrchestra,
-
-Your platform administrator
----
-Sent by geOrchestra (https://georchestra.mydomain.org/)
diff --git a/mapfishapp/js/GEOR_custom.js b/mapfishapp/js/GEOR_custom.js
index eda6bcf..26ab0a4 100644
--- a/mapfishapp/js/GEOR_custom.js
+++ b/mapfishapp/js/GEOR_custom.js
@@ -10,13 +10,6 @@ Ext.namespace("GEOR");
GEOR.custom = {
- /**
- * Constant: HEADER_HEIGHT
- * Integer value representing the header height, as set in the shared maven filters
- * Defaults to 90
- */
- HEADER_HEIGHT: 90,
-
/**
* Constant: DEFAULT_WMC
* The relative path to the default context.
diff --git a/mapfishapp/mapfishapp.properties b/mapfishapp/mapfishapp.properties
index 30f6a05..0f47ac7 100644
--- a/mapfishapp/mapfishapp.properties
+++ b/mapfishapp/mapfishapp.properties
@@ -3,6 +3,6 @@ instance=geOrchestra
language=en
-jdbcUrl=jdbc:postgresql://localhost:5432/georchestra?user=www-data&password=www-data
+jdbcUrl=jdbc:postgresql://localhost:5432/georchestra?user=georchestra&password=georchestra
docTempDir=/tmp
diff --git a/mapfishapp/wfs.servers.json b/mapfishapp/wfs.servers.json
index 96e1f84..ae22197 100644
--- a/mapfishapp/wfs.servers.json
+++ b/mapfishapp/wfs.servers.json
@@ -2,7 +2,7 @@
"servers": [
{
"name": "Local WFS service",
- "url": "/geoserver/wfs"
+ "url": "https://georchestra.mydomain.org/geoserver/wfs"
},
{
"name": "GéoBretagne",
diff --git a/mapfishapp/wms.servers.json b/mapfishapp/wms.servers.json
index 355100b..a177a45 100644
--- a/mapfishapp/wms.servers.json
+++ b/mapfishapp/wms.servers.json
@@ -2,7 +2,7 @@
"servers": [
{
"name": "Local WMS service",
- "url": "/geoserver/wms"
+ "url": "https://georchestra.mydomain.org/geoserver/wms"
},
{
"name": "GeoBretagne cadastre - regional SDI",
diff --git a/mapfishapp/wmts.servers.json b/mapfishapp/wmts.servers.json
index a02c19b..a5f49c6 100644
--- a/mapfishapp/wmts.servers.json
+++ b/mapfishapp/wmts.servers.json
@@ -2,7 +2,7 @@
"servers": [
{
"name": "Local WMTS service",
- "url": "/geoserver/gwc/service/wmts"
+ "url": "https://georchestra.mydomain.org/geoserver/gwc/service/wmts"
},
{
"name": "GéoBretagne OSM",
@@ -12,6 +12,10 @@
"name": "GéoBretagne rasters",
"url": "https://tile.geobretagne.fr/gwc02/service/wmts"
},
+ {
+ "name": "GéoPicardie OSM",
+ "url": "https://osm.geopicardie.fr/mapproxy/service"
+ },
{
"name": "IGN GéoPortail",
"url": "https://wxs.ign.fr/opbnnt8s6esy6680ptjfqmwo/geoportail/wmts"
diff --git a/security-proxy/log4j/log4j.properties b/security-proxy/log4j/log4j.properties
index 105c828..88e43c1 100644
--- a/security-proxy/log4j/log4j.properties
+++ b/security-proxy/log4j/log4j.properties
@@ -6,6 +6,7 @@ log4j.logger.org.georchestra.security.statistics=INFO, OGCSTATISTICS
log4j.logger.OGCServiceMessageFormatter=INFO
log4j.logger.org.springframework=INFO
+log4j.logger.org.springframework.security=INFO
log4j.logger.org.jasig=INFO
log4j.appender.R = org.apache.log4j.rolling.RollingFileAppender
@@ -25,5 +26,5 @@ log4j.appender.R.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} %c{1} [%p] %
log4j.appender.OGCSTATISTICS=org.georchestra.ogcservstatistics.log4j.OGCServicesAppender
log4j.appender.OGCSTATISTICS.activated=true
log4j.appender.OGCSTATISTICS.jdbcURL=jdbc:postgresql://localhost:5432/georchestra
-log4j.appender.OGCSTATISTICS.databaseUser=www-data
-log4j.appender.OGCSTATISTICS.databasePassword=www-data
+log4j.appender.OGCSTATISTICS.databaseUser=georchestra
+log4j.appender.OGCSTATISTICS.databasePassword=georchestra
diff --git a/security-proxy/security-mappings.xml b/security-proxy/security-mappings.xml
index 877c4e1..0410cec 100644
--- a/security-proxy/security-mappings.xml
+++ b/security-proxy/security-mappings.xml
@@ -1,25 +1,24 @@
<http>
- <intercept-url pattern=".*\?.*login.*" access="ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR" />
- <intercept-url pattern=".*\?.*casLogin.*" access="ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR" />
+ <intercept-url pattern="/cas/login.*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+ <intercept-url pattern=".*\?.*login.*" access="ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR,ROLE_SUPERUSER,ROLE_ORGADMIN" />
<intercept-url pattern="/extractorapp/admin.*" access="ROLE_ADMINISTRATOR" />
<intercept-url pattern="/extractorapp/jobs/.*" access="ROLE_ADMINISTRATOR" />
- <intercept-url pattern="/extractorapp/.*" access="ROLE_MOD_EXTRACTORAPP" />
+ <intercept-url pattern="/extractorapp/.*" access="ROLE_EXTRACTORAPP" />
<intercept-url pattern="/geofence/.*" access="ROLE_ADMINISTRATOR" />
- <intercept-url pattern="/analytics/.*" access="ROLE_MOD_ANALYTICS" />
- <intercept-url pattern="/ldapadmin/private/.*" access="ROLE_MOD_LDAPADMIN" />
- <!-- this path is used by ws that return configuration for map that allow selection of areas (/ldapadmin/public/orgs/areaConfig.json) -->
- <intercept-url pattern="/ldapadmin/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
- <intercept-url pattern="/ldapadmin/console/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
- <intercept-url pattern="/ldapadmin/console/.*" access="ROLE_MOD_LDAPADMIN" />
- <intercept-url pattern="/ldapadmin/account/userdetails" access="IS_AUTHENTICATED_FULLY" />
- <intercept-url pattern="/ldapadmin/account/changePassword" access="IS_AUTHENTICATED_FULLY" />
- <intercept-url pattern="/ldapadmin/.*/emails" access="ROLE_MOD_LDAPADMIN" />
- <intercept-url pattern="/ldapadmin/.*/sendEmail" access="ROLE_MOD_LDAPADMIN" />
- <intercept-url pattern="/ldapadmin/attachments" access="ROLE_MOD_LDAPADMIN" />
- <intercept-url pattern="/ldapadmin/emailTemplates" access="ROLE_MOD_LDAPADMIN" />
- <intercept-url pattern="/ldapadmin/emailProxy" access="ROLE_MOD_EMAILPROXY" />
+ <intercept-url pattern="/analytics/.*" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
+ <intercept-url pattern="/console/private/.*" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
+ <!-- this path is used by ws that return configuration for map that allow selection of areas (/console/public/orgs/areaConfig.json) -->
+ <intercept-url pattern="/console/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+ <intercept-url pattern="/console/manager/public/.*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+ <intercept-url pattern="/console/manager/.*" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
+ <intercept-url pattern="/console/account/userdetails" access="IS_AUTHENTICATED_FULLY" />
+ <intercept-url pattern="/console/account/changePassword" access="IS_AUTHENTICATED_FULLY" />
+ <intercept-url pattern="/console/.*/emails" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
+ <intercept-url pattern="/console/.*/sendEmail" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
+ <intercept-url pattern="/console/attachments" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
+ <intercept-url pattern="/console/emailTemplates" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
+ <intercept-url pattern="/console/emailProxy" access="ROLE_EMAILPROXY" />
<intercept-url pattern="/testPage" access="IS_AUTHENTICATED_FULLY" />
<intercept-url pattern=".*/ogcproxy/.*" access="ROLE_NO_ONE" />
- <intercept-url pattern=".*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR" />
+ <intercept-url pattern=".*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_GN_EDITOR,ROLE_GN_REVIEWER,ROLE_GN_ADMIN,ROLE_ADMINISTRATOR,ROLE_SUPERUSER,ROLE_ORGADMIN" />
</http>
-
diff --git a/security-proxy/security-proxy.properties b/security-proxy/security-proxy.properties
index 498f161..418043c 100644
--- a/security-proxy/security-proxy.properties
+++ b/security-proxy/security-proxy.properties
@@ -1,5 +1,5 @@
# ------ proxy-servlet.xml ---------
-public.host=https://georchestra.mydomain.org/
+public.host=${publicUrl}
# default timeout : 20min should be enough to handle big extraction (~ 4x10^9 pixels)
http_client_timeout=1200000
@@ -7,13 +7,13 @@ http_client_timeout=1200000
anonymousRole=ROLE_ANONYMOUS
proxy.contextPath=/sec
# url called when user has logged out
-logout-success-url=https://georchestra.mydomain.org/cas/logout?fromgeorchestra
+logout-success-url=${publicUrl}/cas/logout?fromgeorchestra
# url where the user can login
-casLoginUrl=https://georchestra.mydomain.org/cas/login
+casLoginUrl=${publicUrl}/cas/login
# url that the security system uses to validate the cas tickets
-casTicketValidation=https://georchestra.mydomain.org/cas
+casTicketValidation=${publicUrl}/cas
# After going to the cas login cas forwards to this URL where the authorities and permissions are checked
-proxyCallback=https://georchestra.mydomain.org/j_spring_cas_security_check
+proxyCallback=${publicUrl}/login/cas
# list of trusted proxy, all request from listed server will be trusted and will bypass security
trustedProxy=127.0.0.1, localhost
# the ldap url
@@ -22,7 +22,7 @@ baseDN=dc=georchestra,dc=org
# The base DN from where to search for the logged in user. This mostly to verify the user exists
userSearchBaseDN=ou=users
# The base DN from where to search for organization. Use to fill sec-org http header
-orgsSearchBaseDN=ou=orgs
+orgSearchBaseDN=ou=orgs
# the second part of looking up the user
userSearchFilter=(uid={0})
# The base DN to use for looking up the roles/groups/authorities of the logged in user. Normally the ldap is configured like:
@@ -32,11 +32,11 @@ userSearchFilter=(uid={0})
#
# ou can be cn, ou, or some other option. member is often uniquemember as well.
authoritiesBaseDN=ou=roles
-# The attribute of the group which is the rolename
-groupRoleAttribute=cn
-# the search filter that selects the groups that the user is part of.
-# If a match is found the containing object is one of the groups the user is part of
-groupSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org)
+# The attribute of the role which is the rolename
+roleRoleAttribute=cn
+# the search filter that selects the roles that the user belongs to.
+# If a match is found, the containing object is one of the roles the user belongs to
+roleSearchFilter=(member=uid={1},ou=users,dc=georchestra,dc=org)
# the admin user's DN (distinguished name)
# Depending on how the LDAP is configured you may be able to comment this and password out and add
# <property name="anonymousReadOnly" value="true" />
diff --git a/security-proxy/targets-mapping.properties b/security-proxy/targets-mapping.properties
index 46ec585..5eb45f4 100644
--- a/security-proxy/targets-mapping.properties
+++ b/security-proxy/targets-mapping.properties
@@ -1,8 +1,8 @@
analytics=http://localhost:8280/analytics/
+atlas=http://localhost:8280/atlas/
+console=http://localhost:8280/console/
extractorapp=http://localhost:8280/extractorapp/
geonetwork=http://localhost:8280/geonetwork/
geoserver=http://localhost:8380/geoserver/
header=http://localhost:8280/header/
-ldapadmin=http://localhost:8280/ldapadmin/
mapfishapp=http://localhost:8280/mapfishapp/
-atlas=http://localhost:8280/atlas/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment