Geomatys / examind-community

Examind Community (formerly known as Constellation-SDI) is an open source platform dedicated to geographic data infrastructures development. It constitutes the foundation of custom developments carried out by Geomatys and results from more than 10 years of R&D.
Other
6 stars 5 forks source link

Unauthorized 401 : requêtes WFS transactionnels #45

Open paulemilechilin opened 2 days ago

paulemilechilin commented 2 days ago

lorsque je fais un https://gis.eop.promethee.digital/examind/WS/wfs/EOP_WFS?SERVICE=WFS&REQUEST=Transaction

avec les xml suivant :

SERVICE: WFS REQUEST: Transaction

INSERT :

<wfs:Transaction version="2.0.02.0.2" service="WFS" xmlns="http://www.someserver.example.com/myns" xmlns:fes="http://www.opengis.net/fes/2.0" xmlns:wfs="http://www.opengis.net/wfs/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.opengis.net/wfs/2.0 http://schemas.opengis.net/wfs/2.0.02.0/wfs.xsd">

population 4070000 SERVICE: WFS REQUEST: Transaction DELETE : j'ai systématiquement une erreur 401 Unauthorized
glegal commented 1 day ago

La partie transactionnelle du WFS (et des autres service OGC transactionnel d'Examind) sont sécurisé par défaut. Cela est fait pour éviter que n'importe qui puisse écrire sur le serveur. Il existe une configuration pour désactivé cette sécurité, mais elle n'est pas accessible via l'UI (notamment utilisé dans les tests). La manière classique d’accéder a ces opération est de fournir un cookie d'authentification. exemple: on récupère un token d'authentification:

curl -v --location 'http://localhost:8080/examind/API/auth/login' \
--header 'Content-Type: application/json' --data '{
    "username":"admin",
    "password":"admin"
}'

on extrait la valeur du cookie de retour:

* processing: http://localhost:8080/examind/API/auth/login
*   Trying [::1]:8080...
* Connected to localhost (::1) port 8080
> POST /examind/API/auth/login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/8.2.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 50
> 
< HTTP/1.1 200 
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Headers: Origin, access_token, X-Requested-With, Content-Type, Accept
< Access-Control-Allow-Credentials: true
< Set-Cookie: access_token=admin_1730283888780_f6845d8b9c5218ac6301cdb860d8101c_900000; Path=/; HttpOnly
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-XSS-Protection: 0
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< Content-Length: 0
< Date: Wed, 30 Oct 2024 09:54:48 GMT

On utilise ensuite ce cookie dans la requête transaction:

curl --location 'http://localhost:8080/examind/WS/wfs/default?SERVICE=WFS&REQUEST=Transaction&VERSION=1.1.0' \
--header 'Content-Type: application/xml' \
--header 'Cookie: access_token=admin_1730283888780_f6845d8b9c5218ac6301cdb860d8101c_900000' \
--data '<wfs:Transaction
    version="2.0.0"
    service="WFS"
    xmlns="http://www.someserver.example.com/myns"
    xmlns:fes="http://www.opengis.net/fes/2.0"
    xmlns:wfs="http://www.opengis.net/wfs/2.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.opengis.net/wfs/2.0
http://schemas.opengis.net/wfs/2.0//wfs.xsd">
    <wfs:Update typeName="da9cd5c348474c1d830ade8baa2f351d">
        <wfs:Property>
            <wfs:ValueReference>population</wfs:ValueReference>
            <wfs:Value>4070000</wfs:Value>
        </wfs:Property>
        <fes:Filter>
            <fes:ResourceId rid="da9cd5c348474c1d830ade8baa2f351d.10131"/>
        </fes:Filter>
    </wfs:Update>
</wfs:Transaction>'
paulemilechilin commented 1 day ago

Parfait je vais tester cela. Merci.