SOS 4.x Frequently Asked Questions

---

General questions

Why is the namespace not properly declared in , e.g. xsi:type="ns:DataArrayPropertyType"

• This is because of technical reasons. The 52N SOS uses XMLBeans for the XML encoding and if an element is defined as anyType in the XML schema, XMLBeans has problems with the declaration of the default prefixes in the inserted element. But the prefix/namespace mapping is declared in the associated element and the XML document is valid.

Why does the SOS not return observations for 2015-01-05T10:00:00.000Z if I send a request with During temporal filter for 2015-01-05T10:00:00.000Z/2015-01-05T12:00:00.000Z

• The ISO 19108:2002, Geographic Information — Temporal schema defines that the time stamps of a During temporal filter are excluded. To get the observations for 2015-01-05T10:00:00.000Z, the time stamps of the filter should look like this 2015-01-05T09:59:59.999Z/2015-01-05T12:00:00.001Z

Administrator related problems

How do I change the administrator password?

The admin password can be changed via the admin interface of the 52°North SOS.

• Open the 52°North SOS URL in a browser
• Select Admin and enter the credentials
• Select Settings
• Select the Credentials tab and change the password

How do I disable the administrator login?

The administrator login can be disabled by simply deleting any existing user from the settings database. To do so follow the these steps:

• go to the directory of the deployed service (e.g. /var/lib/tomcat7/webapps)
• open the configuration.db file with the SQLite tool of your choice (e.g. https://addons.mozilla.org/en-us/firefox/addon/sqlite-manager/ or the sqlite3 CLI interface)
• issue the query DELETE FROM administrator_user;

How can I reset my password if I forgot it or deleted my user acount!

Just insert a default administrator user with the username admin and the password password (below is the hash for "password" that is stored in the database):

• go to the directory of the deployed service (e.g. /var/lib/tomcat7/webapps)
• open the configuration.db file with the SQLite tool of your choice (e.g. https://addons.mozilla.org/en-us/firefox/addon/sqlite-manager/ or the sqlite3 CLI interface)
• issue the query INSERT OR REPLACE INTO administrator_user(id, username, password) VALUES (1, 'admin', '$2a$10$vbp9aXCDMP/fXwEsqe/1.eon44mMdUyC4ub2JfOrkPfaer5ciLOly');

How to apply Tomcat HTTP basic authentication together with administrator login?

This section describes a simple and quick solution how to secure the SOS via HTTP basic authentication. Because the SOS uses Spring Security to secure the admin GUI, some adjustments are necessary. A small issue of this solution is that you have to enter the admin GUI credentials twice.

MY_ROLE, MY_NAME, MY_PASSWORD, and MY_REALM_NAME are palceholders and can be replaced with your favorite values.

Add the role and user to the tomcat-users.xml ( [TOMCAT_HOME]\conf):

    1	<role rolename="MY_ROLE"/>
    2	<user name="MY_NAME" password="MY_PASSWORD" roles="MY_ROLE" />

Add the following to the web.xml file of you SOS webapp ( [TOMCAT_HOME]\webapps\[SOS_NAME]\WEB-INF):

    1	<security-constraint>
    2	   <web-resource-collection>
    3	      <web-resource-name>all resources</web-resource-name>
    4	      <url-pattern>/*</url-pattern>
    5	   </web-resource-collection>
    6	
    7	   <auth-constraint>
    8	      <role-name>MY_ROLE</role-name>
    9	   </auth-constraint>
   10	</security-constraint>
   11	
   12	<login-config>
   13	   <auth-method>BASIC</auth-method>
   14	   <realm-name>MY_REALM_NAME</realm-name>
   15	</login-config>
   16	
   17	<security-role>
   18	   <role-name>MY_ROLE </role-name>
   19	</security-role> 

and change the <!-- Spring security filter --> section to:

   81	<!-- Spring security filter -->
   82	<filter>
   83	   <filter-name>springSecurityFilterChain</filter-name>
   84	   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
   85	</filter>
   86	<filter-mapping>
   87	   <filter-name>springSecurityFilterChain</filter-name>
   88	   <url-pattern>/admin/*</url-pattern>
   89	   <url-pattern>/j_spring_security_check</url-pattern>
   90	</filter-mapping> 

In the Transactional Security section you can find some information about the support of secure transactional operations.

Advanced security features including more control over the other operations can be established using the 52°North Web Security Service from our Security community. A documentation how to set up the 52°North Web Security Service can be found on the SecuringSOS wiki page.

Tuning PostgreSQL

Increase the shared_buffers

The default shared_buffers value is very low, especially in versions prior to 9.3, because on some platforms requires invasive action like recompiling the kernel (PostgreSQL Wiki).

The shared_buffers value can be found in the postgresql.conf file (PostgreSQL data folder) and information about the optimal setting can be found here in the PostgreSQL Wiki.

Some more information about tuning PostgreSQL can be found in this blog post.

Analyzing the PostgreSQL SQL queries

Analyzing slow queries can also be helpful to find out what is going on. Some SQL queries can be found in the SOS log files (TOMCAT_LOG_FOLGER\SOS_NAME.log) if the log level is debug (Admin interface). Another option is to cheange the PostgreSQL logging settings by changing the log_statement settings value in the postgresql.conf file to all and remove the # in front of the parameter. After restarting PostgreSQL all SQL queries sent to the server are logged into the PostgreSQL /data/pg_log folder.

To analyze a SQL query copy the query and execute it with preceded EXPLAIN ANALYZE like this:

EXPLAIN ANALYZE select * from observation

The result of the EXPLAIN ANALYZE can be pasted to http://explain.depesz.com/ which will expose slow operations.

Thanks to Shane who has pointed out this.