Merge branch 'geosolutions-it:master' into master

.github/ISSUE_TEMPLATE/release_steps.md

@@ -31,7 +31,7 @@ This steps have to be followed always when preparing a new release.
     - A Pull request will be created to the master
     - A new branch named `YYYY.XX.xx` with fixed versions
 - [ ] Merge the incoming PR created by the workflow
-- [ ] Create on [ReadTheDocs](https://readthedocs.org/projects/mapstore/) project the version build for `YYYY.XX.xx` (click on "Versions" and activate the version of the branch)
+- [ ] Create on [ReadTheDocs](https://app.readthedocs.org/projects/mapstore/) project the version build for `YYYY.XX.xx` (click on "Versions" and activate the version of the branch)
 - [ ] Run the [`Cut Release Branch`](https://github.com/geosolutions-it/MapStoreExtension/actions/workflows/cut_release_branch.yml) workflow on MapStoreExtension project, indicating:
     - [ ] Use workflow from branch `master`
     - [ ] MapStore branch name to use: `YYYY.XX.xx`
@@ -43,6 +43,7 @@ This steps have to be followed always when preparing a new release.
 - [ ] Check `pom.xml` dependencies are all in fixed stable versions ( no `-SNAPSHOT` usage release). If not, You use the action  [`Update dependencies versions`](https://github.com/geosolutions-it/MapStore2/actions/workflows/update_dependencies_versions.yml) to fix them, setting:
     - [ ] the branch to `YYYY.XX.xx`
     - [ ] the of geostore, http_proxy and mapfish-print versions accordingly with the [MapStore release calendar](https://github.com/geosolutions-it/MapStore2/wiki/MapStore-Release-Calendars)
+- [ ] Merge the PR created after the action avove has been finshed
 - [ ] Check that [MapStoreExtension](https://github.com/geosolutions-it/MapStoreExtension) repository is aligned and working. 
 - [ ] Run the [Submodule Update](https://github.com/geosolutions-it/MapStoreExtension/actions/workflows/submodules_update.yml) of [MapStoreExtension](https://github.com/geosolutions-it/MapStoreExtension) to generate the `SampleExtension.zip` to use for testing.
     - [ ] Use workflow from `YYYY.XX.xx` branch
@@ -121,14 +122,17 @@ When the processes are finished, the release is ready to be published on github
 
 ## Update ReadTheDocs
 
-- [ ] create on [ReadTheDocs](https://readthedocs.org/projects/mapstore/) project the version build for `vYYYY.XX.mm` (click on "Versions" and activate the version of the tag, created when release was published)
-- [ ] Update `Default version` to point the release version in the `Advanced Settings` menu of the [ReadTheDocs](https://readthedocs.org/dashboard/mapstore/advanced/) admin panel
+- [ ] create on [ReadTheDocs](https://app.readthedocs.org/dashboard/mapstore/version/create/) project the version build for `vYYYY.XX.mm` (search for the tag, check the `active` toggle and click on update verson )
+- [ ] Update `Default version` to point the new tag (`vYYYY.XX.mm`) in read the [ReadTheDocs Settings](https://app.readthedocs.org/dashboard/mapstore/edit/)  panel and click on save.
 
 ## Finalize Release
 
 - [ ] Run the [`Post Release`](https://github.com/geosolutions-it/MapStore2/actions/workflows/post_release.yml) workflow on github with the following parameters:
     - Use workflow from branch `YYYY.XX.xx` (the release branch)
     - Version of Java Packages to restore accordingly with [release calendar](https://github.com/geosolutions-it/MapStore2/wiki/MapStore-Release-Calendars) with `-SNAPSHOT` E.g. `1.7-SNAPSHOT`
+- [ ] Use the action  [`Update dependencies versions`](https://github.com/geosolutions-it/MapStore2/actions/workflows/update_dependencies_versions.yml) to restore the `-SNAPSHOT` version of GeoStore, setting:
+    - [ ] the branch to `YYYY.XX.xx`
+    - [ ] the of geostore, http_proxy and mapfish-print versions accordingly with the [MapStore release calendar](https://github.com/geosolutions-it/MapStore2/wiki/MapStore-Release-Calendars) and use `-SNAPSHOT` version of geostore.
 - [ ] Write to the mailing list about the current release news and the next release major changes
 - [ ] Optional - prepare a PR for updating release procedure, if needed
 - [ ] Close this issue

.gitignore

@@ -25,3 +25,6 @@ web/docs
 debug.log
 .vscode/settings.json
 site
+.DS_Store
+venv
+__pycache__

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Change Log
 
+## [2024.02.02](https://github.com/geosolutions-it/MapStore2/tree/v2024.02.02) (2024-12-11)
+
+- **[Full Changelog](https://github.com/geosolutions-it/MapStore2/compare/v2024.02.01...v2024.02.02)**
+- **[Implemented enhancements](https://github.com/geosolutions-it/MapStore2/issues?q=is%3Aissue+milestone%3A%222024.02.02%22+is%3Aclosed+label%3Aenhancement)**
+- **[Fixed bugs](https://github.com/geosolutions-it/MapStore2/issues?q=is%3Aissue+milestone%3A%222024.02.02%22+is%3Aclosed+label%3Abug)**
+- **[Closed issues](https://github.com/geosolutions-it/MapStore2/issues?q=is%3Aissue+milestone%3A%222024.02.02%22+is%3Aclosed)**
+
+## [2024.02.01](https://github.com/geosolutions-it/MapStore2/tree/v2024.02.01) (2024-11-13)
+
+- **[Full Changelog](https://github.com/geosolutions-it/MapStore2/compare/v2024.02.00...v2024.02.01)**
+- **[Implemented enhancements](https://github.com/geosolutions-it/MapStore2/issues?q=is%3Aissue+milestone%3A%222024.02.01%22+is%3Aclosed+label%3Aenhancement)**
+- **[Fixed bugs](https://github.com/geosolutions-it/MapStore2/issues?q=is%3Aissue+milestone%3A%222024.02.01%22+is%3Aclosed+label%3Abug)**
+- **[Closed issues](https://github.com/geosolutions-it/MapStore2/issues?q=is%3Aissue+milestone%3A%222024.02.01%22+is%3Aclosed)**
+
 ## [2024.02.00](https://github.com/geosolutions-it/MapStore2/tree/v2024.02.00) (2024-10-7)
 
 - **[Full Changelog](https://github.com/geosolutions-it/MapStore2/compare/v2024.01.02...v2024.02.00)**

Dockerfile

@@ -1,12 +1,12 @@
-FROM tomcat:9-jdk11-openjdk AS mother
+FROM tomcat:9-jdk11 AS mother
 LABEL maintainer="Alessandro Parma<[email protected]>"
 ARG MAPSTORE_WEBAPP_SRC="https://github.com/geosolutions-it/MapStore2/releases/latest/download/mapstore.war"
 ADD "${MAPSTORE_WEBAPP_SRC}" "/mapstore/"
 
 COPY ./docker/* /mapstore/docker/
 WORKDIR /mapstore
 
-FROM tomcat:9-jdk11-openjdk
+FROM tomcat:9-jdk11
 
 # Tomcat specific options
 ENV CATALINA_BASE "$CATALINA_HOME"

LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2015-2024, GeoSolutions SRL
+Copyright (c) 2015-2025, GeoSolutions SRL
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification, are

binary/pom.xml

@@ -114,13 +114,13 @@
                         <id>get-untar-jre-copy-db</id>
                         <phase>package</phase>
                         <configuration>
-                            <tasks>
+                            <target>
                                 <echo message="Downloading JRE..." />
                                 <get src="https://www.dropbox.com/scl/fi/1joi5d3ol2zeex5cle2tg/jdk_11_0_23.tar.gz?rlkey=4vsmejq23xkpctsw6qifs6of6&amp;st=k4xtzt68&amp;dl=1" dest="${project.build.directory}/jre.tar.gz" />
                                 <echo message="Untar JRE..." />
                                 <gunzip src="${project.build.directory}/jre.tar.gz" dest="${project.build.directory}/jre.tar" />
                                 <untar src="${project.build.directory}/jre.tar" dest="${project.build.directory}/jre" />
-                            </tasks>
+                            </target>
                         </configuration>
                         <goals>
                             <goal>run</goal>
@@ -130,11 +130,11 @@
                         <phase>package</phase>
                         <configuration>
                             <!-- remove some unwanted dependencies that get pulled over -->
-                            <tasks>
+                            <target>
                                 <delete>
                                     <fileset dir="${project.build.directory}/dependency" includes="servlet-api-*.jar,core*.jar" />
                                 </delete>
-                            </tasks>
+                            </target>
                         </configuration>
                         <goals>
                             <goal>run</goal>

build/buildConfig.js

@@ -166,10 +166,13 @@ module.exports = (...args) => mapArgumentsToObject(args, ({
         }),
         new DefinePlugin({ '__MAPSTORE_PROJECT_CONFIG__': JSON.stringify(projectConfig) }),
         VERSION_INFO_DEFINE_PLUGIN,
-        new DefinePlugin({
-            // Define relative base path in cesium for loading assets
-            'CESIUM_BASE_URL': JSON.stringify(cesiumBaseUrl ? cesiumBaseUrl : path.join('dist', 'cesium'))
-        }),
+        ...(cesiumBaseUrl !== false
+            ? [
+                new DefinePlugin({
+                    // Define relative base path in cesium for loading assets
+                    'CESIUM_BASE_URL': JSON.stringify(cesiumBaseUrl ? cesiumBaseUrl : path.join('dist', 'cesium'))
+                })
+            ] : []),
         new CopyWebpackPlugin([
             { from: path.join(getCesiumPath({ paths, prod }), 'Workers'), to: path.join(paths.dist, 'cesium', 'Workers') },
             { from: path.join(getCesiumPath({ paths, prod }), 'Assets'), to: path.join(paths.dist, 'cesium', 'Assets') },

docs/developer-guide/documentation-guidelines.md

@@ -31,9 +31,20 @@ Install [**Python 3**](https://www.python.org/downloads/) and **pip** following
 
 ### 2. Libraries installation
 
-Install **all** the libraries/plugins in `docs/requirements.txt` using **_pip_** while matching the exact version present.
+Usage of a virtual environment is recommended to avoid conflicts with other python projects.
+With the following commands you can create a virtual environment and install the required libraries, and so execute the documentation build and development without affecting the global python environment.
 
-`pip install -r docs/requirements.txt`
+```sh
+python -m venv venv
+source venv/bin/activate
+pip install -r docs/requirements.txt
+```
+
+On next sessions, you can activate the virtual environment with the command `source venv/bin/activate`.
+
+If you want to deactivate the virtual environment, you can use the command `deactivate`.
+
+If you want to install the libraries globally, you can use the command `pip install -r docs/requirements.txt` with the virtual environment deactivated.
 
 ### 3. Build the documentation
 

docs/developer-guide/integrations/auth.md

@@ -4,7 +4,27 @@ In this section you can see the implementation details about the login / logout
 
 ## Standard MapStore login
 
-<img src="../img/standard-mapstore-login.png" class="ms-docimage"  style="max-width: 400px"/>
+```mermaid
+sequenceDiagram
+    autonumber
+    actor Browser
+    participant Backend
+    Browser ->>+ Backend: /session/login<br />(username, password)
+    Note over Backend: create session
+    Backend -->>- Browser: {access_token, refresh_token}
+    Browser --) Backend: /users/user/details
+    Backend --) Browser:  {User: <...>}
+    Note over Browser: LOGIN_SUCCESS
+    loop Token refresh
+        Browser --) Backend: /session/refresh
+        Backend --) Browser: {access_token: <token>, refresh_token: <r_token>}
+        Note over Browser: REFRESH_SUCCESS
+    end
+    Browser --)+ Backend: Logout
+    Note over Backend: delete session
+    Backend --)- Browser: <res>
+    Note over Browser: LOGOUT
+```
 
 ### Configure session timeout
 
@@ -43,4 +63,37 @@ Disabling the refresh token (setting `restSessionService.autorefresh` to `false`
 
 ## OpenID MapStore Login
 
-<img src="../img/openid-mapstore-login.png" class="ms-docimage" style="max-width: 400px"/>
+```mermaid
+sequenceDiagram
+    autonumber
+    actor Browser
+    participant Backend
+    participant OpenIDProvider
+    Browser ->> Backend: /openid/<OpenIDProvider>/login
+    Backend -->> Browser: redirect to OpenIDProvider
+    Browser ->>+ OpenIDProvider: Authenticate
+    OpenIDProvider -->>- Browser: redirect to callback (Backend entry point)
+    Browser ->>+ Backend:  /openid/<OpenIDProvider>/callback
+    Note over Backend: Create User
+    Backend -->>- Browser: redirect to homepage  <br /> (set-cookie <identifier>set-cookie <authprovider>)
+    Browser --) Backend: /openid/<authProvider>/tokens?identifier=<identifier>
+    Backend --) Browser:  {access_token: <token>, refresh_token: <r_token>}
+    Browser --) Backend: /users/user/details
+    Backend --) Browser:  {User: <...>}
+    Note over Browser: LOGIN_SUCCESS
+    loop Token refresh
+        Browser --) Backend: /session/refresh
+
+        loop Refresh retry 3 times max
+            Backend --) OpenIDProvider: Refresh
+            OpenIDProvider --) Backend: {access_token, refresh_token (optional)}
+        end
+        Backend --) Browser: {access_token: <token>, refresh_token: <r_token>}
+        Note over Browser: REFRESH_SUCCESS
+    end
+    Browser --)+ Backend: Logout
+    Backend --) OpenIDProvider: Logout
+    OpenIDProvider --) Backend: <res>
+    Backend --)- Browser: <res>
+    Note over Browser: LOGOUT
+```

docs/developer-guide/integrations/geoserver.md

@@ -7,7 +7,20 @@ MapStore can share users, groups an roles with GeoServer. This type of integrati
 This guide explains how to share users, groups and roles between MapStore and GeoServer.
 Applying this configurations will allow users logged in MapStore to be recognized by GeoServer. So security rules about restrictions on services, layers and so on can be correctly applied to MapStore users (also using [GeoFence](https://docs.geoserver.org/latest/en/user/extensions/geofence-server/index.html)).
 
-<img src="../img/mapstore-geoserver-users-integration.png" class="ms-docimage"/>
+```mermaid
+sequenceDiagram
+    actor User
+    participant GeoServer
+    participant MapStore
+    participant UserGroup Service/Role Service
+    User ->>+ GeoServer:  OGC Request <br />(w/authkey)
+    GeoServer ->>+ MapStore: authkey
+    MapStore ->>- GeoServer: username
+    GeoServer ->>+ UserGroup Service/Role Service: username
+    UserGroup Service/Role Service ->>- GeoServer: User(groups, roles)
+    Note over GeoServer: Filter/Allow/Deny data access <br /> by Resource Access Manager
+    GeoServer ->>- User: data
+```
 
 !!! note
     **UserGroup Service/Role Service** can be *MapStore database* or *LDAP* depending on the setup you prefer.

docs/developer-guide/integrations/infrastructure-setups.md

@@ -4,16 +4,42 @@ Accordingly with your infrastructure, there are several setups you can imagine w
 
 ## MapStore-GeoServer integration
 
-<img src="../img/mapstore-geoserver-integration.png" class="ms-docimage"/>
+```mermaid
+flowchart TB
+      MapStore -->|"Resources <br/> (e.g. maps)"| DB[(MapStore<br/> Database)]
+      MapStore -->| Users, Groups, Roles| DB[(MapStore<br/> Database)]
+      GeoServer --> |Users, Groups, Roles| DB
+      GeoServer <--> |authkey| MapStore
+```
 
 ## MapStore-LDAP + MapStore-GeoServer
 
-<img src="../img/mapstore-ldap-mapstore-geoserver.png" class="ms-docimage"/>
+```mermaid
+flowchart TB
+    MapStore -->| Users, Groups, Roles| DB[(MapStore<br/> Database)]
+    MapStore -->|"Resources <br/> (e.g. maps)"| DB[(MapStore<br/> Database)]
+    GeoServer <--> |authkey| MapStore
+    DB <--> | sync on login | LDAP[(LDAP)]
+    GeoServer --> |Users, Groups, Roles| DB
+```
 
 ## MapStore-GeoServer + MapStore-LDAP + GeoServer-LDAP
 
-<img src="../img/mapStore-geoserver-mapstore-ldap-geoserver-ldap.png" class="ms-docimage"/>
+```mermaid
+flowchart TB
+    MapStore -->|"Resources <br/> (e.g.maps)"| DB[(MapStore<br/> Database)]
+    MapStore -->| Users, Groups, Roles| DB
+    GeoServer <--> |authkey| MapStore
+    GeoServer --> |Users, Groups, Roles| LDAP
+    DB <--> | sync on login | LDAP[(LDAP)]
+```
 
 ## MapStore-GeoServer + MapStore-LDAP (direct) + GeoServer-LDAP
 
-<img src="../img/mapStore-geoserver-mapstore-ldap-direct-geoserver-ldap.png" class="ms-docimage"/>
+```mermaid
+flowchart TB
+    MapStore -->|"Resources <br/> (e.g. maps)"| DB[(MapStore<br/> Database)]
+    GeoServer <--> |authkey| MapStore
+    MapStore -->| Users, Groups, Roles| LDAP[(LDAP)]
+    GeoServer --> |Users, Groups, Roles| LDAP
+```

docs/developer-guide/integrations/users/openId.md

@@ -94,6 +94,10 @@ oidcOAuth2Config.internalRedirectUri=http://localhost:8080/mapstore
 - `oidcOAuth2Config.rolesClaim`: (*optional*) the role claims. If a claim contains roles, you can map them to MapStore roles. The roles can be only `ADMIN` or `USER`. If the claim is not present, the default role will be `USER`.
 - `oidcOAuth2Config.groupsClaim`: (*optional*) the group claims. If a claim contains groups, you can map them to MapStore groups. If the claim is not present, no group will be assigned (except the default `everyone` group).
 - `oidcOAuth2Config.globalLogoutEnabled`: (*optional*): if true (and the server supports it) invokes global logout on MapStore logout
+- `oidcOAuth2Config.scopes`: (*optional*): allows to customize the scopes to request. If empty, MapStore will use the one present in the discovery document.
+- `oidcOAuth2Config.maxRetry`: (*optional*) the maximum number of retry attempts for the OpenID Connect authentication process. Default is `3`.
+- `oidcOAuth2Config.initialBackoffDelay`: (*optional*) the initial delay (in milliseconds) before retrying the OpenID Connect authentication process. Default is `1000` (1 second).
+- `oidcOAuth2Config.backoffMultiplier`: (*optional*) the multiplier to apply to the delay for each retry attempt. Default is `2.0`.
 
 !!! note
     The only mandatory claim is the `email` or what you indicated in `oidcOAuth2Config.principalKey`. The `rolesClaim` and `groupsClaim` configurations are optional. If you don't need to map roles or groups, you can omit them. At the moment, there is no mapping for roles and groups for the generic OIDC provider. If you need to map roles and groups, you can use the `keycloak` provider.

docs/developer-guide/maps-configuration.md

@@ -1644,6 +1644,12 @@ Example:
             "clippingPolygonFeatureId": "feature.id.01",
             "clippingPolygonUnion": false
           }
+        ],
+        "groups": [
+          {
+            "id": "group_01",
+            "visibility": true
+          }
         ]
       }
     ],
@@ -1710,6 +1716,7 @@ View configuration object
 | globeTranslucency.nearDistance | number | when `fadeByDistance` is true it indicates the minimum distance to apply translucency |
 | globeTranslucency.farDistance | number |  when `fadeByDistance` is true it indicates the maximum distance to apply translucency |
 | layers | array | array of layer configuration overrides, default properties override `visibility` and `opacity` |
+| groups | array | array of group configuration overrides, default property overrides `visibility` |
 
 Resource object configuration
 

docs/print_template/styles.scss

@@ -0,0 +1,13 @@
+/* reduces the max height of the charts
+   to fit the page better */
+img {
+    max-height: 500px;
+    display: block;
+    margin: 0 auto;
+}
+/* fix icons in admonitions */
+.md-typeset .admonition-title:before{
+    position: absolute;
+    left: 10px;
+    top: 10px;
+}

docs/requirements.txt

@@ -4,3 +4,4 @@ jinja2==3.1.4
 Markdown==3.4.4
 WeasyPrint==52.5
 mkdocs-with-pdf==0.9.3
+mkdocs-kroki-plugin==0.9.0

docs/theme/css/extra.css

@@ -97,4 +97,4 @@ li.md-tabs__item:hover{
     margin-right: 4px;
     background-position: center;
     background-repeat: no-repeat;
-}
+}