We have been withdrawing items from our collections from time to time when
authors decide they would like to restrict their submission. We can verify
that the item is no longer viewable through the browse and search functions
in dspace after making the withdrawal. However we recently discovered that
the restricted items are still viewable through a web browser by entering
the URL of the pdf located in the bitstream directory. This is also evident
when I visit other dspace sites on the web. This appears to be a security
issue/bug in DSpace as the items are not actually withdrawn but only
partially hidden. Has anyone else encounter this issue and if so is there a
fix or work around.
We also discovered that when an item is withdrawn the browse function in
dspace throws the following exception. The browse lists still contain a
reference to the withdrawn item but should exclude the withdrawn item from
its list because the item can't be browsed. When the item is reinstated the
exceptions stop. This also appears to be a bug.
An internal server error occurred on http://qspace.library.queensu.ca:
Date: 9/9/08 1:49 PM
Session ID: B0F698642DC0A0C3C4B6D290843C6005
-- URL Was:
http://qspace.library.queensu.ca/dspace/browse-title?top=1974%2F1236
-- Method: GET
-- Parameters were:
-- top: "1974/1236"
Exception:
org.postgresql.util.PSQLException: No value specified for parameter 2.
at
org.postgresql.core.v3.SimpleParameterList.checkAllParametersSet(SimpleParam
eterList.java:150)
at
org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:179)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.j
ava:452)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2St
atement.java:354)
at
org.postgresql.jdbc2.AbstractJdbc2Statement.executeQuery(AbstractJdbc2Statem
ent.java:258)
at
org.apache.commons.dbcp.DelegatingPreparedStatement.executeQuery(DelegatingP
reparedStatement.java:92)
at
org.apache.commons.dbcp.DelegatingPreparedStatement.executeQuery(DelegatingP
reparedStatement.java:92)
at
org.dspace.storage.rdbms.DatabaseManager.queryPrepared(DatabaseManager.java:
354)
at org.dspace.browse.Browse.getResultsAfterFocus(Browse.java:886)
at org.dspace.browse.Browse.doBrowse(Browse.java:725)
at org.dspace.browse.Browse.getItemsByTitle(Browse.java:174)
at
org.dspace.app.webui.servlet.BrowseServlet.doDSGet(BrowseServlet.java:359)
at
org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java
:151)
at
org.dspace.app.webui.servlet.DSpaceServlet.doGet(DSpaceServlet.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105
)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC
onnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav
a:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo
rkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:684)
at java.lang.Thread.run(Thread.java:595)
Ron Stevenhaagen
Technical Specialist
Information Technology Services
Queen's University
Kingston, Ontario
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
