For 3.3, a couple of the (deny-*-if-not-localhost) default policies were updated to work in IPv6 environments by adding ::1 as an acceptable client address (FCREPO-581).
I was recently testing something unrelated, and found when I tried to do certain operations using my browser, authorization failed. Further digging revealed that in these cases, my client ip address, as reported by Servlet.getRemoteAddr(), was 0:0:0:0:0:0:0:1%0, which didn't match the acceptable IP addresses in the default policies. The first part makes sense to me...it's the long form of the IPv6 loopback address, and allowing for that variant makes perfect sense. What I'm puzzled about is the trailing '%0'. For the time being, I've added both 0:0:0:0:0:0:0:1 and 0:0:0:0:0:0:0:1%0 to the default policies, since it seems obvious that neither would be reported as the address of a non-local host. But the '%0' is a mystery to me...any ideas? See http://fedora-commons.org/jira/browse/FCREPO-640 Thanks, Chris ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
