Hello I have apia.auth.required=false So I changed datastreamContentDispositionInlineEnabled to false, restarted fedora, but still the same error, with the same logs...
Here is my install.properties (without usernames / passwords) : #Install Options #Wed May 26 11:32:20 CEST 2010 ri.enabled=false messaging.enabled=false apia.auth.required=false database.jdbcDriverClass=org.postgresql.Driver database.postgresql.jdbcDriverClass=org.postgresql.Driver ssl.available=false database.jdbcURL=jdbc\:postgresql\://ccpgsql.in2p3.fr/***** database.password=****** fesl.dbxml.home=/home/fedora_dev/dbxml-2.5.13 database.username=****** fesl.authz.enabled=true tomcat.shutdown.port=8006 database.postgresql.driver=included deploy.local.services=true xacml.enabled=false tomcat.http.port=8091 fedora.serverHost=ccsvli38.in2p3.fr database=postgresql database.driver=included fedora.serverContext=fedora tomcat.home=/home/fedora_dev/fedora-commons/tomcat fesl.authn.enabled=true fedora.home=/home/fedora_dev/fedora-commons install.type=custom database.postgresql.jdbcURL=jdbc\:postgresql\://ccpgsql.in2p3.fr/***** servlet.engine=included fedora.admin.pass=******* Thanks for your help ----- Huân Thebault Centre de Calcul de l'IN2P3 Development Team Tel. Std +33 4 78 93 08 80 -----Message d'origine----- De : Edwin Shin [mailto:[email protected]] Envoyé : mercredi 2 juin 2010 08:42 À : fedora-dev Objet : Re: [Fedora-commons-developers] PEP Denying Access Huân, When you installed fedora, did you require authentication for API-A? (you can check $FEDORA_HOME/install/install.properties for the value of apia.auth.required). If it's false, then try applying the workaround Steve suggested below. If it's true, then FCREPO-703 doesn't apply in case. The policy log messages suggest you're not authenticated, but on the other hand you reported that you were prompted for authentication, so I'm not sure what's going on there. Actually, you might as well post your install.properties file (stripping out the passwords for fedoraAdmin, the database or anything else you feel is sensitive). Then maybe one of us can try duplicating the issue with your settings locally. Not sure if I'll have a chance in the next couple of days but perhaps Steve or Nish might. Eddie On 1 Jun 2010, at 5:11 PM, Steve Bayliss wrote: > Could it be possible that this is related to > https://fedora-commons.org/jira/browse/FCREPO-703 ? > > Huân, to see if this is the case, you could modify fedora.fcfg and change > the parameter datastreamContentDispositionInlineEnabled to false to verify > if this is the case. > > Regards > Steve > >> -----Original Message----- >> From: Huân Thebault [mailto:[email protected]] >> Sent: 01 June 2010 15:10 >> To: fedora-commons-developers >> Subject: Re: [Fedora-commons-developers] PEP Denying Access >> >> >> Hi Nish >> >> You're right, I don't have policies to allow anonymous >> access. But the real >> problem is that I am NOT using anonymous access. I'm >> identifying myself as >> "fedoraAdmin". >> >> I attach a log file, corresponding to the following scenario : >> - 2010-06-01 15:51:48.726 : I go to "/fedora/objects" url. I am >> prompted for authentification, I am authentifying myself as >> "fedoraAdmin" >> - I search "*", everything's fine, I've got results >> - I try to access an object called "CRDO-Aix:PYJ011" >> - I'm prompted for authentication, I give "fedoraAdmin" >> credentials, >> but the HTTP basic auth. popup come up again and again and again... >> And as you can see in logs, I'm then seen as "anonymous" >> >> >> >> ----- >> Huân Thebault >> Centre de Calcul de l'IN2P3 >> Development Team >> Tel. Std +33 4 78 93 08 80 >> >> >> >> >> >> >> >> -----Message d'origine----- >> De : Nishen Naidoo [mailto:[email protected]] >> Envoyé : mardi 1 juin 2010 13:11 >> À : [email protected]; 'Huan Thebault' >> Cc : 'fedora-commons-develop...@lists. sourceforge. net' >> Objet : RE: [Fedora-commons-developers] PEP Denying Access >> >> Hi Huan, >> >> You probably don't have policies to allow anoymous access to >> resources. From >> the request, it is identifying that there is no authenticated >> user trying to >> access the item. For this to work you will need to add a policy to the >> bootstrap policies to allow this. >> >> Something like this might work: >> >> <?xml version="1.0" encoding="UTF-8"?> >> <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" >> xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os >> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0- >> policy-schema- >> os.xsd >> urn:oasis:names:tc:xacml:2.0:context:schema:os >> http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0- >> context-schema >> -os.xsd" >> PolicyId="anonymous:readall" >> RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combinin >> g-algorithm:pe >> rmit-overrides"> >> <Description>A policy to provide public users the ability to view all >> objects in the demo object collection</Description> >> <Target> >> <Subjects> >> <Subject> >> <SubjectMatch >> MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> >> <AttributeValue >> DataType="http://www.w3.org/2001/XMLSchema#string";>anonymous</ >> AttributeValue >>> >> <SubjectAttributeDesignator >> AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" >> DataType="http://www.w3.org/2001/XMLSchema#string"; /> >> </SubjectMatch> >> </Subject> >> </Subjects> >> <Resources> >> <Resource> >> <!-- to view everything under the resource collection --> >> <ResourceMatch >> MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> >> <AttributeValue >> DataType="http://www.w3.org/2001/XMLSchema#string";>/.*</Attrib >> uteValue> >> <ResourceAttributeDesignator >> AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" >> DataType="http://www.w3.org/2001/XMLSchema#anyURI"; /> >> </ResourceMatch> >> </Resource> >> </Resources> >> <Actions> >> <Action> >> <ActionMatch >> MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> >> <AttributeValue >> DataType="http://www.w3.org/2001/XMLSchema#string";>urn:fedora: >> names:fedora:2 >> .1:action:api-a</AttributeValue> >> <ActionAttributeDesignator >> AttributeId="urn:fedora:names:fedora:2.1:action:api" >> DataType="http://www.w3.org/2001/XMLSchema#string"; /> >> </ActionMatch> >> </Action> >> <Action> >> <ActionMatch >> MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> >> <AttributeValue >> DataType="http://www.w3.org/2001/XMLSchema#string";>read</Attri >> buteValue> >> <ActionAttributeDesignator >> AttributeId="urn:fedora:names:fedora:2.1:action:id" >> DataType="http://www.w3.org/2001/XMLSchema#string"; /> >> </ActionMatch> >> </Action> >> </Actions> >> </Target> >> <Rule Effect="Permit" >> RuleId="au:edu:mq:melcoe:ramp:fedora:xacml:2.0:rule:generic-permit"/> >> </Policy> >> >> >> >> >> >> >> >> Nishen Naidoo >> IT Projects Developer >> Library IT >> MACQUARIE UNIVERSITY NSW 2109 >> >> E-Mail: [email protected] >> Phone: +61 2 98506553 >> Mobile: +61 4 30006783 >> Fax: +61 2 98507912 >> http://www.library.mq.edu.au/ >> >> CRICOS Provider No 00002J >> >> This message is intended for the addressee named and may contain >> confidential information. If you are not the intended >> recipient, please >> delete it and notify the sender. Views expressed in this >> message are those >> of the individual sender, and are not necessarily the views >> of Macquarie >> University Library or Macquarie University. >> >> Please consider the environment before printing this email. >> ________________________________________ >> From: yf508 [[email protected]] >> Sent: Tuesday, 1 June 2010 6:13 PM >> To: 'Huan Thebault' >> Cc: 'fedora-commons-develop...@lists. sourceforge. net' >> Subject: Re: [Fedora-commons-developers] PEP Denying Access >> >>> Looking at sources, the "3" at last line means : >>> DECISION_NOT_APPLICABLE , which is an error (it should be : >>> DECISION_PERMIT, DECISION_INDETERMINATE, DECISION_DENY) >> >> It seems to me that 'DECISION_NOT_APPLICABLE' means the >> required policy does >> not exist - it's not an error state. So the problem you have might be >> related to bootstrap policies (there are bootstrap policies >> in Fedora 2.x. >> I'm not using Fedora 3.x so not sure whether there are some >> bootstrap ones >> in 3.x). >> >> Frank >> >> --------------------------------- >> Dr. Yankui(Frank) Feng >> Digital Library Systems Developer >> The University of York >> Heslington, York, YO10 5DD, UK >> Tel: +44 (0) 1904-434507 >> Email: yf508 at york.ac.uk >> --------------------------------- >> >> >> -------------------------------------------------------------- >> -------------- >> -- >> >> _______________________________________________ >> Fedora-commons-developers mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers >> > > > ---------------------------------------------------------------------------- -- > > _______________________________________________ > Fedora-commons-developers mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers ---------------------------------------------------------------------------- -- _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers ------------------------------------------------------------------------------ _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
