I've been doing some tests on Fedora 3.5 (checked out yesterday from
github, the master branch), and right out of the gate I ran into an
issue in which API-A operations require authentication, despite Fedora
being configured to not require authentication for API-A requests.
To confirm that this is a problem that has crept into the 3.5 codebase
and is not a configuration issue, I ran a simple experiment: I
performed two clean, fresh, untouched installs of Fedora 3.4.2 and
Fedora 3.5 side-by-side, using virtually identical installer.properties
files, then sent a "describe" request to the two servers.
I downloaded the 3.4.2 fcrepo-installer jar for the 3.4.2 install, and
built the fcrepo-installer-3.5-SNAPSHOT jar from a fresh download of the
master branch source on github, using "mvn install".
Attached are two installer.properties files, one for Fedora 3.4.2, and
one for Fedora 3.5. As you can see, they are very simple installs;
XACML policy authentication is turned on, FeSL is turned off, and
apia.auth.required is set to false. I do not perform any post-install
configuration or policy tweaks.
Here's the output of a "describe" request to the fresh install of Fedora
3.4.2:
$ curl -i -s 'http://localhost:8034/fedora/describe'
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 18:00:00 CST
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 12 May 2011 15:19:14 GMT
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Repository Information HTML Presentation</title>
</head>
<body>
<center>
<table width="784" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="141" height="134" valign="top"><img
src="/fedora/images/newlogo2.jpg" width="141" height="134"></td>
<td width="643" valign="top">
<center>
<h2>Fedora</h2>
<h3>Repository Information View</h3>
</center>
</td>
</tr>
</table>
<hr><font size="+1"><strong>Repository Name: </strong>Fedora
Repository</font><hr>
<p></p>
<table width="784" border="1" cellpadding="5" cellspacing="5"
bgcolor="silver">
<tr>
<td align="right"><strong>Base URL:</strong></td>
<td align="left">http://localhost:8034/fedora</td>
</tr>
<tr>
<td align="right"><strong>Version:</strong></td>
<td align="left">3.4.2</td>
</tr>
<tr>
<td align="right"><strong>PID Namespace:</strong></td>
<td align="left">changeme</td>
</tr>
<tr>
<td align="right"><strong>PID Delimiter:</strong></td>
<td align="left">:</td>
</tr>
<tr>
<td align="right"><strong>Sample PID:</strong></td>
<td align="left">changeme:100</td>
</tr>
<tr>
<td align="right"><strong>Retain PID Namespace:
</strong></td>
<td align="left">*</td>
</tr>
<tr>
<td align="right"><strong>OAI Namespace:</strong></td>
<td align="left">example.org</td>
</tr>
<tr>
<td align="right"><strong>OAI Delimiter:</strong></td>
<td align="left">:</td>
</tr>
<tr>
<td align="right"><strong>Sample OAI
Identifier:</strong></td>
<td align="left">oai:example.org:changeme:100</td>
</tr>
<tr>
<td align="right"><strong>Sample Search URL:</strong></td>
<td align="left"><a
href="http://localhost:8034/fedora/objects";>http://localhost:8034/fedora/objects</a></td>
</tr>
<tr>
<td align="right"><strong>Sample Access URL:</strong></td>
<td align="left"><a
href="http://localhost:8034/fedora/objects/demo:5";>http://localhost:8034/fedora/objects/demo:5</a></td>
</tr>
<tr>
<td align="right"><strong>Sample OAI URL:</strong></td>
<td align="left"><a
href="http://localhost:8034/fedora/oai?verb=Identify";>http://localhost:8034/fedora/oai?verb=Identify</a></td>
</tr>
<tr>
<td align="right"><strong>Admin Email: </strong></td>
<td align="left">b...@example.org</td>
</tr>
<tr>
<td align="right"><strong>Admin Email: </strong></td>
<td align="left">sa...@example.org</td>
</tr>
</table>
</center>
</body>
And here's the output of the same request for the Fedora 3.5 install:
$ curl -i -s 'http://localhost:8035/fedora/describe'
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: BASIC realm="fedora"
Set-Cookie: JSESSIONID=69005FD930E3D5FB2D2102D2B63114F7; Path=/fedora
WWW-Authenticate: BASIC realm="Fedora Repository Server"
Content-Type: text/html;charset=UTF8
Transfer-Encoding: chunked
Date: Thu, 12 May 2011 15:20:08 GMT
<html><head>
<title>Fedora: 401 Unauthorized</title></head>
<body>
<center>
<table border="0" cellpadding="0" cellspacing="0" width="784">
<tbody><tr>
<td height="134" valign="top" width="141"><img
src="/fedora/images/newlogo2.jpg" height="134" width="141"></td>
<td valign="top" width="643">
<center>
<h2>401 Unauthorized</h2>
<h3>Authentication failed</h3>
</center>
</td>
</tr>
</tbody></table>
</center>
</body></html>
Can someone else confirm this is an issue? If so, I can open a JIRA
issue for it.
thanks,
-- Scott
--
Scott Prater
Library, Instructional, and Research Applications (LIRA)
Division of Information Technology (DoIT)
University of Wisconsin - Madison
pra...@wisc.edu
#Install Options
#Wed May 11 20:01:04 CDT 2011
ri.enabled=true
messaging.enabled=false
apia.auth.required=false
database.jdbcDriverClass=org.apache.derby.jdbc.EmbeddedDriver
ssl.available=false
database.jdbcURL=jdbc\:derby\:/var/tmp/fcrepo-test/fedora-3.4.2/derby/fedora3;create\=true
database.password=fedoraAdmin
database.username=fedoraAdmin
fesl.authz.enabled=false
tomcat.shutdown.port=8044
deploy.local.services=false
xacml.enabled=true
tomcat.http.port=8034
fedora.serverHost=localhost
database=included
database.driver=included
fedora.serverContext=fedora
llstore.type=akubra-fs
tomcat.home=/var/tmp/fcrepo-test/fedora-3.4.2/tomcat
fesl.authn.enabled=false
fedora.home=/var/tmp/fcrepo-test/fedora-3.4.2
install.type=custom
servlet.engine=included
fedora.admin.pass=xxxxxxx
#Install Options
#Wed May 11 20:01:04 CDT 2011
ri.enabled=true
messaging.enabled=false
apia.auth.required=false
database.jdbcDriverClass=org.apache.derby.jdbc.EmbeddedDriver
ssl.available=false
database.jdbcURL=jdbc\:derby\:/var/tmp/fcrepo-test/fedora-3.5/derby/fedora3;create\=true
database.password=fedoraAdmin
database.username=fedoraAdmin
fesl.authz.enabled=false
tomcat.shutdown.port=8045
deploy.local.services=false
xacml.enabled=true
tomcat.http.port=8035
fedora.serverHost=localhost
database=included
database.driver=included
fedora.serverContext=fedora
llstore.type=akubra-fs
tomcat.home=/var/tmp/fcrepo-test/fedora-3.5/tomcat
fesl.authn.enabled=false
fedora.home=/var/tmp/fcrepo-test/fedora-3.5
install.type=custom
servlet.engine=included
fedora.admin.pass=xxxxxxx
------------------------------------------------------------------------------
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Intel has extended the reach of its next-generation tools
to help boost performance applications - inlcuding clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Fedora-commons-developers mailing list
Fedora-commons-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
