Hi Guys, We had some problems to get Fedora 3.5 Snapshot running due to Authorization problems on a local installation. If one installs Fedora 3.5 with the install properties below (all auth properties set to false) one still gets an Authorization Module in fedora.fcfg with ENFORCE-MODE" ="enforce-policies" which results in the errors below if one likes to create a new object.
If one sets the value to "permit-all-requests" in the fedora.fcfg manually all
works fine.
Any thoughts?
Matthias
--------------
fedora.fcfg contains
<module role="org.fcrepo.server.security.Authorization"
class="org.fcrepo.server.security.DefaultAuthorization">
......
<param name="ENFORCE-MODE" value="enforce-policies"/>
.....
</module>
If one replaces the ENFORCE-MODE with permit-all-requests all is fine.
<module role="org.fcrepo.server.security.Authorization"
class="org.fcrepo.server.security.DefaultAuthorization">
.....
<param name="ENFORCE-MODE" value="permit-all-requests"/>
.....
</module>
I would assume that the install.properties are correct in the sense to generate
"permit-all-requests" into the Authorization Bean, but it doesn't.
fedora .log says with "enforce-policies" :
WARN 2011-07-20 10:48:34.940 [http-8080-1] (PolicyFinderModule)
PolicyFinderModule seriously failed to evaluate a policy
java.lang.RuntimeException: Could not load FOXML for physik:3000
at
org.fcrepo.server.storage.distributed.DistributedObjectSource.fetchObject(DistributedObjectSource.java:81)
[fcrepo-hlstore-3.5-SNAPSHOT.jar:na]
at
org.fcrepo.server.storage.distributed.DistributedDOManager.getReader(DistributedDOManager.java:306)
[fcrepo-hlstore-3.5-SNAPSHOT.jar:na]
at
org.fcrepo.server.security.PolicyFinderModule.loadObjectPolicy(PolicyFinderModule.java:162)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at
org.fcrepo.server.security.PolicyFinderModule.findPolicy(PolicyFinderModule.java:133)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at com.sun.xacml.finder.PolicyFinder.findPolicy(PolicyFinder.java:164)
[sunxacml-1.2-melcoe.jar:na]
followed by:
WARN 2011-07-20 10:48:34.946 [http-8080-1] (FedoraObjectResource) Authorization
failed; unable to fulfill REST API request
org.fcrepo.server.errors.authorization.AuthzDeniedException:
at
org.fcrepo.server.security.PolicyEnforcementPoint.enforce(PolicyEnforcementPoint.java:406)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at
org.fcrepo.server.security.DefaultAuthorization.enforceIngest(DefaultAuthorization.java:788)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at
org.fcrepo.server.management.DefaultManagement.ingest(DefaultManagement.java:169)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[na:1.6.0_26]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[na:1.6.0_26]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[na:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_26]
at
org.fcrepo.server.messaging.NotificationInvocationHandler.invoke(NotificationInvocationHandler.java:68)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at $Proxy10.ingest(Unknown Source) [na:na]
at
org.fcrepo.server.management.ManagementModule.ingest(ManagementModule.java:354)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at
org.fcrepo.server.rest.FedoraObjectResource.createObject(FedoraObjectResource.java:293)
[fcrepo-server-3.5-SNAPSHOT.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[na:1.6.0_26]
My Install Properties:
#Install Options
#Wed Jul 13 15:52:32 CEST 2011
ri.enabled=false
messaging.enabled=true
apia.auth.required=false
database.jdbcDriverClass=com.mysql.jdbc.Driver
ssl.available=false
database.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true
database.password=fedora
database.mysql.driver=included
database.username=fedora
fesl.authz.enabled=false
tomcat.shutdown.port=8005
deploy.local.services=true
xacml.enabled=false
database.mysql.jdbcDriverClass=com.mysql.jdbc.Driver
tomcat.http.port=8080
fedora.serverHost=localhost
database=mysql
database.driver=included
fedora.serverContext=fedora
llstore.type=akubra-fs
tomcat.home=/home/matthias/Entwicklung/Tools/apache-tomcat-6.0.32
fesl.authn.enabled=false
fedora.home=/home/matthias/Entwicklung/Fedora-hls
database.mysql.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true
install.type=custom
servlet.engine=existingTomcat
fedora.admin.pass=fedora
Dr. Matthias Hahn
Elektronisches Publizieren und eScience
Entwicklung und Angewandte Forschung
Tel. +49 7247 808-542
Fax +49 7247 808-133
matthias.h...@fiz-karlsruhe.de<mailto:matthias.h...@fiz-karlsruhe.de>
FIZ Karlsruhe - Leibniz-Institut für Informationsinfrastruktur
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
www.fiz-karlsruhe.de<http://www.fiz-karlsruhe.de/>
[Beschreibung: Beschreibung: cid:image001.gif@01CB3DEB.6C8A4140]
Dr. Matthias Hahn
Elektronisches Publizieren und eScience
Entwicklung und Angewandte Forschung
Tel. +49 7247 808-542
Fax +49 7247 808-133
matthias.h...@fiz-karlsruhe.de
FIZ Karlsruhe - Leibniz-Institut für Informationsinfrastruktur
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
www.fiz-karlsruhe.de<http://www.fiz-karlsruhe.de/>
[Beschreibung: cid:image001.gif@01CB3DEB.6C8A4140]
-------------------------------------------------------
Fachinformationszentrum Karlsruhe, Gesellschaft für wissenschaftlich-technische
Information mbH.
Sitz der Gesellschaft: Eggenstein-Leopoldshafen, Amtsgericht Mannheim HRB
101892.
Geschäftsführerin: Sabine Brünger-Weilandt.
Vorsitzender des Aufsichtsrats: MinDirig Dr. Thomas Greiner.
<<inline: image001.gif>>
------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________ Fedora-commons-developers mailing list Fedora-commons-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
