Hi Willy, When the first, unauthenticated, request is passed in it should be caught and rejected during the authorization check, since there is no available user. Do you happen to have your XACML policies set in such a way that would allow any user to perform an ingest function?
Of course, the unauthenticated call should not be passed through in the first place. We're still trying to reproduce this. Could you tell us a bit more about your environment? Has anyone else seen this behavior? Thanks, Bill On Wed, Jun 24, 2009 at 8:45 PM, Willy Mene <[email protected]> wrote: > Ok, I think I found the problem. > If your http client uses preemptive authorization (i.e. the Authorization > http header is sent with the encoded username and password even before the > server gives an unauthorized response) , then everything works fine. > > However, if you client does not send this header in the initial request and > http challenge/response authentication comes into play, then we run into > this issue of attempted double object creation. With the initial request, > Fedora always enters the ingest process and creates the object BEFORE the > authorization challenge is sent to the client. Therefore, when the client > sends the authorization response, Fedora finds that the object was already > created and we see this error. You can see this in the snippet of the log I > sent earlier. > > Fedora 3.1 was working with non-preemptive authorization. Did something > change in 3.2? > > Willy > > On Jun 24, 2009, at 6:35 AM, Bill Branan wrote: > > Hi Willy, > I just tried this and didn't have any problems. I restarted the server (to > make sure there were no lingering sessions) then used Poster to POST to the > URL you indicated (different host) with some simple FOXML. I was prompted > for authentication by Firefox, followed by a 200 response. > > You mentioned that Fedora appears to be attempting to create the object > twice. Does the first attempt to create the object occur before you submit > the authentication prompt? Is the object created correctly on the first > attempt, or is it just an empty object that happens to have the correct PID? > > Here is the FOXML I used, just for reference: > > <?xml version="1.0" encoding="UTF-8"?> > <foxml:digitalObject VERSION="1.1" PID="newpid:foobar" > xmlns:foxml="info:fedora/fedora-system:def/foxml#" xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="info:fedora/fedora-system:def/foxml# > http://www.fedora.info/definitions/1/0/foxml1-1.xsd";> > <foxml:objectProperties> > <foxml:property NAME="info:fedora/fedora-system:def/model#state" > VALUE="Active"/> > <foxml:property NAME="info:fedora/fedora-system:def/model#label" > VALUE="Label"/> > </foxml:objectProperties> > </foxml:digitalObject> > > Bill > > > On Tue, Jun 23, 2009 at 5:41 PM, Willy Mene <[email protected]> wrote: > >> I'm playing with our Fedora 3.2 instance and the REST API. I'm using >> the Firefox Poster add-on to do an http POST of some simple valid >> FOXML to the (example) http://fedorabox:8080/fedora/objects/newpid:foobar >> URI and am running into problems. >> >> The first time I attempt to do the POST, I get the error "The PID >> 'newpid:foobar' already exists in the registry; the object can't be re- >> created." even though it is a brand new object. However, if I search >> Fedora for the object, I do find it was created. When I look through >> the logs, I see that Fedora tries to create the object twice with this >> one request. >> >> If I try to POST a second object with a new pid and new FOXML, the >> requests succeeds without error. Fedora only tries the ingest once. >> >> My guess is that the initial authentication handshake with the first >> POST causes Fedora to attempt the ingest twice. The second POST >> succeeds since the browser is already authenticated, and doesn't need >> to go through the handshake. I ran into this because I have some >> client software that authenticates with every post (since it's not a >> browser) and I keep running into this problem. I did not have this >> issue with 3.0 or 3.1. I have included the stacktrace error below. >> >> Has anyone else run into this? Any help appreciated. >> >> Thanks, >> Willy >> >> javax.ws.rs.WebApplicationException: >> fedora.server.errors.ObjectExistsException: The PID 'newpid:foobar' >> already exists in the registry; the object can't be re-created. > > > >
------------------------------------------------------------------------------
_______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
