Hi Steve,
In answer to your first two questions, the reason for the behavior you're
seeing is that the REST API (which is what you're using with
/fedora/objects/... URLs) authentication rules are currently set up to mimic
the split between the API-A and API-M SOAP APIs. In order to view datastream
information (a GET call to /objects/{pid}/datastreams/{dsID}) you are
calling the equivalent to the API-M.getDatastream() method, which you have
set to require authentication, so authentication is required for that REST
API method as well. I agree that this is a bit strange. I opened up a
tracker item for this a few weeks ago (
http://fedora-commons.org/jira/browse/FCREPO-515) which we decided to close
in order to handle the the problem at a higher level (
http://fedora-commons.org/jira/browse/FCREPO-521).
Your third question sounds like a bug, though I haven't looked into it.
You're welcome to add a tracker item in JIRA. It's unlikely that the issue
will be fixed directly, but would be something to check for while doing the
migration of the remaining API-A-Lite methods into the REST API (
https://fedora-commons.org/jira/browse/FCREPO-476).
Bill
On Mon, Aug 24, 2009 at 1:34 AM, Steve Hassan <[email protected]>wrote:
> Setup
>
> -------
>
>
>
> I have a fedora 3.2.1 server running on linux and using the bundled
> database with an external tomcat 5.5.28 and java 1.6.
>
>
>
> I ran a custom installation and configured with API-M secure, API-A open.
>
>
>
> I have <param name="ENFORCE-MODE" value="enforce-policies"/> in my
> fedora.fcfg.
>
>
>
> I have a custom policy in
> /opt/fedora-3.2.1/data/fedora-xacml-policies/repository-policies which
> enforces deny-apia-datastream-DS-if-not-tomcat-role.xml (attached) which
> permits only administrator access to datastreams with ID’s that match the
> pattern “DS.*”.
>
>
>
> I have a standard fedora-users.xml containing the fedora administrator. I
> have not altered fedora’s web.xml.
>
>
>
> Problem
>
> -----------
>
>
>
> When i try to access the following url
> http://wyrd.anu.edu.au:8080/fedora/objects/assda-ddi:00626/datastreams/DC i
> am prompted to login, with either ="enforce-policies" or “permit-all”. I
> then get the following tomcat 401 error message ‘*description This request
> requires HTTP authentication ()’.*
>
>
>
> With "enforce-policies" and the following urls i get
>
>
>
> http://wyrd.anu.edu.au:8080/fedora/get/assda-ddi:00626/DC (should be
> anonymous access and IS)
>
> http://wyrd.anu.edu.au:8080/fedora/get/assda-ddi:00626/DDI1 (should be
> anonymous access and IS)
>
> http://wyrd.anu.edu.au:8080/fedora/get/assda-ddi:00626/DS1 (should be
> restricted to administrator role but i am offered no login, just a 403
> forbidden error)
>
>
>
> Summary
>
> ------------
>
>
>
> I have 3 questions:
>
>
>
> 1. With “permit-all”, why is there a login at all browsing for
> http://.../fedora/objects/...?
>
> 2. With “enforce-policies”, why is there a ‘requires HTTP
> authentication()’ error after login attempting to access any datastream?
>
> 3. With “enforce-policies”, why is there no login offered when i try
> to access a protected resource browsing for http://.../fedora/get/...?
>
>
>
> steve
>
> --
>
> Steve Hassan
>
> Development Programmer
>
> ANU Supercomputer Facility
>
> Leonard Huxley Building 56
> Australian National University
> Canberra ACT 0200
> AUSTRALIA
>
>
>
> http://anusf.anu.edu.au/
>
> Phone: +61 2 6125 9166
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Fedora-commons-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
