Hi Damian
Looking at the Saxon Servlet code, the Saxon web.xml configuration should be
of the form:
<param-name>credentials for server:port/some/url/path</param-name>
<param-value>user:password</param-value>
ie the text "credentials for " must be at the start of the parameter name,
and the URL should *not* include the protocol (so no http://). So in your
case something like:
<param-name>credentials for localhost:8080/fedora/</param-name>
would (with a suitable user:password) give access to all Fedora resources to
Saxon, you can extend the path as necessary to restrict to particular
resources.
Matching is done on the URL to be called, excluding the protocol, and if
there are multiple sets of credentials then the longest match is taken (so
"credentials for server:port/path/longer" will be used in preference to
"credentials for server:port/path"). This is not that clear on the wiki so
I've updated the page at
I haven't actually tested this, let me know how you get on.
Regards
Steve
-----Original Message-----
From: Damian Kaliszan [mailto:dam...@man.poznan.pl]
Sent: 15 December 2010 10:08
To: Support and info exchange list for Fedora users.
Subject: [fcrepo-user] Fwd: SaxonServlet Auth 401
I additionally:
1) created both a user & role in
/tomcat/conf/tomcat-users.xml
2) the same in:
server/config/fedora-users.xml
3) added a role in the section regarding APIA
<security-constraint>
<web-resource-collection>
<web-resource-name>Fedora Repository Server</web-resource-name>
<description>Fedora-generated security-constraint</description>
<description>APIA</description>
<url-pattern>/</url-pattern>
<url-pattern>/describe</url-pattern>
<url-pattern>/get/*</url-pattern>
<url-pattern>/getAccessParmResolver</url-pattern>
<url-pattern>/getObjectHistory/*</url-pattern>
<url-pattern>/listDatastreams/*</url-pattern>
<url-pattern>/listMethods/*</url-pattern>
<url-pattern>/oai</url-pattern>
<url-pattern>/report</url-pattern>
<url-pattern>/risearch</url-pattern>
<url-pattern>/search</url-pattern>
<url-pattern>/services/access</url-pattern>
<url-pattern>/wsdl</url-pattern>
<url-pattern>*.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>myuserrole</role-name>
</auth-constraint>
4) the same at the end of this file
<security-role>
<role-name>administrator</role-name>
<role-name>myuserrole</role-name>
</security-role>
5) I reloaded policies
and still thre's no positive result.... Do you have any idea what I'm doing
wrong?
Regards,
Damian
===8<===============Treść oryginalnej wiadomości===============
Dear All,
I'm trying to use SaxonServlet provided within FC where xml-source is
one of the objects DC
http://server:port/fedora/get/ns:myobject/DC
style is url pointing to a file located under the same tomcat as
fedora but different context
http://server:port/othercontext/stylesheet.xsl
so the whole url looks like:
http://server:port/saxon/SaxonServlet?source=http://server:port/fedora/get/n
s:myobject/DC
<http://server:port/saxon/SaxonServlet?source=http://server:port/fedora/get/
ns:myobject/DC&style=http://server:port/othercontext/stylesheet.xsl&clear-st
ylesheet-cache=yes>
&style=http://server:port/othercontext/stylesheet.xsl&clear-stylesheet-cache
=yes
After that I get the exception:
java.io.IOException: HTTP request failed. Got status code 401 from remote
server while attempting to GET http://server:port/fedora/get/ns:myobject/DC
at
org.fcrepo.localservices.saxon.SaxonServlet.getInputStream(SaxonServlet.java
:272)
at
org.fcrepo.localservices.saxon.SaxonServlet.apply(SaxonServlet.java:202)
at
org.fcrepo.localservices.saxon.SaxonServlet.doGet(SaxonServlet.java:148)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128
)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102
)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http
11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Thread.java:619)
I checked Saxon's web.xml flie and and tried to provide fedora's
username and
passwd for this context
<init-param>
<param-name>http://server:port/fedora/get/ns:myobject/DC</param-name>
<param-value>user:pass</param-value>
</init-param>
But it still doesn't work...
Do you know what might be an issue? xacml policy? (for tests purposes
I set <param name="ENFORCE-MODE" value="permit-all-requests"/> )
Best regards,
Damian
----------------------------------------------------------------------------
--
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
===8<===========Koniec treści oryginalnej wiadomości===========
--
Pozdrowienia,
Damian Kaliszan
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
