Greetings,
I've been trying to get FeSL running on FCREPO 3.4.1 and I'm always
getting this Exception when services require authorization:
org.fcrepo.server.security.xacml.pep.PEPException: Error evaluating request
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.evaluate(DirectPDPClient.java:77)
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:108)
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:80)
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:60)
at
org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.evaluate(ContextHandlerImpl.java:126)
at org.fcrepo.server.security.xacml.pep.rest.PEP.doFilter(PEP.java:149)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.java:270)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
at java.lang.Thread.run(Thread.java:636)
Caused by: org.fcrepo.server.security.xacml.pep.PEPException: Could
not initialise the PEP Client.
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.getClient(DirectPDPClient.java:111)
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.evaluate(DirectPDPClient.java:74)
... 21 more
Caused by: org.fcrepo.server.security.xacml.pdp.MelcoePDPException:
Could not initialise PDP: Error loading bootstrap FeSL policies
at
org.fcrepo.server.security.xacml.pdp.MelcoePDPImpl.(MelcoePDPImpl.java:95)
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.getClient(DirectPDPClient.java:108)
... 22 more
When looking into the fedora Logs I find that we have this exception
occuring right after DBXMLManager is initialized:
INFO 2011-01-13 11:47:10.251 [http-8443-1] (LogUtil) 20110113
11:47:10.251 null urn:fedora:names:fedora:2.1:action:id-findObjects
FedoraRepository
INFO 2011-01-13 11:47:10.292 [http-8443-1] (FedoraPolicyStore) Loading
config file: /srv/project-epiwork/fedora/pdp/conf/config-pdm-fedora.xml
INFO 2011-01-13 11:47:10.375 [http-8443-1] (DbXmlManager) Loading
config file: /srv/project-epiwork/fedora/pdp/conf/config-dbxml.xml
INFO 2011-01-13 11:47:10.380 [http-8443-1] (DbXmlManager) Initialising
validation
ERROR 2011-01-13 11:47:14.653 [http-8443-1]
(PolicyIndexInvocationHandler) Failed to initialise PolicyIndex
org.fcrepo.server.security.xacml.pdp.data.PolicyIndexException: Error
instantiating PolicyIndex
org.fcrepo.server.security.xacml.pdp.data.DbXmlPolicyIndex
at
org.fcrepo.server.security.xacml.pdp.data.PolicyIndexFactory.newPolicyIndex(PolicyIndexFactory.java:38)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvocationHandler.init(PolicyIndexInvocationHandler.java:77)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvocationHandler.invoke(PolicyIndexInvocationHandler.java:96)
[fcrepo-security-pdp-3.4.1.jar:na]
at $Proxy0.putTempStream(Unknown Source) [na:na]
at
org.fcrepo.server.management.ManagementModule.putTempStream(ManagementModule.java:497)
[fcrepo-server-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.data.FedoraPolicyStore.addPolicy(FedoraPolicyStore.java:242)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.data.FedoraPolicyStore.addPolicy(FedoraPolicyStore.java:148)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.util.PopulatePolicyDatabase.addDocuments(PopulatePolicyDatabase.java:124)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.MelcoePDPImpl.<init>(MelcoePDPImpl.java:73)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.getClient(DirectPDPClient.java:108)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.evaluate(DirectPDPClient.java:74)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:108)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:80)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:60)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.evaluate(ContextHandlerImpl.java:126)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.rest.PEP.doFilter(PEP.java:149)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
at
org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.java:270)
[fcrepo-security-jaas-3.4.1.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
[catalina.jar:na]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:na]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
[catalina.jar:na]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
[catalina.jar:na]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:na]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:na]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
[catalina.jar:na]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
[tomcat-coyote.jar:na]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
[tomcat-coyote.jar:na]
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
[tomcat-coyote.jar:na]
at java.lang.Thread.run(Thread.java:636) [na:1.6.0_0]
Caused by:
org.fcrepo.server.security.xacml.pdp.data.PolicyStoreException: Could
not initialise DBXML: schema_reference.4: Failed to read schema
document
'http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd',
because 1) could not find the document; 2) the document could not be read; 3)
the root element of the document is not
<xsd:schema>.
at
org.fcrepo.server.security.xacml.pdp.data.DbXmlManager.initConfig(DbXmlManager.java:330)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.data.DbXmlManager.<init>(DbXmlManager.java:76)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.data.DbXmlPolicyIndex.init(DbXmlPolicyIndex.java:97)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pdp.data.DbXmlPolicyIndex.<init>(DbXmlPolicyIndex.java:88)
[fcrepo-security-pdp-3.4.1.jar:na]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method) [na:1.6.0_0]
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
[na:1.6.0_0]
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[na:1.6.0_0]
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
[na:1.6.0_0]
at java.lang.Class.newInstance0(Class.java:372) [na:1.6.0_0]
at java.lang.Class.newInstance(Class.java:325) [na:1.6.0_0]
at
org.fcrepo.server.security.xacml.pdp.data.PolicyIndexFactory.newPolicyIndex(PolicyIndexFactory.java:36)
[fcrepo-security-pdp-3.4.1.jar:na]
... 31 common frames omitted
Caused by: org.xml.sax.SAXParseException: schema_reference.4: Failed
to read schema document
'http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-policy-schema-os.xsd',
because 1) could not find the document; 2) the document could not be read; 3)
the root element of the document is not
<xsd:schema>.
at
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
[xercesImpl-2.9.1.jar:na]
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at
org.apache.xerces.impl.xs.traversers.XSDHandler.reportSchemaError(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at
org.apache.xerces.impl.xs.traversers.XSDHandler.getSchemaDocument(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at
org.apache.xerces.impl.xs.traversers.XSDHandler.parseSchema(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at org.apache.xerces.impl.xs.XMLSchemaLoader.loadSchema(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at org.apache.xerces.impl.xs.XMLSchemaLoader.loadGrammar(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at org.apache.xerces.impl.xs.XMLSchemaLoader.loadGrammar(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at
org.apache.xerces.jaxp.validation.XMLSchemaFactory.newSchema(Unknown
Source) [xercesImpl-2.9.1.jar:na]
at
javax.xml.validation.SchemaFactory.newSchema(SchemaFactory.java:591)
[na:1.6.0_0]
at
javax.xml.validation.SchemaFactory.newSchema(SchemaFactory.java:623)
[na:1.6.0_0]
at
org.fcrepo.server.security.xacml.pdp.data.DbXmlManager.initConfig(DbXmlManager.java:322)
[fcrepo-security-pdp-3.4.1.jar:na]
... 41 common frames omitted
INFO 2011-01-13 11:47:15.293 [http-8443-1] (DefaultDOManager) New
object PID is fedora-policy:access-fedora-internal-call
INFO 2011-01-13 11:47:15.302 [http-8443-1] (DefaultManagement)
Completed ingest(objectXML, format:
info:fedora/fedora-system:FOXML-1.1, encoding: UTF-8, pid : null,
logMessage: Fedora Policy Manager creating policy)
ERROR 2011-01-13 11:47:15.304 [http-8443-1] (MelcoePDPImpl) Could not
initialise PDP: Error loading bootstrap FeSL policies
org.fcrepo.server.security.xacml.pdp.MelcoePDPException: Error loading
bootstrap FeSL policies
at
org.fcrepo.server.security.xacml.pdp.MelcoePDPImpl.<init>(MelcoePDPImpl.java:75)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.getClient(DirectPDPClient.java:108)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.evaluate(DirectPDPClient.java:74)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:108)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:80)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:60)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.evaluate(ContextHandlerImpl.java:126)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.rest.PEP.doFilter(PEP.java:149)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
at
org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.java:270)
[fcrepo-security-jaas-3.4.1.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
[catalina.jar:na]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:na]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
[catalina.jar:na]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
[catalina.jar:na]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:na]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:na]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
[catalina.jar:na]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
[tomcat-coyote.jar:na]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
[tomcat-coyote.jar:na]
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
[tomcat-coyote.jar:na]
at java.lang.Thread.run(Thread.java:636) [na:1.6.0_0]
ERROR 2011-01-13 11:47:15.305 [http-8443-1] (DirectPDPClient) Could
not initialise the PEP Client.
ERROR 2011-01-13 11:47:15.307 [http-8443-1] (DirectPDPClient) Error
evaluating request.
org.fcrepo.server.security.xacml.pep.PEPException: Could not
initialise the PEP Client.
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.getClient(DirectPDPClient.java:111)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.evaluate(DirectPDPClient.java:74)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:108)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:80)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.EvaluationEngineImpl.evaluate(EvaluationEngineImpl.java:60)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.evaluate(ContextHandlerImpl.java:126)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.rest.PEP.doFilter(PEP.java:149)
[fcrepo-security-pep-3.4.1.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
at
org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.java:270)
[fcrepo-security-jaas-3.4.1.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:na]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
[catalina.jar:na]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:na]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
[catalina.jar:na]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
[catalina.jar:na]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:na]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:na]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
[catalina.jar:na]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849)
[tomcat-coyote.jar:na]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
[tomcat-coyote.jar:na]
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454)
[tomcat-coyote.jar:na]
at java.lang.Thread.run(Thread.java:636) [na:1.6.0_0]
Caused by: org.fcrepo.server.security.xacml.pdp.MelcoePDPException:
Could not initialise PDP: Error loading bootstrap FeSL policies
at
org.fcrepo.server.security.xacml.pdp.MelcoePDPImpl.<init>(MelcoePDPImpl.java:95)
[fcrepo-security-pdp-3.4.1.jar:na]
at
org.fcrepo.server.security.xacml.pep.DirectPDPClient.getClient(DirectPDPClient.java:108)
[fcrepo-security-pep-3.4.1.jar:na]
... 22 common frames omitted
Can anyone offer some insight into what's going wrong and how to fix it.
Is this a configuration issue?
It seems to be a policy manager issue having problems building the
index. Also, I find it odd that pdp/database/ does not exists while
it's clearly stated in config-pdp.xml. And I'm also curious why
config-policy-manager.xml does not exist, since it was removed from
the developers repository some builds ago.
Regards,
João Zamite
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
