Hi Swithun The legacy XACML engine and FeSL AuthZ are alternatives, they won't work together properly - I think what may have happened here is you have turned on the legacy XACML engine and that's upsetting FeSL.
Is it your intent to use FeSL AuthZ? If so, you'll need FESLPOLICY datastreams rather than POLICY datastreams. Also, by default the policy in an object's datastream will not apply to that object - you will need to specify the policy in the Resources target. And FeSL expects XACML 2.0 policies. Regards Steve > -----Original Message----- > From: Swithun Crowe [mailto:c...@st-andrews.ac.uk] > Sent: 22 April 2011 13:07 > To: Support and info exchange list for Fedora users. > Subject: Re: [fcrepo-user] POLICY datastream > > > Hello > > SB> Are you using FeSL AuthZ? What does your > SB> $FEDORA_HOME/install/install.properties have for > SB> xacml.enabled > SB> fesl.authz.enabled > > I have fesl.authz enabled, but xacml.enabled is false (how > can it be made > true on install?). But I have been modifying ENFORCE-MODE in > fedora.fcfg. > > There are no errors when it is set to "permit-all-requests", > but now, when > I set it to "enforce-policies", I get an AuthzDeniedException thrown. > > I've included the output from fesl.log below. This is for > running an empty > search to get all objects. Round about line 2011-04-22 > 12:24:16.691, the > request is permitted. But then, at line 2011-04-22 > 12:24:17.026, it all > starts to go pear shaped, with an "Error finding parents". > > This is on a fresh install of Fedora 3.5 snapshot, with demo objects > loaded. > > Has anyone got any ideas? > > Thanks. > > Swithun. > > DEBUG 2011-04-22 12:24:16.452 [TP-Processor12] (PEP) Incoming > URI: /fedora/objects > DEBUG 2011-04-22 12:24:16.452 [TP-Processor12] (PEP) Incoming > servletPath: /objects > DEBUG 2011-04-22 12:24:16.453 [TP-Processor12] (PEP) > obtaining filter: > org.fcrepo.server.security.xacml.pep.rest.filters.ObjectsFilter > DEBUG 2011-04-22 12:24:16.457 [TP-Processor12] (PEP) > Filtering URI: [/fedora/objects] with: > [org.fcrepo.server.security.xacml.pep.rest.filters.ObjectsFilter] > DEBUG 2011-04-22 12:24:16.457 [TP-Processor12] > (ObjectsFilter) objectsHandler path: > DEBUG 2011-04-22 12:24:16.457 [TP-Processor12] > (ObjectsFilter) objectsHandler method: GET > DEBUG 2011-04-22 12:24:16.457 [TP-Processor12] > (ObjectsFilter) objectsHandler part: > DEBUG 2011-04-22 12:24:16.457 [TP-Processor12] > (ObjectsFilter) activating handler: findObjects > DEBUG 2011-04-22 12:24:16.458 [TP-Processor12] (ContextUtil) > Building request! > DEBUG 2011-04-22 12:24:16.460 [TP-Processor12] > (RelationshipResolverImpl) Obtaining parents for: FedoraRepository > INFO 2011-04-22 12:24:16.461 [TP-Processor12] (LogUtil) > 20110422 12:24:16.461 fedoraAdmin > urn:fedora:names:fedora:2.1:action:id-findObjects > FedoraRepository > DEBUG 2011-04-22 12:24:16.461 [TP-Processor12] > (EvaluationEngineImpl) evaluating RequestCtx request > DEBUG 2011-04-22 12:24:16.462 [TP-Processor12] > (EvaluationEngineImpl) evaluating String request > DEBUG 2011-04-22 12:24:16.462 [TP-Processor12] > (EvaluationEngineImpl) evaluating array of String requests > DEBUG 2011-04-22 12:24:16.466 [TP-Processor12] > (ResponseCacheImpl) Getting Cache Item (0/0/0): > 5f4655f5eb63aeec0ab7db77cf2d684d > DEBUG 2011-04-22 12:24:16.466 [TP-Processor12] > (EvaluationEngineImpl) No item found in cache. Sending to PDP > for evaluation. > DEBUG 2011-04-22 12:24:16.467 [TP-Processor12] > (DirectPDPClient) Resolving String request: > <Request> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category > :access-subject"> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>fedoraAdmin</AttributeValue></Attribute> > </Subject> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category > :access-subject"> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:subject:loginId" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>fedoraAdmin</AttributeValue></Attribute> > </Subject> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category > :access-subject"> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:subject:subjectRepres > ented" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>fedoraAdmin</AttributeValue></Attribute> > </Subject> > <Resource> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id > " > DataType="http://www.w3.org/2001/XMLSchema#anyURI";><AttributeV > alue>/FedoraRepository</AttributeValue></Attribute> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:resource:object:pid" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>FedoraRepository</AttributeValue></Attribute> > </Resource> > <Action> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:action:id" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>read</AttributeValue></Attribute> > <Attribute AttributeId="urn:fedora:names:fedora:2.1:action:api" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>urn:fedora:names:fedora:2.1:action:api-a</AttributeValue> > </Attribute> > </Action> > <Environment> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:environment:httpReque > st:clientIpAddress" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>138.251.115.124</AttributeValue></Attribute> > </Environment> > </Request> > > DEBUG 2011-04-22 12:24:16.473 [TP-Processor12] > (FedoraPolicyStore) Total memory: 429440 > DEBUG 2011-04-22 12:24:16.473 [TP-Processor12] > (FedoraPolicyStore) Free memory: 196671 > DEBUG 2011-04-22 12:24:16.473 [TP-Processor12] > (FedoraPolicyStore) Max memory: 699072 > INFO 2011-04-22 12:24:16.474 [TP-Processor12] > (FedoraPolicyStore) Loading config file: > /opt/fedora35_2/pdp/conf/config-pdm-fedora.xml > INFO 2011-04-22 12:24:16.475 [TP-Processor12] > (FedoraPolicyStore) Initialising validation > DEBUG 2011-04-22 12:24:16.566 [TP-Processor12] > (PopulatePolicyDatabase) Policy database already contains > fedora-policy:public-demo_demoObjectCollection > (public-demoObjectCollection.xml). Skipping. > DEBUG 2011-04-22 12:24:16.573 [TP-Processor12] > (PopulatePolicyDatabase) Policy database already contains > fedora-policy:access-public (access-public.xml). Skipping. > DEBUG 2011-04-22 12:24:16.591 [TP-Processor12] > (PopulatePolicyDatabase) Policy database already contains > fedora-policy:access-staff (access-staff.xml). Skipping. > DEBUG 2011-04-22 12:24:16.599 [TP-Processor12] > (PopulatePolicyDatabase) Policy database already contains > fedora-policy:access-fedora-internal-call > (access-fedora-internal-call.xml). Skipping. > DEBUG 2011-04-22 12:24:16.618 [TP-Processor12] > (PopulatePolicyDatabase) Policy database already contains > fedora-policy:access-admin (access-admin.xml). Skipping. > DEBUG 2011-04-22 12:24:16.631 [TP-Processor12] > (PopulatePolicyDatabase) Policy database already contains > fedora-policy:access-teacher (access-teacher.xml). Skipping. > DEBUG 2011-04-22 12:24:16.638 [TP-Processor12] > (PopulatePolicyDatabase) Policy database already contains > fedora-policy:access-student (access-student.xml). Skipping. > INFO 2011-04-22 12:24:16.638 [TP-Processor12] (MelcoePDPImpl) > Loading config file: /opt/fedora35_2/pdp/conf/config-pdp.xml > INFO 2011-04-22 12:24:16.654 [TP-Processor12] > (AttributeFinderConfigUtil) Loading attribute finder config > file: /opt/fedora35_2/pdp/conf/config-attribute-finder.xml > INFO 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) Initialised > AttributeFinder:org.fcrepo.server.security.xacml.pdp.finder.at > tribute.FedoraRIAttributeFinder > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) registering the following attributes: > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) 1: > info:fedora/fedora-system:def/model#ownerId > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) 1: > http://www.w3.org/1999/02/22-rdf-syntax-ns#type > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) 1: > info:fedora/fedora-system:def/model#createdDate > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) 1: > info:fedora/fedora-system:def/view#mimeType > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) 1: > http://muradora.ramp.org.au/sf#isSmartFolder > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) 1: info:fedora/fedora-system:def/model#label > DEBUG 2011-04-22 12:24:16.655 [TP-Processor12] > (FedoraRIAttributeFinder) 1: info:fedora/fedora-system:def/model#state > INFO 2011-04-22 12:24:16.656 [TP-Processor12] > (AttributeFinderConfigUtil) Loading attribute finder config > file: /opt/fedora35_2/pdp/conf/config-attribute-finder.xml > DEBUG 2011-04-22 12:24:16.657 [TP-Processor12] > (AttributeFinderConfigUtil) Located AttributeFinder: > org.fcrepo.server.security.xacml.pdp.finder.attribute.FedoraRI > AttributeFinder > DEBUG 2011-04-22 12:24:16.657 [TP-Processor12] > (FedoraRIAttributeFinder) username: > DEBUG 2011-04-22 12:24:16.657 [TP-Processor12] > (FedoraRIAttributeFinder) password: > DEBUG 2011-04-22 12:24:16.657 [TP-Processor12] > (FedoraRIAttributeFinder) url: > http://localhost:5743/fedora/melcoerisearch > INFO 2011-04-22 12:24:16.661 [TP-Processor12] > (FilePolicyIndex) Starting FilePolicyIndex > DEBUG 2011-04-22 12:24:16.662 [TP-Processor12] > (FilePolicyIndex) Total memory: 429440 > DEBUG 2011-04-22 12:24:16.662 [TP-Processor12] > (FilePolicyIndex) Free memory: 185569 > DEBUG 2011-04-22 12:24:16.662 [TP-Processor12] > (FilePolicyIndex) Max memory: 699072 > INFO 2011-04-22 12:24:16.662 [TP-Processor12] > (FilePolicyIndex) Loading config file: > /opt/fedora35_2/pdp/conf/config-pdm-file.xml > DEBUG 2011-04-22 12:24:16.663 [TP-Processor12] > (FilePolicyIndex) [config] directory: /opt/fedora35_2/pdp/policy-db > INFO 2011-04-22 12:24:16.663 [TP-Processor12] > (FilePolicyIndex) Populating FeSL File policy index cache > INFO 2011-04-22 12:24:16.663 [TP-Processor12] > (FilePolicyIndex) Loading FeSL policy from cache directory: > /opt/fedora35_2/pdp/policy-db/fedora-policy_access-staff.xml > INFO 2011-04-22 12:24:16.664 [TP-Processor12] > (FilePolicyIndex) Loading FeSL policy from cache directory: > /opt/fedora35_2/pdp/policy-db/fedora-policy_access-fedora-inte > rnal-call.xml > INFO 2011-04-22 12:24:16.665 [TP-Processor12] > (FilePolicyIndex) Loading FeSL policy from cache directory: > /opt/fedora35_2/pdp/policy-db/fedora-policy_access-teacher.xml > INFO 2011-04-22 12:24:16.665 [TP-Processor12] > (FilePolicyIndex) Loading FeSL policy from cache directory: > /opt/fedora35_2/pdp/policy-db/fedora-policy_access-public.xml > INFO 2011-04-22 12:24:16.665 [TP-Processor12] > (FilePolicyIndex) Loading FeSL policy from cache directory: > /opt/fedora35_2/pdp/policy-db/fedora-policy_access-admin.xml > INFO 2011-04-22 12:24:16.665 [TP-Processor12] > (FilePolicyIndex) Loading FeSL policy from cache directory: > /opt/fedora35_2/pdp/policy-db/fedora-policy_public-demo_demoOb > jectCollection.xml > INFO 2011-04-22 12:24:16.665 [TP-Processor12] > (FilePolicyIndex) Loading FeSL policy from cache directory: > /opt/fedora35_2/pdp/policy-db/fedora-policy_access-student.xml > INFO 2011-04-22 12:24:16.665 [TP-Processor12] > (FilePolicyIndex) Populated cache with 7 files > INFO 2011-04-22 12:24:16.668 [TP-Processor12] (MelcoePDPImpl) > PDP Instantiated and initialised! > DEBUG 2011-04-22 12:24:16.668 [TP-Processor12] > (MelcoePDPImpl) evaluating request: <Request> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category > :access-subject"> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>fedoraAdmin</AttributeValue></Attribute> > </Subject> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category > :access-subject"> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:subject:loginId" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>fedoraAdmin</AttributeValue></Attribute> > </Subject> > <Subject > SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category > :access-subject"> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:subject:subjectRepres > ented" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>fedoraAdmin</AttributeValue></Attribute> > </Subject> > <Resource> > <Attribute > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id > " > DataType="http://www.w3.org/2001/XMLSchema#anyURI";><AttributeV > alue>/FedoraRepository</AttributeValue></Attribute> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:resource:object:pid" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>FedoraRepository</AttributeValue></Attribute> > </Resource> > <Action> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:action:id" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>read</AttributeValue></Attribute> > <Attribute AttributeId="urn:fedora:names:fedora:2.1:action:api" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>urn:fedora:names:fedora:2.1:action:api-a</AttributeValue> > </Attribute> > </Action> > <Environment> > <Attribute > AttributeId="urn:fedora:names:fedora:2.1:environment:httpReque > st:clientIpAddress" > DataType="http://www.w3.org/2001/XMLSchema#string";><AttributeV > alue>138.251.115.124</AttributeValue></Attribute> > </Environment> > </Request> > > DEBUG 2011-04-22 12:24:16.671 [TP-Processor12] > (PolicyManager) Obtained policies: 7 > DEBUG 2011-04-22 12:24:16.679 [TP-Processor12] > (PolicyManager) Matched policy: fedora-policy:access-admi > DEBUG 2011-04-22 12:24:16.691 [TP-Processor12] > (PolicyManager) Matched policies and created abstract policy. > DEBUG 2011-04-22 12:24:16.691 [TP-Processor12] > (MelcoePDPImpl) response is: <Response> > <Result ResourceId="/FedoraRepository"> > <Decision>Permit</Decision> > <Status> > <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> > </Status> > </Result> > </Response> > > DEBUG 2011-04-22 12:24:16.691 [TP-Processor12] > (EvaluationEngineImpl) Adding PDP evaluation results to cache > DEBUG 2011-04-22 12:24:16.693 [TP-Processor12] > (ResponseCacheImpl) Adding Cache Item (1/1/1): > 5f4655f5eb63aeec0ab7db77cf2d684d > DEBUG 2011-04-22 12:24:16.693 [TP-Processor12] > (EvaluationEngineImpl) Time taken for XACML Evaluation: 231ms > DEBUG 2011-04-22 12:24:16.694 [TP-Processor12] (PEP) > Permitting access! > DEBUG 2011-04-22 12:24:16.981 [TP-Processor12] > (ObjectsFilter) objectsHandler path: > DEBUG 2011-04-22 12:24:16.981 [TP-Processor12] > (ObjectsFilter) objectsHandler method: GET > DEBUG 2011-04-22 12:24:16.981 [TP-Processor12] > (ObjectsFilter) objectsHandler part: > DEBUG 2011-04-22 12:24:16.982 [TP-Processor12] > (ObjectsFilter) activating handler: findObjects > DEBUG 2011-04-22 12:24:16.982 [TP-Processor12] (FindObjects) > filtering html > DEBUG 2011-04-22 12:24:17.015 [TP-Processor12] (FindObjects) > Checking: fedora-policy:access-student > DEBUG 2011-04-22 12:24:17.015 [TP-Processor12] (ContextUtil) > Building request! > DEBUG 2011-04-22 12:24:17.015 [TP-Processor12] > (RelationshipResolverImpl) Obtaining parents for: > fedora-policy:access-student > DEBUG 2011-04-22 12:24:17.015 [TP-Processor12] > (RelationshipResolverImpl) relationship query: > fedora-policy:access-student, > info:fedora/fedora-system:def/relations-external#isMemberOf > INFO 2011-04-22 12:24:17.015 [TP-Processor12] > (FilePolicyIndex) Starting FilePolicyIndex > DEBUG 2011-04-22 12:24:17.015 [TP-Processor12] > (FilePolicyIndex) Total memory: 429440 > DEBUG 2011-04-22 12:24:17.015 [TP-Processor12] > (FilePolicyIndex) Free memory: 168943 > DEBUG 2011-04-22 12:24:17.015 [TP-Processor12] > (FilePolicyIndex) Max memory: 699072 > INFO 2011-04-22 12:24:17.015 [TP-Processor12] > (FilePolicyIndex) Loading config file: > /opt/fedora35_2/pdp/conf/config-pdm-file.xml > DEBUG 2011-04-22 12:24:17.016 [TP-Processor12] > (FilePolicyIndex) [config] directory: /opt/fedora35_2/pdp/policy-db > ERROR 2011-04-22 12:24:17.026 [TP-Processor12] (ContextUtil) > Error finding parents. > org.fcrepo.server.security.xacml.MelcoeXacmlException: > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getRelationships(RelationshipResolverImpl.java:210) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getParents(RelationshipResolverImpl.java:132) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .buildRESTParentHierarchy(RelationshipResolverImpl.java:99) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.ContextUtil.setupResourc > es(ContextUtil.java:325) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.ContextUtil.buildRequest > (ContextUtil.java:444) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.buildR > equest(ContextHandlerImpl.java:111) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.evaluatePids(FindObjects.java:456) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.filterHTML(FindObjects.java:379) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.handleResponse(FindObjects.java:192) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.filters.ObjectsFilte > r.handleResponse(ObjectsFilter.java:109) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.PEP.doFilter(PEP.jav > a:162) [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt > er(ApplicationFilterChain.java:235) [catalina.jar:6.0.26] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli > cationFilterChain.java:206) [catalina.jar:6.0.26] > at > org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFi > lterJAAS.java:295) [fcrepo-security-jaas-3.5-SNAPSHOT.jar:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt > er(ApplicationFilterChain.java:235) [catalina.jar:6.0.26] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli > cationFilterChain.java:206) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW > rapperValve.java:233) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardC > ontextValve.java:191) [catalina.jar:6.0.26] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Aut > henticatorBase.java:558) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHost > Valve.java:127) [catalina.jar:6.0.26] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport > Valve.java:102) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEn > gineValve.java:109) [catalina.jar:6.0.26] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdap > ter.java:298) [catalina.jar:6.0.26] > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.ja > va:190) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java > :291) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:7 > 69) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSo > cket.java:698) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(Chan > nelSocket.java:891) [tomcat-coyote.jar:6.0.26] > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:690) [tomcat-coyote.jar:6.0.26] > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24] > Caused by: > org.fcrepo.server.errors.authorization.AuthzDeniedException: > at > org.fcrepo.server.security.PolicyEnforcementPoint.enforce(Poli > cyEnforcementPoint.java:422) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.DefaultAuthorization.enforceGetRela > tionships(DefaultAuthorization.java:1570) > [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.management.DefaultManagement.getRelationship > s(DefaultManagement.java:1639) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [na:1.6.0_24] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39) [na:1.6.0_24] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl.java:25) [na:1.6.0_24] > at java.lang.reflect.Method.invoke(Method.java:597) > [na:1.6.0_24] > at > org.fcrepo.server.messaging.NotificationInvocationHandler.invo > ke(NotificationInvocationHandler.java:68) > [fcrepo-server-3.5-SNAPSHOT.jar:na] > at $Proxy433.getRelationships(Unknown Source) [na:na] > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [na:1.6.0_24] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39) [na:1.6.0_24] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl.java:25) [na:1.6.0_24] > at java.lang.reflect.Method.invoke(Method.java:597) > [na:1.6.0_24] > at > org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvo > cationHandler.invokeTarget(PolicyIndexInvocationHandler.java:3 > 34) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvo > cationHandler.invoke(PolicyIndexInvocationHandler.java:106) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at $Proxy433.getRelationships(Unknown Source) [na:na] > at > org.fcrepo.server.management.ManagementModule.getRelationships > (ManagementModule.java:335) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getRelationships(RelationshipResolverImpl.java:202) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > ... 29 common frames omitted > ERROR 2011-04-22 12:24:17.027 [TP-Processor12] (ContextUtil) > Error creating request. > org.fcrepo.server.security.xacml.MelcoeXacmlException: Error > finding parents. > at > org.fcrepo.server.security.xacml.util.ContextUtil.setupResourc > es(ContextUtil.java:341) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.ContextUtil.buildRequest > (ContextUtil.java:444) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.buildR > equest(ContextHandlerImpl.java:111) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.evaluatePids(FindObjects.java:456) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.filterHTML(FindObjects.java:379) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.handleResponse(FindObjects.java:192) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.filters.ObjectsFilte > r.handleResponse(ObjectsFilter.java:109) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.PEP.doFilter(PEP.jav > a:162) [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt > er(ApplicationFilterChain.java:235) [catalina.jar:6.0.26] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli > cationFilterChain.java:206) [catalina.jar:6.0.26] > at > org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFi > lterJAAS.java:295) [fcrepo-security-jaas-3.5-SNAPSHOT.jar:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt > er(ApplicationFilterChain.java:235) [catalina.jar:6.0.26] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli > cationFilterChain.java:206) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW > rapperValve.java:233) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardC > ontextValve.java:191) [catalina.jar:6.0.26] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Aut > henticatorBase.java:558) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHost > Valve.java:127) [catalina.jar:6.0.26] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport > Valve.java:102) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEn > gineValve.java:109) [catalina.jar:6.0.26] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdap > ter.java:298) [catalina.jar:6.0.26] > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.ja > va:190) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java > :291) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:7 > 69) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSo > cket.java:698) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(Chan > nelSocket.java:891) [tomcat-coyote.jar:6.0.26] > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:690) [tomcat-coyote.jar:6.0.26] > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24] > Caused by: org.fcrepo.server.security.xacml.MelcoeXacmlException: > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getRelationships(RelationshipResolverImpl.java:210) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getParents(RelationshipResolverImpl.java:132) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .buildRESTParentHierarchy(RelationshipResolverImpl.java:99) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.ContextUtil.setupResourc > es(ContextUtil.java:325) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > ... 26 common frames omitted > Caused by: > org.fcrepo.server.errors.authorization.AuthzDeniedException: > at > org.fcrepo.server.security.PolicyEnforcementPoint.enforce(Poli > cyEnforcementPoint.java:422) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.DefaultAuthorization.enforceGetRela > tionships(DefaultAuthorization.java:1570) > [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.management.DefaultManagement.getRelationship > s(DefaultManagement.java:1639) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [na:1.6.0_24] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39) [na:1.6.0_24] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl.java:25) [na:1.6.0_24] > at java.lang.reflect.Method.invoke(Method.java:597) > [na:1.6.0_24] > at > org.fcrepo.server.messaging.NotificationInvocationHandler.invo > ke(NotificationInvocationHandler.java:68) > [fcrepo-server-3.5-SNAPSHOT.jar:na] > at $Proxy433.getRelationships(Unknown Source) [na:na] > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [na:1.6.0_24] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39) [na:1.6.0_24] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl.java:25) [na:1.6.0_24] > at java.lang.reflect.Method.invoke(Method.java:597) > [na:1.6.0_24] > at > org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvo > cationHandler.invokeTarget(PolicyIndexInvocationHandler.java:3 > 34) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvo > cationHandler.invoke(PolicyIndexInvocationHandler.java:106) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at $Proxy433.getRelationships(Unknown Source) [na:na] > at > org.fcrepo.server.management.ManagementModule.getRelationships > (ManagementModule.java:335) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getRelationships(RelationshipResolverImpl.java:202) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > ... 29 common frames omitted > ERROR 2011-04-22 12:24:17.028 [TP-Processor12] (FindObjects) > org.fcrepo.server.security.xacml.MelcoeXacmlException: Error > creating request > org.fcrepo.server.security.xacml.pep.PEPException: > org.fcrepo.server.security.xacml.MelcoeXacmlException: Error > creating request > at > org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.buildR > equest(ContextHandlerImpl.java:116) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.evaluatePids(FindObjects.java:456) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.filterHTML(FindObjects.java:379) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.objectshandlers.Find > Objects.handleResponse(FindObjects.java:192) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.filters.ObjectsFilte > r.handleResponse(ObjectsFilter.java:109) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.rest.PEP.doFilter(PEP.jav > a:162) [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt > er(ApplicationFilterChain.java:235) [catalina.jar:6.0.26] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli > cationFilterChain.java:206) [catalina.jar:6.0.26] > at > org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFi > lterJAAS.java:295) [fcrepo-security-jaas-3.5-SNAPSHOT.jar:na] > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilt > er(ApplicationFilterChain.java:235) [catalina.jar:6.0.26] > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli > cationFilterChain.java:206) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardW > rapperValve.java:233) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardContextValve.invoke(StandardC > ontextValve.java:191) [catalina.jar:6.0.26] > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Aut > henticatorBase.java:558) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHost > Valve.java:127) [catalina.jar:6.0.26] > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport > Valve.java:102) [catalina.jar:6.0.26] > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEn > gineValve.java:109) [catalina.jar:6.0.26] > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdap > ter.java:298) [catalina.jar:6.0.26] > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.ja > va:190) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java > :291) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:7 > 69) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSo > cket.java:698) [tomcat-coyote.jar:6.0.26] > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(Chan > nelSocket.java:891) [tomcat-coyote.jar:6.0.26] > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:690) [tomcat-coyote.jar:6.0.26] > at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24] > Caused by: > org.fcrepo.server.security.xacml.MelcoeXacmlException: Error > creating request > at > org.fcrepo.server.security.xacml.util.ContextUtil.buildRequest > (ContextUtil.java:451) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pep.ContextHandlerImpl.buildR > equest(ContextHandlerImpl.java:111) > [fcrepo-security-pep-3.5-SNAPSHOT.jar:na] > ... 24 common frames omitted > Caused by: > org.fcrepo.server.security.xacml.MelcoeXacmlException: Error > finding parents. > at > org.fcrepo.server.security.xacml.util.ContextUtil.setupResourc > es(ContextUtil.java:341) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.ContextUtil.buildRequest > (ContextUtil.java:444) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > ... 25 common frames omitted > Caused by: org.fcrepo.server.security.xacml.MelcoeXacmlException: > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getRelationships(RelationshipResolverImpl.java:210) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getParents(RelationshipResolverImpl.java:132) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .buildRESTParentHierarchy(RelationshipResolverImpl.java:99) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.ContextUtil.setupResourc > es(ContextUtil.java:325) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > ... 26 common frames omitted > Caused by: > org.fcrepo.server.errors.authorization.AuthzDeniedException: > at > org.fcrepo.server.security.PolicyEnforcementPoint.enforce(Poli > cyEnforcementPoint.java:422) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.DefaultAuthorization.enforceGetRela > tionships(DefaultAuthorization.java:1570) > [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.management.DefaultManagement.getRelationship > s(DefaultManagement.java:1639) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [na:1.6.0_24] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39) [na:1.6.0_24] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl.java:25) [na:1.6.0_24] > at java.lang.reflect.Method.invoke(Method.java:597) > [na:1.6.0_24] > at > org.fcrepo.server.messaging.NotificationInvocationHandler.invo > ke(NotificationInvocationHandler.java:68) > [fcrepo-server-3.5-SNAPSHOT.jar:na] > at $Proxy433.getRelationships(Unknown Source) [na:na] > at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [na:1.6.0_24] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > orImpl.java:39) [na:1.6.0_24] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > odAccessorImpl.java:25) [na:1.6.0_24] > at java.lang.reflect.Method.invoke(Method.java:597) > [na:1.6.0_24] > at > org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvo > cationHandler.invokeTarget(PolicyIndexInvocationHandler.java:3 > 34) [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.pdp.decorator.PolicyIndexInvo > cationHandler.invoke(PolicyIndexInvocationHandler.java:106) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > at $Proxy433.getRelationships(Unknown Source) [na:na] > at > org.fcrepo.server.management.ManagementModule.getRelationships > (ManagementModule.java:335) [fcrepo-server-3.5-SNAPSHOT.jar:na] > at > org.fcrepo.server.security.xacml.util.RelationshipResolverImpl > .getRelationships(RelationshipResolverImpl.java:202) > [fcrepo-security-pdp-3.5-SNAPSHOT.jar:na] > ... 29 common frames omitted > [ > > -- > The University of St Andrews is a charity registered in > Scotland: SC013532 > > -------------------------------------------------------------- > ---------------- > Fulfilling the Lean Software Promise > Lean software platforms are now widely adopted and the > benefits have been > demonstrated beyond question. Learn why your peers are replacing JEE > containers with lightweight application servers - and what > you can gain > from the move. http://p.sf.net/sfu/vmware-sfemails > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > ------------------------------------------------------------------------------ Fulfilling the Lean Software Promise Lean software platforms are now widely adopted and the benefits have been demonstrated beyond question. Learn why your peers are replacing JEE containers with lightweight application servers - and what you can gain from the move. http://p.sf.net/sfu/vmware-sfemails _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
