Hi Swithun Do you have the date/time that you grabbed the source code for the 3.5-SNAPSHOT build that you are using?.
DBXML isn't required if you are using a build from master. Instead a file-backed memory-based policy index is used (these are the files in the pdp/policy-db/ folder). DBXML and eXist can optionally be used instead for the policy index. With external datastreams Fedora won't be aware when the content has changed, hence the policy index won't be updated as you observe (I missed this fact from your earlier message). Though the rebuilder has an option to recreate the policy index from scratch. Also, setting the datastream state to inactive/deleted then back to active should trigger an update of the policy index. However with managed content FESLPOLICY datastreams, a modification to the datastream content should trigger an immediate change (providing PEP_NOCACHE is true and exported); it sounds like this is not happening for you. I'd like to investigate this further in case we have a bug. Could you supply 1) The initial FESLPOLICY datastream 2) The modified FESLPOLICY datastream 3) A description of what changes you expect after the datastream is modified, and what you actually observe. We are currently doing some testing on master so it would be useful to factor this in (and maybe add an automated test case for it). Regards Steve -----Original Message----- From: Swithun Crowe [mailto:c...@st-andrews.ac.uk] Sent: 12 May 2011 10:44 To: Support and info exchange list for Fedora users. Subject: Re: [fcrepo-user] POLICY datastream Hello SB> The work-around currently is to set an environment variable SB> PEP_NOCACHE=true; which disables caching entirely, which is probably a SB> good idea whilst you are modifying policies (you can remove it once SB> you have a stable set). Setting PEP_NOCACHE didn't seem to have any effect. I found that Fedora was storing FESLPOLICY datastreams in pdp/policy-db/. If I deleted the copy of my external FESLPOLICY, then it wasn't replaced, and Fedora behaved as if the policy didn't exist. I had to purge the datastream and add it again for it to appear and have an effect. SB> See SB> https://wiki.duraspace.org/display/FCR30/FeSL+Authorization#FeSLAuth SB> orization-Policyevaluationresultscaching This page only mentions inline and managed datastreams. I changed my external datastream to managed, but again, I had to replace the content for a change to appear. I can't find a DBXML database file anywhere. I don't know if this is significant, or if FeSL is doing OK without DBXML. I haven't seen anything in the logs complaining about it. I'm using version 3.5 SNAPSHOT. Below is my installer.properties. Now that I know how to get policies refreshed, I could maybe even script the actions, so it isn't a major problem. But I'm puzzled as to why it doesn't behave in the way you described. Swithun. #Install Options #Tue May 03 10:31:57 BST 2011 keystore.file=/home/archive/keystore/server.jks ri.enabled=true messaging.enabled=true apia.auth.required=false database.jdbcDriverClass=org.apache.derby.jdbc.EmbeddedDriver tomcat.ssl.port=8443 ssl.available=true database.jdbcURL=jdbc\:derby\:/opt/fedora35_2/derby/fedora3;create\=true messaging.uri=vm\:(broker\:(tcp\://localhost\:61616)) database.password=fedoraAdmin keystore.type=JKS fesl.dbxml.home=/usr/local/BerkeleyDBXML.2.5.16 database.username=fedoraAdmin fesl.authz.enabled=true tomcat.shutdown.port=8005 deploy.local.services=true xacml.enabled=false tomcat.http.port=8080 fedora.serverHost=itspc-cs2.st-andrews.ac.uk database=included database.driver=included fedora.serverContext=fedora keystore.password=fedoraAdmin llstore.type=akubra-fs tomcat.home=/opt/alfresco/tomcat fesl.authn.enabled=true fedora.home=/opt/fedora35_2 install.type=custom servlet.engine=existingTomcat apim.ssl.required=true fedora.admin.pass=fedoraAdmin apia.ssl.required=false -- The University of St Andrews is a charity registered in Scotland: SC013532 ---------------------------------------------------------------------------- -- Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
