If I remember correctly a similar error could be corrected by first commenting out some auth filters in fedora's web.xml and resseting, so it could load policies first time, then it would work OK and filters could be activated again because policies where already in place.
Em 13-05-2011 00:57, Stuart Chalk escreveu: > Scott > > Looking at the install page for FeSL it indicates that I only need to do an > extra config for AuthZ. > > Anyway I set fesl.authn.enabled=false in the install.properties file and > reinstall Fedora using the install.properties file and it still has the same > error. > > INFO 2011-05-12 19:37:13.905 [http-8080-4] (Cache) Authenticating user > [fedoraAdmin] > INFO 2011-05-12 19:37:13.925 [http-8080-4] (DefaultManagement) Completed > getDatastream(pid: fedora-system:ContentModel-3.0, datastreamID: DC, > asOfDateTime: null) > WARN 2011-05-12 19:37:13.934 [http-8080-4] (DatastreamResource) Authorization > failed; unable to fulfill REST API request > org.fcrepo.server.errors.authorization.AuthzDeniedException: > at > org.fcrepo.server.security.PolicyEnforcementPoint.enforce(PolicyEnforcementPoint.java:422) > [fcrepo-server-3.4.2.jar:na] > at > org.fcrepo.server.security.DefaultAuthorization.enforceGetDatastream(DefaultAuthorization.java:639) > [fcrepo-server-3.4.2.jar:na] > at > org.fcrepo.server.management.DefaultManagement.getDatastream(DefaultManagement.java:1124) > [fcrepo-server-3.4.2.jar:na] > > What I don't understand is that fesl.authz.enabled was set to false both > times and yet it is still giving me a AuthZ error... > > Stuart > > > On May 12, 2011, at 6:02 PM, Scott Prater wrote: > >> Hello, Stuart -- >> >> I see you have FeSL authn enabled, which could be causing a problem. >> Have you configured your FeSL environment? >> >> https://wiki.duraspace.org/display/FCR30/FeSL+Installation >> >> Alternatively, you could reinstall with fesl turned off, and see if your >> results improve. >> >> -- Scott >> >> On 05/12/2011 02:35 PM, Chalk, Stuart wrote: >>> Problems getting a fresh install of Fedora 3.4.2 to authenticate properly. >>> Having the same issue of authentication others have had using the admin or >>> HTML interface. I have read the reports of this problem but can't seem to >>> find the solution. I have changed the deny-apim-if-not-localhost.xml file >>> to include the address of the server. I have included the >>> install.properites file at the end of this email. >>> >>> Suggestions? >>> >>> Stuart Chalk, Ph.D. >>> Associate Professor of Chemistry >>> Department of Chemistry, Building 50, Room 3514, >>> University of North Florida >>> 1 UNF Drive, Jacksonville, FL 32224 USA >>> P: 904-620-1938 >>> F: 904-620-3535 >>> E: sch...@unf.edu >>> W: http://www.unf.edu/coas/chemistry/ >>> >>> >>> INFO 2011-05-12 14:03:24.911 [http-8080-1] (DefaultManagement) Completed >>> ingest(objectXML, format: info:fedora/fedora-system:FOXML-1.1, encoding: >>> UTF-8, pid : eureka:test, logMessage: null) >>> WARN 2011-05-12 14:03:24.914 [http-8080-1] (FedoraObjectResource) >>> Authorization failed; unable to fulfill REST API request >>> org.fcrepo.server.errors.authorization.AuthzDeniedException: >>> at >>> org.fcrepo.server.security.PolicyEnforcementPoint.enforce(PolicyEnforcementPoint.java:422) >>> [fcrepo-server-3.4.2.jar:na] >>> at >>> org.fcrepo.server.security.DefaultAuthorization.enforceIngest(DefaultAuthorization.java:788) >>> [fcrepo-server-3.4.2.jar:na] >>> at >>> org.fcrepo.server.management.DefaultManagement.ingest(DefaultManagement.java:168) >>> [fcrepo-server-3.4.2.jar:na] >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> [na:1.6.0_24] >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> [na:1.6.0_24] >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> [na:1.6.0_24] >>> at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_24] >>> at >>> org.fcrepo.server.messaging.NotificationInvocationHandler.invoke(NotificationInvocationHandler.java:68) >>> [fcrepo-server-3.4.2.jar:na] >>> at $Proxy0.ingest(Unknown Source) [na:na] >>> at >>> org.fcrepo.server.management.ManagementModule.ingest(ManagementModule.java:354) >>> [fcrepo-server-3.4.2.jar:na] >>> at >>> org.fcrepo.server.rest.FedoraObjectResource.createObject(FedoraObjectResource.java:293) >>> [fcrepo-server-3.4.2.jar:na] >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> [na:1.6.0_24] >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> [na:1.6.0_24] >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> [na:1.6.0_24] >>> at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_24] >>> at >>> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:175) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:67) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:163) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:71) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:111) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:63) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:689) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:647) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:638) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:309) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:425) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at >>> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:590) >>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >>> [servlet-api.jar:na] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>> [catalina.jar:na] >>> at >>> org.fcrepo.server.security.servletfilters.FilterRestApiFlash.doFilter(FilterRestApiFlash.java:66) >>> [fcrepo-server-3.4.2.jar:na] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>> [catalina.jar:na] >>> at >>> org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.java:295) >>> [fcrepo-security-jaas-3.4.2.jar:na] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>> [catalina.jar:na] >>> at >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) >>> [catalina.jar:na] >>> at >>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) >>> [tomcat-coyote.jar:na] >>> at >>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>> [tomcat-coyote.jar:na] >>> at >>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) >>> [tomcat-coyote.jar:na] >>> at java.lang.Thread.run(Thread.java:680) [na:1.6.0_24] >>> >>> Install.Properties >>> >>> #Install Options >>> #Thu May 12 13:18:30 EDT 2011 >>> keystore.file=included >>> ri.enabled=true >>> messaging.enabled=false >>> apia.auth.required=false >>> database.jdbcDriverClass=com.mysql.jdbc.Driver >>> tomcat.ssl.port=8443 >>> ssl.available=true >>> database.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true >>> database.password=******** >>> database.mysql.driver=included >>> database.username=eureka >>> fesl.authz.enabled=false >>> tomcat.shutdown.port=8005 >>> deploy.local.services=true >>> xacml.enabled=true >>> database.mysql.jdbcDriverClass=com.mysql.jdbc.Driver >>> tomcat.http.port=8080 >>> fedora.serverHost=chalk.coas.unf.edu >>> database=mysql >>> database.driver=included >>> fedora.serverContext=fedora >>> llstore.type=akubra-fs >>> tomcat.home=/opt/local/fedora/tomcat >>> fesl.authn.enabled=true >>> database.mysql.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true >>> fedora.home=/opt/local/fedora >>> install.type=custom >>> servlet.engine=included >>> apim.ssl.required=false >>> fedora.admin.pass=******** >>> apia.ssl.required=false >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Achieve unprecedented app performance and reliability >>> What every C/C++ and Fortran developer should know. >>> Learn how Intel has extended the reach of its next-generation tools >>> to help boost performance applications - inlcuding clusters. >>> http://p.sf.net/sfu/intel-dev2devmay >>> _______________________________________________ >>> Fedora-commons-users mailing list >>> Fedora-commons-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >> >> >> -- >> Scott Prater >> Library, Instructional, and Research Applications (LIRA) >> Division of Information Technology (DoIT) >> University of Wisconsin - Madison >> pra...@wisc.edu >> >> ------------------------------------------------------------------------------ >> Achieve unprecedented app performance and reliability >> What every C/C++ and Fortran developer should know. >> Learn how Intel has extended the reach of its next-generation tools >> to help boost performance applications - inlcuding clusters. >> http://p.sf.net/sfu/intel-dev2devmay >> _______________________________________________ >> Fedora-commons-users mailing list >> Fedora-commons-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > ------------------------------------------------------------------------------ > Achieve unprecedented app performance and reliability > What every C/C++ and Fortran developer should know. > Learn how Intel has extended the reach of its next-generation tools > to help boost performance applications - inlcuding clusters. > http://p.sf.net/sfu/intel-dev2devmay > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
