Stuart -- Just to clarify, is the problem only with API-M functions, or API-A functions, too?
If API-A is working without authentication, then you should get back a response to this query: http://chalk.coas.unf.edu:8080/fedora/describe What is the REST request you are trying to submit that provokes the error? If you install with XACML turned off in install.properties, does the problem disappear? -- Scott On 05/13/2011 05:48 AM, Stuart Chalk wrote: > Alex > > Do you remember which one(s) or do you have a reference to where the error is > reported? > The strange thing is that I have the same setup on my laptop with it accessed > through http://localhost and it works fine. > > Anyone - Are there file permission issues that can cause this? > > Stuart > > On May 13, 2011, at 4:47 AM, Alex Lopez wrote: > >> If I remember correctly a similar error could be corrected by first >> commenting out some auth filters in fedora's web.xml and resseting, so >> it could load policies first time, then it would work OK and filters >> could be activated again because policies where already in place. >> >> Em 13-05-2011 00:57, Stuart Chalk escreveu: >>> Scott >>> >>> Looking at the install page for FeSL it indicates that I only need to do an >>> extra config for AuthZ. >>> >>> Anyway I set fesl.authn.enabled=false in the install.properties file and >>> reinstall Fedora using the install.properties file and it still has the >>> same error. >>> >>> INFO 2011-05-12 19:37:13.905 [http-8080-4] (Cache) Authenticating user >>> [fedoraAdmin] >>> INFO 2011-05-12 19:37:13.925 [http-8080-4] (DefaultManagement) Completed >>> getDatastream(pid: fedora-system:ContentModel-3.0, datastreamID: DC, >>> asOfDateTime: null) >>> WARN 2011-05-12 19:37:13.934 [http-8080-4] (DatastreamResource) >>> Authorization failed; unable to fulfill REST API request >>> org.fcrepo.server.errors.authorization.AuthzDeniedException: >>> at >>> org.fcrepo.server.security.PolicyEnforcementPoint.enforce(PolicyEnforcementPoint.java:422) >>> [fcrepo-server-3.4.2.jar:na] >>> at >>> org.fcrepo.server.security.DefaultAuthorization.enforceGetDatastream(DefaultAuthorization.java:639) >>> [fcrepo-server-3.4.2.jar:na] >>> at >>> org.fcrepo.server.management.DefaultManagement.getDatastream(DefaultManagement.java:1124) >>> [fcrepo-server-3.4.2.jar:na] >>> >>> What I don't understand is that fesl.authz.enabled was set to false both >>> times and yet it is still giving me a AuthZ error... >>> >>> Stuart >>> >>> >>> On May 12, 2011, at 6:02 PM, Scott Prater wrote: >>> >>>> Hello, Stuart -- >>>> >>>> I see you have FeSL authn enabled, which could be causing a problem. >>>> Have you configured your FeSL environment? >>>> >>>> https://wiki.duraspace.org/display/FCR30/FeSL+Installation >>>> >>>> Alternatively, you could reinstall with fesl turned off, and see if your >>>> results improve. >>>> >>>> -- Scott >>>> >>>> On 05/12/2011 02:35 PM, Chalk, Stuart wrote: >>>>> Problems getting a fresh install of Fedora 3.4.2 to authenticate >>>>> properly. Having the same issue of authentication others have had using >>>>> the admin or HTML interface. I have read the reports of this problem but >>>>> can't seem to find the solution. I have changed the >>>>> deny-apim-if-not-localhost.xml file to include the address of the server. >>>>> I have included the install.properites file at the end of this email. >>>>> >>>>> Suggestions? >>>>> >>>>> Stuart Chalk, Ph.D. >>>>> Associate Professor of Chemistry >>>>> Department of Chemistry, Building 50, Room 3514, >>>>> University of North Florida >>>>> 1 UNF Drive, Jacksonville, FL 32224 USA >>>>> P: 904-620-1938 >>>>> F: 904-620-3535 >>>>> E: sch...@unf.edu >>>>> W: http://www.unf.edu/coas/chemistry/ >>>>> >>>>> >>>>> INFO 2011-05-12 14:03:24.911 [http-8080-1] (DefaultManagement) Completed >>>>> ingest(objectXML, format: info:fedora/fedora-system:FOXML-1.1, encoding: >>>>> UTF-8, pid : eureka:test, logMessage: null) >>>>> WARN 2011-05-12 14:03:24.914 [http-8080-1] (FedoraObjectResource) >>>>> Authorization failed; unable to fulfill REST API request >>>>> org.fcrepo.server.errors.authorization.AuthzDeniedException: >>>>> at >>>>> org.fcrepo.server.security.PolicyEnforcementPoint.enforce(PolicyEnforcementPoint.java:422) >>>>> [fcrepo-server-3.4.2.jar:na] >>>>> at >>>>> org.fcrepo.server.security.DefaultAuthorization.enforceIngest(DefaultAuthorization.java:788) >>>>> [fcrepo-server-3.4.2.jar:na] >>>>> at >>>>> org.fcrepo.server.management.DefaultManagement.ingest(DefaultManagement.java:168) >>>>> [fcrepo-server-3.4.2.jar:na] >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> [na:1.6.0_24] >>>>> at >>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>> [na:1.6.0_24] >>>>> at >>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>> [na:1.6.0_24] >>>>> at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_24] >>>>> at >>>>> org.fcrepo.server.messaging.NotificationInvocationHandler.invoke(NotificationInvocationHandler.java:68) >>>>> [fcrepo-server-3.4.2.jar:na] >>>>> at $Proxy0.ingest(Unknown Source) [na:na] >>>>> at >>>>> org.fcrepo.server.management.ManagementModule.ingest(ManagementModule.java:354) >>>>> [fcrepo-server-3.4.2.jar:na] >>>>> at >>>>> org.fcrepo.server.rest.FedoraObjectResource.createObject(FedoraObjectResource.java:293) >>>>> [fcrepo-server-3.4.2.jar:na] >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> [na:1.6.0_24] >>>>> at >>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>> [na:1.6.0_24] >>>>> at >>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>> [na:1.6.0_24] >>>>> at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_24] >>>>> at >>>>> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:175) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:67) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:163) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:71) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:111) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:63) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:689) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:647) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:638) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:309) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:425) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at >>>>> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:590) >>>>> [jersey-bundle-1.0.3.1.jar:1.0.3.1] >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >>>>> [servlet-api.jar:na] >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>> [catalina.jar:na] >>>>> at >>>>> org.fcrepo.server.security.servletfilters.FilterRestApiFlash.doFilter(FilterRestApiFlash.java:66) >>>>> [fcrepo-server-3.4.2.jar:na] >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>> [catalina.jar:na] >>>>> at >>>>> org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.java:295) >>>>> [fcrepo-security-jaas-3.4.2.jar:na] >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) >>>>> [catalina.jar:na] >>>>> at >>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) >>>>> [tomcat-coyote.jar:na] >>>>> at >>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) >>>>> [tomcat-coyote.jar:na] >>>>> at >>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) >>>>> [tomcat-coyote.jar:na] >>>>> at java.lang.Thread.run(Thread.java:680) [na:1.6.0_24] >>>>> >>>>> Install.Properties >>>>> >>>>> #Install Options >>>>> #Thu May 12 13:18:30 EDT 2011 >>>>> keystore.file=included >>>>> ri.enabled=true >>>>> messaging.enabled=false >>>>> apia.auth.required=false >>>>> database.jdbcDriverClass=com.mysql.jdbc.Driver >>>>> tomcat.ssl.port=8443 >>>>> ssl.available=true >>>>> database.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true >>>>> database.password=******** >>>>> database.mysql.driver=included >>>>> database.username=eureka >>>>> fesl.authz.enabled=false >>>>> tomcat.shutdown.port=8005 >>>>> deploy.local.services=true >>>>> xacml.enabled=true >>>>> database.mysql.jdbcDriverClass=com.mysql.jdbc.Driver >>>>> tomcat.http.port=8080 >>>>> fedora.serverHost=chalk.coas.unf.edu >>>>> database=mysql >>>>> database.driver=included >>>>> fedora.serverContext=fedora >>>>> llstore.type=akubra-fs >>>>> tomcat.home=/opt/local/fedora/tomcat >>>>> fesl.authn.enabled=true >>>>> database.mysql.jdbcURL=jdbc\:mysql\://localhost/fedora3?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true >>>>> fedora.home=/opt/local/fedora >>>>> install.type=custom >>>>> servlet.engine=included >>>>> apim.ssl.required=false >>>>> fedora.admin.pass=******** >>>>> apia.ssl.required=false >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Achieve unprecedented app performance and reliability >>>>> What every C/C++ and Fortran developer should know. >>>>> Learn how Intel has extended the reach of its next-generation tools >>>>> to help boost performance applications - inlcuding clusters. >>>>> http://p.sf.net/sfu/intel-dev2devmay >>>>> _______________________________________________ >>>>> Fedora-commons-users mailing list >>>>> Fedora-commons-users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >>>> >>>> >>>> -- >>>> Scott Prater >>>> Library, Instructional, and Research Applications (LIRA) >>>> Division of Information Technology (DoIT) >>>> University of Wisconsin - Madison >>>> pra...@wisc.edu >>>> >>>> ------------------------------------------------------------------------------ >>>> Achieve unprecedented app performance and reliability >>>> What every C/C++ and Fortran developer should know. >>>> Learn how Intel has extended the reach of its next-generation tools >>>> to help boost performance applications - inlcuding clusters. >>>> http://p.sf.net/sfu/intel-dev2devmay >>>> _______________________________________________ >>>> Fedora-commons-users mailing list >>>> Fedora-commons-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >>> >>> >>> ------------------------------------------------------------------------------ >>> Achieve unprecedented app performance and reliability >>> What every C/C++ and Fortran developer should know. >>> Learn how Intel has extended the reach of its next-generation tools >>> to help boost performance applications - inlcuding clusters. >>> http://p.sf.net/sfu/intel-dev2devmay >>> _______________________________________________ >>> Fedora-commons-users mailing list >>> Fedora-commons-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >> >> ------------------------------------------------------------------------------ >> Achieve unprecedented app performance and reliability >> What every C/C++ and Fortran developer should know. >> Learn how Intel has extended the reach of its next-generation tools >> to help boost performance applications - inlcuding clusters. >> http://p.sf.net/sfu/intel-dev2devmay >> _______________________________________________ >> Fedora-commons-users mailing list >> Fedora-commons-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > > ------------------------------------------------------------------------------ > Achieve unprecedented app performance and reliability > What every C/C++ and Fortran developer should know. > Learn how Intel has extended the reach of its next-generation tools > to help boost performance applications - inlcuding clusters. > http://p.sf.net/sfu/intel-dev2devmay > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users -- Scott Prater Library, Instructional, and Research Applications (LIRA) Division of Information Technology (DoIT) University of Wisconsin - Madison pra...@wisc.edu ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
