Hello, I changed as well /server/config/beSecurity.xml by changing the callUsername login/pwd and callBasicAuth to true
<serviceSecurityDescription role="fedoraInternalCall-1" callSSL="false" callBasicAuth="true" callUsername="fedoraAdmin" callPassword="fedoraAdmin" callbackSSL="false" callbackBasicAuth="false" iplist="127.0.0.1 192.168.203.95"/> <serviceSecurityDescription role="fedoraInternalCall-2" callSSL="false" callBasicAuth="false" callbackSSL="false" callbackBasicAuth="false" iplist="127.0.0.1 192.168.203.95"/> But still same connection error during object ingestion. -----Original Message----- From: CERVANTES Eric Sent: jeudi 8 décembre 2011 13:40 To: Support and info exchange list for Fedora users. Subject: RE: [fcrepo-user] Issues with authentication In fact, it is ok for viewing the XML representation from the web pages. Still got the issue with the ingest demo objects... -----Original Message----- From: CERVANTES Eric [mailto:eric.cervan...@3ds.com] Sent: jeudi 8 décembre 2011 12:03 To: Support and info exchange list for Fedora users. Subject: Re: [fcrepo-user] Issues with authentication Hello Edwin, Thanks for reply. So, I added the IP of the fedora server (not localhost) at the end of the rule statement in [...]/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml [...] <Rule RuleId="1" Effect="Deny"> <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"> <EnvironmentAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:environment:httpRequest:clientIpAddress" DataType="http://www.w3.org/2001/XMLSchema#string"/> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>127.0.0.1</AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>::1</AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>0:0:0:0:0:0:0:1</AttributeValue> <!-- added the following IP --> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>192.168.203.95</AttributeValue> [...] Now I got messages in /data/vDAM/fedora/client/logs when I launched ./client/bin/fedora-ingest-demos.sh ngdev010 8080 fedoraAdmin fedoraAdmin http fedora For each of the objects to be ingested they have the error : java.net.ConnectException: Connection refused And from the web client still 'request requires HTTP authentication'. Did I miss something with deny-apim-if-not-localhost ? -----Original Message----- From: Edwin Shin [mailto:ed...@fedora-commons.org] Sent: mercredi 7 décembre 2011 18:39 To: Support and info exchange list for Fedora users. Subject: Re: [fcrepo-user] Issues with authentication Eric, By default, API-M operations are only allowed from localhost. It sounds like that might be the issue. If so, you can allow the ip you are using to the deny-apim-if-not-localhost policy, see: https://wiki.duraspace.org/display/FEDORA35/XACML+Policy+Enforcement Eddie On 7 Dec 2011, at 8:48 AM, CERVANTES Eric wrote: > Hello all > > After installing, I tried to import demo objects with the command > > ./fedora-ingest-demos.sh ngdev010 8080 fedoraAdmin fedoraAdmin http > fedora3 > > I got logs under /client/logs/ingest-from-dir-1323269442002.xml, and > 100% failed, none object have been imported > > For instance, foreach object I have > > <failed > file="/data/vDAM/fedora3/client/demo/foxml/local-server-demos/formatting-objects-demo/obj_demo_21.xml"> > org.fcrepo.server.errors.authorization.AuthzDeniedException: > </failed> > > > Moreover, on the http://...fedora3/ > > <image003.jpg> > if I try to look at the "View the XML Representation of this Object" > of the object " fedora-system:ContentModel-3.0", I have a pop up that > I filled with fedoraAdmin fedoraAdmin but then I got <image004.png> > > Any help please ? > This email and any attachments are intended solely for the use of the > individual or entity to whom it is addressed and may be confidential and/or > privileged. > If you are not one of the named recipients or have received this email > in error, > (i) you should not read, disclose, or copy it, > (ii) please notify sender of your receipt by reply email and delete > this email and all attachments, > (iii) Dassault Systemes does not accept or assume any liability or > responsibility for any use of or reliance on this email. > For other languages, go to http://www.3ds.com/terms/email-disclaimer > ---------------------------------------------------------------------- > -------- Cloud Services Checklist: Pricing and Packaging Optimization > This white paper is intended to serve as a reference, checklist and > point of discussion for anyone considering optimizing the pricing and > packaging model of a cloud services business. Read Now! > http://www.accelacomm.com/jaw/sfnl/114/51491232/______________________ > _________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systemes does not accept or assume any liability or responsibility for any use of or reliance on this email. For other languages, go to http://www.3ds.com/terms/email-disclaimer ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users This email and any attachments are intended solely for the use of the individual or entity to whom it is addressed and may be confidential and/or privileged. If you are not one of the named recipients or have received this email in error, (i) you should not read, disclose, or copy it, (ii) please notify sender of your receipt by reply email and delete this email and all attachments, (iii) Dassault Systemes does not accept or assume any liability or responsibility for any use of or reliance on this email. For other languages, go to http://www.3ds.com/terms/email-disclaimer ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
