Re: [fcrepo-user] [NEWBIE] Accessing external resource with HTTP authentication

Thu, 09 May 2013 11:09:06 -0700 

Stefano-
  I remember some conversation a couple of years ago about supporting BASIC
auth in services, but as far as I know they didn't go anywhere.  Maybe
another committer remembers something?  In any case, I don't see why
storing the credentials like that wouldn't work, if you can accept the
plain-text issues you cite.

As far as certs, Im afraid you're on your own.  I will warn you that Java
errs on the side of verification unless you instruct it not to, so invalid
certs will cause other problems.

- Ben


On Thu, May 9, 2013 at 12:32 PM, Stefano Cossu <[email protected]> wrote:

> Hi there,
> I'm starting to tinker with Fedora and trying to write a CMA workflow.
> I'm building a digital object that should grab an image datastream from
> an HTTPS server which requires basic authentication.
> I tried inserting the authentication data in the URL for the datastream,
> but now I have 2 problems:
> 1) Username and password are stored in plain text in the FOXML, visible
> by everyone who looks up that record in Fedora, as well as all over the
> logs.
> 2) I still can't connect to the server this way. The server's
> certificate is expired, I don't know if that plays a role.
>
> Fedora throws this error:
>
> ERROR 2013-05-09 11:04:28.618 [http-8080-1] (BaseRestResource)
> Unexpected error fulfilling REST API request
> org.fcrepo.server.errors.HttpServiceNotFoundException:
> [DefaultExternalContentManager] returned an error.  The underlying error
> was a org.fcrepo.server.errors.GeneralException  T
> he message was  "Error getting
> https://username:password@imageserver/myHugePicture"; .
>          at
>
> org.fcrepo.server.storage.DefaultExternalContentManager.getExternalContent(DefaultExternalContentManager.java:152)
> ~[fcrepo-server-3.6.2.jar:na]
>          at
>
> org.fcrepo.server.access.DefaultAccess.getDatastreamDissemination(DefaultAccess.java:1148)
> ~[fcrepo-server-3.6.2.jar:na]
>          at
>
> org.fcrepo.server.rest.DatastreamResource.getDatastream(DatastreamResource.java:247)
> ~[fcrepo-server-3.6.2.jar:na]
> [...]
>
> And the image server's Apache error log:
>
> Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] Connection to
> child 0 established (server imageserver:443)
> [Thu May 09 11:04:25 2013] [info] Seeding PRNG with 144 bytes of entropy
> [Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] SSL library error
> 1 in handshake (server imageserver:443)
> [Thu May 09 11:04:25 2013] [info] SSL Library Error: 336151608
> error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error
> [Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] Connection closed
> to child 0 with abortive shutdown (server imageserver:443)
> [...]
>
> Of course, I can always use a redirect datastream and let the client
> deal with authentication and SSL, but I'd like to hide the source URI if
> possible.
>
>
> Below is the FOXML representation of my object:
>
> <foxml:digitalObject VERSION="1.1" PID="test:dervPub_obj"
> xsi:schemaLocation="info:fedora/fedora-system:def/foxml#
> http://www.fedora.info/definitions/1/0/foxml1-1.xsd";>
>      <foxml:objectProperties>
>          <foxml:property
> NAME="info:fedora/fedora-system:def/model#state" VALUE="Active"/>
>          <foxml:property
> NAME="info:fedora/fedora-system:def/model#label" VALUE="Disseminator
> object"/>
>          <foxml:property
> NAME="info:fedora/fedora-system:def/model#ownerId" VALUE="fedoraAdmin"/>
>          <foxml:property
> NAME="info:fedora/fedora-system:def/model#createdDate"
> VALUE="2013-05-09T15:37:41.708Z"/>
>          <foxml:property
> NAME="info:fedora/fedora-system:def/view#lastModifiedDate"
> VALUE="2013-05-09T15:37:41.892Z"/>
>      </foxml:objectProperties>
>      <foxml:datastream ID="AUDIT" STATE="A" CONTROL_GROUP="X"
> VERSIONABLE="false">
>          <foxml:datastreamVersion ID="AUDIT.0" LABEL="Audit Trail for
> this object" CREATED="2013-05-09T15:37:41.708Z" MIMETYPE="text/xml"
> FORMAT_URI="info:fedora/fedora-system:format/xml.fedora.audit">
>              <foxml:xmlContent>
>                  <audit:auditTrail>
>                      <audit:record ID="AUDREC1">
>                          <audit:process type="Fedora API-M"/>
> <audit:action>addDatastream</audit:action>
> <audit:componentID>SOURCE_IMG</audit:componentID>
> <audit:responsibility>fedoraAdmin</audit:responsibility>
> <audit:date>2013-05-09T15:37:41.892Z</audit:date>
>                          <audit:justification/>
>                      </audit:record>
>                  </audit:auditTrail>
>              </foxml:xmlContent>
>          </foxml:datastreamVersion>
>      </foxml:datastream>
>      <foxml:datastream ID="DC" STATE="A" CONTROL_GROUP="X"
> VERSIONABLE="true">
>          <foxml:datastreamVersion ID="DC1.0" LABEL="Dublin Core Record
> for this object" CREATED="2013-05-09T15:37:41.708Z" MIMETYPE="text/xml"
> FORMAT_URI="http://www.openarchives.org/OAI/2.0/oai_dc/"; SIZE="388">
>              <foxml:xmlContent>
>                  <oai_dc:dc
> xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/
> http://www.openarchives.org/OAI/2.0/oai_dc.xsd";>
>                      <dc:title>Disseminator object</dc:title>
> <dc:identifier>test:dervPub_obj</dc:identifier>
>                  </oai_dc:dc>
>              </foxml:xmlContent>
>          </foxml:datastreamVersion>
>      </foxml:datastream>
>      <foxml:datastream ID="RELS-EXT" STATE="A" CONTROL_GROUP="X"
> VERSIONABLE="false">
>          <foxml:datastreamVersion ID="RELS-EXT.0" LABEL="Relationships"
> CREATED="2013-05-09T15:37:41.837Z" MIMETYPE="application/rdf+xml"
> FORMAT_URI="info:fedora/fedora-system:FedoraRELSExt-1.0" SIZE="273">
>              <foxml:xmlContent>
>                  <rdf:RDF>
>                      <rdf:Description
> rdf:about="info:fedora/test:dervPub_obj">
>                          <hasModel
> rdf:resource="info:fedora/test:dervPub_CModel"/>
>                      </rdf:Description>
>                  </rdf:RDF>
>              </foxml:xmlContent>
>          </foxml:datastreamVersion>
>      </foxml:datastream>
>      <foxml:datastream ID="SOURCE_IMG" STATE="A" CONTROL_GROUP="E"
> VERSIONABLE="true">
>          <foxml:datastreamVersion ID="SOURCE_IMG.0" LABEL="full sized
> image" CREATED="2013-05-09T15:37:41.892Z" MIMETYPE="image/jpeg">
>              <foxml:contentLocation TYPE="URL"
> REF="https://username:password@imageserver/myHugePicture"/>
>          </foxml:datastreamVersion>
>      </foxml:datastream>
>
> I would really appreciate your help.
>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> Fedora-commons-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users

Reply via email to