CF_ng all in one, run 'cf register' get UAA errors.

Showing 1-8 of 8 messages
CF_ng all in one, run 'cf register' get UAA errors. ZhenKuan Li 8/24/13 12:20 AM
Hi all,

I download CC_ng, NATS, DEA_ng, Gorouter, UAA, Warden, HM and other components' source code from github.com.
Than manual install them (All in one) and configuration similary cf-vagrant-installer

All of them are running and could connected to nats.

But, when i run 'cf target api2.vcap.me' is OK, then 'cf register', i get this info from UAA logs. (More DEBUG info in the attach file.)

Please help me, thanks.

[2013-08-23 17:24:17.858] uaa - 5749 [http-8080-1] .... DEBUG --- AffirmativeBased: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3865db85, returned: -1
[2013-08-23 17:24:17.861] uaa - 5749 [http-8080-1] .... DEBUG --- DefaultListableBeanFactory: Returning cached instance of singleton bean 'org.cloudfoundry.identity.uaa.audit.event.AuditListener#0'
[2013-08-23 17:24:17.861] uaa - 5749 [http-8080-1] .... DEBUG --- DefaultListableBeanFactory: Returning cached instance of singleton bean 'org.cloudfoundry.identity.uaa.authentication.event.BadCredentialsListener#0'
[2013-08-23 17:24:17.861] uaa - 5749 [http-8080-1] .... DEBUG --- DefaultListableBeanFactory: Returning cached instance of singleton bean 'org.cloudfoundry.identity.uaa.audit.event.AuditListener#1'
[2013-08-23 17:24:17.862] uaa - 5749 [http-8080-1] .... DEBUG --- DefaultListableBeanFactory: Returning cached instance of singleton bean 'scimUserBootstrap'
[2013-08-23 17:24:17.862] uaa - 5749 [http-8080-1] .... DEBUG --- ExceptionTranslationFilter: Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor$UaaLoggingFilter.doFilter(SecurityFilterChainPostProcessor.java:186)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
[2013-08-23 17:24:17.862] uaa - 5749 [http-8080-1] .... DEBUG --- ExceptionTranslationFilter: Calling Authentication entry point.
[2013-08-23 17:24:17.862] uaa - 5749 [http-8080-1] .... DEBUG --- Http403ForbiddenEntryPoint: Pre-authenticated entry point called. Rejecting access
[2013-08-23 17:24:17.862] uaa - 5749 [http-8080-1] .... DEBUG --- SecurityContextPersistenceFilter: SecurityContextHolder now cleared, as request processing completed

Re: [vcap-dev] CF_ng all in one, run 'cf register' get UAA errors. James Bayer 8/24/13 6:31 AM

“cf register” is likely going away.

see: http://docs.cloudfoundry.com/docs/using/managing-apps/cf/
specifically:

1) create-organization

  • should be invoked as the cloud foundry operator
  • the username “admin” is typically the out-of-the-box user that typically starts with the cloud_controller.admin OAuth scope in the UAA that defines the cloud foundry operator users
  • one of the options of the command is to not add the admin to the organization
  • in this case where the admin is not added to the org, the admin creates an empty org for another TBD user
$ cf help create-org
Create an organization

Usage: create-org [NAME]

Options:
      --[no-]add-self     Add yourself to the organization
      --find-if-exists    Use an existing organization if one already exists with the given name
      --name NAME         Organization name
  -t, --[no-]target       Switch to the organization after creation

2) create-user

  • should also be invoked as the cloud foundry operator described above
  • there is an option to specify the initial organization for the user in this command, which could be an organization specified that was from the create-organization command earlier
$ cf help create-user
Create a user

Usage: create-user [EMAIL]

Options:
      --email EMAIL                         User email
      --password PASSWORD                   User password
      --verify VERIFY                       Repeat password
  -o, --organization, --org ORGANIZATION    User organization

let us know if something like the steps below work for you. i don't have my oss vagrant instance set up to validate it at the moment:

create-org example-org --no-add-self
create-user --email some-m...@example.com --password changeme --verify changeme -org example-org

if you're an advanced user, then you can see the uaa user management here:

To unsubscribe from this group and stop receiving emails from it, send an email to vcap-dev+u...@cloudfoundry.org.

--
Thank you,

James Bayer
Re: [vcap-dev] CF_ng all in one, run 'cf register' get UAA errors. James Bayer 8/24/13 6:36 AM
this an opportunity to also call attention to an in-flight Pull Request from Jon at Intel that adds org/space role management to `cf` cli. thanks to both jon and intel for initiating this! we'll be prioritizing this very soon:

Re: [vcap-dev] CF_ng all in one, run 'cf register' get UAA errors. Manuel Garcia 8/24/13 11:30 AM

On Aug 24, 2013, at 10:36 AM, James Bayer <jba...@gopivotal.com> wrote:

this an opportunity to also call attention to an in-flight Pull Request from Jon at Intel that adds org/space role management to `cf` cli. thanks to both jon and intel for initiating this! we'll be prioritizing this very soon:



On Sat, Aug 24, 2013 at 6:31 AM, James Bayer <jba...@gopivotal.com> wrote:

“cf register” is likely going away.

see: http://docs.cloudfoundry.com/docs/using/managing-apps/cf/
specifically:

1) create-organization

  • should be invoked as the cloud foundry operator
  • the username “admin” is typically the out-of-the-box user that typically starts with the cloud_controller.admin OAuth scope in the UAA that defines the cloud foundry operator users

Given that you are building CF from every component's repository I assume there is a high chance  default configs are been applied.

Default UAA config (https://github.com/cloudfoundry/uaa/blob/master/config/uaa.yml) has no explicit scopes, users and permissions.
Within https://github.com/Altoros/cf-vagrant-installer we wrote customised config files to fit common use cases.

You can try using it in your installation.

Also, there is a very simple initial orgs/spaces setup available: https://github.com/Altoros/cf-vagrant-installer/blob/master/bin/init-cf-cli

Hope this helps.

- Manuel

Re: [vcap-dev] CF_ng all in one, run 'cf register' get UAA errors. manuel...@altoros.com 8/24/13 11:31 AM

On Aug 24, 2013, at 10:36 AM, James Bayer <jba...@gopivotal.com> wrote:

this an opportunity to also call attention to an in-flight Pull Request from Jon at Intel that adds org/space role management to `cf` cli. thanks to both jon and intel for initiating this! we'll be prioritizing this very soon:



On Sat, Aug 24, 2013 at 6:31 AM, James Bayer <jba...@gopivotal.com> wrote:

“cf register” is likely going away.

see: http://docs.cloudfoundry.com/docs/using/managing-apps/cf/
specifically:

1) create-organization

  • should be invoked as the cloud foundry operator
  • the username “admin” is typically the out-of-the-box user that typically starts with the cloud_controller.admin OAuth scope in the UAA that defines the cloud foundry operator users

Given that you are building CF from every component's repository I assume there is a high chance  default configs are been applied.

Default UAA config (https://github.com/cloudfoundry/uaa/blob/master/config/uaa.yml) has no explicit scopes, users and permissions.
Within https://github.com/Altoros/cf-vagrant-installer we wrote customised config files to fit common use cases.

You can try using it in your installation.

Also, there is a very simple initial orgs/spaces setup available: https://github.com/Altoros/cf-vagrant-installer/blob/master/bin/init-cf-cli

Hope this helps.

- Manuel



- Manuel Garcia




Re: [vcap-dev] CF_ng all in one, run 'cf register' get UAA errors. Wei Tie 8/26/13 7:28 PM
Hi James,
   I tried to login with 'admin' but returned "Invalid authentication token", and I can found the exception is thrown when uaalib tried to decode the token. The token is auto got from uaa and no exceptions in uaa log, so I can hardly imagine what's going wrong. 
   ccng log :https://gist.github.com/TieWei/e232b336f34ac47d03ce

在 2013年8月24日星期六UTC+8下午9时31分21秒,James Bayer写道:
Re: CF_ng all in one, run 'cf register' get UAA errors. ZhenKuan Li 8/26/13 11:06 PM
Hi all, thank you for you reply...
Now, i got this debug info:

hc@ict3:~$ cf register -t

Password> ********

Confirm Password> ********

>>>
REQUEST_HEADERS:
  Accept : application/json
  Content-Length : 0
RESPONSE: [200]
RESPONSE_HEADERS:
  content-length : 246
  content-type : application/json;charset=utf-8
  date : Tue, 27 Aug 2013 05:48:08 GMT
  server : thin 1.5.1 codename Straight Razor
  x-content-type-options : nosniff
  x-vcap-request-id : fb071114-0425-43d7-ade2-117a6e263aa7
RESPONSE_BODY:
{
  "name": "vcap",
  "build": "2222",
  "version": 2,
  "description": "Cloud Foundry sponsored by Pivotal",
  "authorization_endpoint": "http://127.0.0.1:8080",
  "token_endpoint": "http://127.0.0.1:8080",
  "allow_debug": true
}
<<<
Your password strength is: good
Creating user.  --->
headers: {"authorization"=>nil, "content-type"=>"application/json;charset=utf-8", "accept"=>"application/json;charset=utf-8"}
body: {"userName":"lieru...@example.com","emails":[{"value":"lieru...@example.com"}],"password":"password123","name":{"givenName":"lieruworiw@example.com","familyName":"lieruworiw@example.com"}}
<---
response: 401
headers: {"server"=>"Apache-Coyote/1.1", "cache-control"=>"no-store", "pragma"=>"no-cache", "www-authenticate"=>"Bearer realm=\"UAA/oauth\", error=\"unauthorized\", error_description=\"Full authentication is required to access this resource\"", "content-type"=>"application/json;charset=utf-8", "transfer-encoding"=>"chunked", "date"=>"Tue, 27 Aug 2013 05:48:08 GMT", "connection"=>"close"}
body: {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}                                                                                ... FAILED
CFoundry::UAAError: unauthorized: Full authentication is required to access this resource
cat ~/.cf/crash # for more details

What's wrong with me? How to solution it.
Thank you!

在 2013年8月24日星期六UTC+8下午3时20分33秒,kelby lee写道:
Re: [vcap-dev] CF_ng all in one, run 'cf register' get UAA errors. YAMANO Yuji 8/26/13 10:48 PM
You uaa config has asymmetric key pairs, but cc tried to decode with symmetric key.
I guess it might be a configuration problem.

On Mon, 26 Aug 2013 19:28:00 -0700 (PDT), Wei Tie <nua...@gmail.com> wrote:

>    ccng log :https://gist.github.com/TieWei/e232b336f34ac47d03ce

{"timestamp":1377569239.6152277,"message":"Invalid bearer token: #<CF::UAA::InvalidSignature: Signature verification failed>
[\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/cf-uaa-lib-1.3.7/lib/uaa/token_coder.rb:118:in
`decode'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/cf-uaa-lib-1.3.7/lib/uaa/token_coder.rb:182:in
`decode'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/lib/vcap/uaa_util.rb:44:in
`decode_token_with_key'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/lib/vcap/uaa_util.rb:28:in
`decode_token_with_symmetric_key'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/lib/vcap/uaa_util.rb:15:in
`decode_token'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/lib/cloud_controller.rb:68:in
`decode_token'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/lib/cloud_controller.rb:43:in
`block in <class:Controller>'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1541:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1541:in
`block in compile!'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:987:in
`[]'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:987:in
`block in process_route'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:985:in
`catch'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:985:in
`process_route'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:941:in
`block in filter!'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:941:in
`each'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:941:in
`filter!'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1058:in
`block in dispatch!'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1041:in
`block in invoke'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1041:in
`catch'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1041:in
`invoke'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1056:in
`dispatch!'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:882:in
`block in call!'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1041:in
`block in invoke'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1041:in
`catch'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1041:in
`invoke'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:882:in
`call!'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:870:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-protection-1.5.0/lib/rack/protection/xss_header.rb:18:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-protection-1.5.0/lib/rack/protection/path_traversal.rb:16:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-protection-1.5.0/lib/rack/protection/json_csrf.rb:18:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-protection-1.5.0/lib/rack/protection/base.rb:49:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-protection-1.5.0/lib/rack/protection/base.rb:49:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-protection-1.5.0/lib/rack/protection/frame_options.rb:31:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/nulllogger.rb:9:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/head.rb:11:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:175:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:1949:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/builder.rb:138:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:65:in
`block in call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:50:in
`each'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/urlmap.rb:50:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/commonlogger.rb:33:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/sinatra-1.4.3/lib/sinatra/base.rb:212:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/rack-1.5.2/lib/rack/builder.rb:138:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:81:in
`block in pre_process'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:79:in
`catch'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/thin-1.5.1/lib/thin/connection.rb:79:in
`pre_process'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:1037:in
`call'\",
\"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/1.9.1/gems/eventmachine-1.0.3/lib/eventmachine.rb:1037:in
`block in
spawn_threadpool'\"]","log_level":"warn","source":"cc.api","data":{"request_guid":"c942d89b-5ee6-4ea1-9dcd-ebe691b8f4f9"},"thread_id":34112640,"fiber_id":50921780,"process_id":22158,"file":"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/lib/cloud_controller.rb","lineno":74,"method":"rescue
in decode_token"}

--
YAMANO Yuji
OGIS-RI