Working via Tuque with XACML for copying fedora objects?

70 views
Skip to first unread message

Ashok Modi

unread,
Feb 16, 2015, 5:30:40 PM2/16/15
to island...@googlegroups.com
Hi,

I'm working on a project where fedora objects that were in Islandora 6.x are being moved over to to Islandora 7.x and its new content modules (the module is at https://github.com/btmash/islandora_remote_object_copy, btw). You provide the credentials for your D6 site (hopefully admin creds along with the URI to the fedora repo), provide a pid and it can copy it over (and works with drush). And for the most part, the module is working really well. Tuque connects to the remote repo, gets the object + its datastreams, and uses a mapping to map them to the appropriate D7 solution pack content model to bring over. However, the key words being "for the most part".

The issue that I am running into are with objects that are behind a XACML policy. I am unable gain access to them via using the tuque api (I get unauthorized access or some such). However, it is using the same set of credentials to connect as they were for the D6 site (and on the d6 site, the object with the same user credentials is perfectly viewable).

Any ideas on what may be the cause to the issue or how I should approach debugging it?

Ashok Modi

unread,
Feb 18, 2015, 12:43:17 PM2/18/15
to island...@googlegroups.com
From the islandora camp yesterday, I found out that you can connect to a fedora repo *even* if you provide invalid credentials. Basically, if a user cannot be found with the appropriate credentials, then Fedora will assume you are an anonymous user (so its a feature or a bug depending on how you look at things). I also found out I should instaed of passing the password, I should instead be passing the HASH of the password that is stored in the database (D6 uses MD5, D7 uses various mechanisms along with salting to create a password). I should be testing this out in the next couple of days and provide an update on this.

Diego Pino

unread,
Feb 18, 2015, 3:16:08 PM2/18/15
to island...@googlegroups.com
Hi, maybe of some use: using a drupal db hash (password) is a way of avoiding the drupal filter. This is well documented and used by Giancarlo Birello on: http://v2p2dev.to.cnr.it/doku.php?id=isla2:tools

-Diego

Peter MacDonald

unread,
Feb 19, 2015, 4:50:21 PM2/19/15
to island...@googlegroups.com
Ashok:

I installed islandora_remote_object_copy and and playing with it.

When I request a copy be done from one Fedora to another, I am getting a timeout error from Tuque when your module calls

$fedora_object = $repository->getObject($fedora_pid);

I'm wondering what version of the Tuque you have tested your module on.

The URL, username and password I'm using are all valid for that target Fedora instance.

Peter MacDonald

--
You received this message because you are subscribed to the Google Groups "islandora-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to islandora-de...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
Peter MacDonald,
Library Information Systems Specialist
Hamilton College Library
Clinton, New York
315 859-4493
pmacdona-hamilton (Skype)

Ashok Modi

unread,
Feb 24, 2015, 6:58:12 PM2/24/15
to island...@googlegroups.com
@Peter,

Hmm, that is pretty strange. My timeout for the module is set fairly high (1 hour). Did the timeout come quickly or after a long period?

@Diego, its now been confirmed that once I passed through the hashed password that is stored in the DB (ie. not the cleartext version of the password), fedora objects behind a XACML policy were copied over.

Thank you!

-Ashok

Diego Pino

unread,
Feb 25, 2015, 9:01:34 AM2/25/15
to island...@googlegroups.com
Hi Ashok, have been looking at your module's code, very handy to have around! thanks, very Nice, this gives me a plenty of ideas =) 

Peter MacDonald

unread,
Mar 17, 2015, 5:29:44 PM3/17/15
to island...@googlegroups.com
Hi Ashok:

I've been using your "islandora_remote_object_copy" module and like it a lot.

I noticed that it is not designed to copy every kind of datastreams. How much work is it to add more, such as JP2, TECHMD, and others that are missing?

I'm not sure where to begin working on this, though I have been reading the code a lot lately.

Finally, I am happy to say that the Fedora objects do indeed get copied as intended, but the process always ends up this way. I wonder if there is something I can do to get it to end more cleanly.

  • Warning: Creating default object from empty value in islandora_remote_object_copy_copy_single_object() (line 244 of /home/lisham/public_html/sites/all/modules/custom/islandora_remote_object_copy/islandora_remote_object_copy.module).
  • Warning: Creating default object from empty value in islandora_remote_object_copy_copy_single_object() (line 244 of /home/lisham/public_html/sites/all/modules/custom/islandora_remote_object_copy/islandora_remote_object_copy.module).
  • Warning: Creating default object from empty value in islandora_remote_object_copy_copy_single_object() (line 244 of /home/lisham/public_html/sites/all/modules/custom/islandora_remote_object_copy/islandora_remote_object_copy.module).
  • RepositoryException: Unauthorized in RepositoryConnection->parseFedoraExceptions() (line 229 of /home/lisham/public_html/sites/all/libraries/tuque/RepositoryConnection.php).
Thanks again for offering this module for public use and evaluation.
Peter MacDonald

Ashok Modi

unread,
Mar 19, 2015, 4:43:16 PM3/19/15
to island...@googlegroups.com
Hi Peter,

Thanks for the kind words. Regarding other datastreams: I do not have a UI for it but that doesn't negate that we couldn't do it via code. What I'm currently doing is accepting only original datastreams, letting them get ingested, and then making islandora create all necessary derivatives. I'm def. open to figuring out how to figure out which ones are matching derivatives so we bring it over more nicely.

Regarding the issue you are getting...hmm, can you test with a more recent version of the module? I had added some code and want to get the right set of lines showing up locally (or you can post what you have on line 244 of the module). My initial suspicion would be that the credentials to view the appropriate object/collection are incorrent and that is why you are ending up with an unauthorized RepositoryException. To set the appropriate credentials, you need to do so at http://MYSITE/admin/config/development/islandora-remote-object-copy-settings

Regards,
Ashok

Peter MacDonald

unread,
Mar 19, 2015, 5:09:49 PM3/19/15
to island...@googlegroups.com
This is helpful information, Ashok. I'll get back to working with the module after I put out some raging fires here.

Peter

--
You received this message because you are subscribed to the Google Groups "islandora-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to islandora-de...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages