Export Metadata Unauthorized 401
441 views
Skip to first unread message
Vicente Zapatero Martin
Jun 20, 2022, 8:16:21 AM6/20/22
to DSpace Technical Support
After export metadata from "Export\Metadata" I get Unauthorized 401 error message when I click in csv file output.
It's an URL like this:
http://localhost:4000/bitstreams/8e7eec16-76b6-4a6b-bfe4-7ef96b88bd7c/download
This is a log example:
2022-06-20 13:20:01,594 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:01,594 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:01,616 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:01,616 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 77f2c73b-64e4-463d-8a60-9f11bacdf71b org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /
2022-06-20 13:20:03,934 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:03,934 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:03,965 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:03,965 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 277d98eb-4ac4-4523-a7ea-a6e032d31911 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /
2022-06-20 13:20:06,020 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:06,020 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:06,036 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:06,036 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 7fd46ec4-4ea9-4b75-80b5-586599bbee92 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/system/processes/2] originated from /
2022-06-20 13:20:21,011 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:21,011 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:21,026 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:21,026 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 bc9bf16d-b58c-4c69-b92e-61713b14ab50 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /processes/2
2022-06-20 13:20:23,335 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:23,335 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:23,357 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:23,357 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 ed348e92-17ae-4875-88a9-2ac6873751d2 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /processes/2
2022-06-20 13:20:25,390 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:25,390 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:25,405 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:25,405 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:25,421 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,421 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,421 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 705a17c7-31c8-4661-835c-950d9b3abf32 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/core/bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/bundle] originated from /processes/2
2022-06-20 13:20:25,421 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 9c5bcc7e-e978-453c-a888-8e91c2d125e2 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/core/bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/format] originated from /processes/2
2022-06-20 13:20:25,437 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 9c5bcc7e-e978-453c-a888-8e91c2d125e2 org.dspace.content.BitstreamServiceImpl @ ::find_bitstream:bitstream_id=be3264c9-1263-401e-ad30-2b2f0a2180e2
2022-06-20 13:20:25,437 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 705a17c7-31c8-4661-835c-950d9b3abf32 org.dspace.content.BitstreamServiceImpl @ ::find_bitstream:bitstream_id=be3264c9-1263-401e-ad30-2b2f0a2180e2
2022-06-20 13:20:25,513 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:25,513 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:25,513 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,513 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 26b514ab-1485-4479-9d1d-98bcbb0330d1 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [POST /server721/api/authn/shortlivedtokens] originated from /bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/download
2022-06-20 13:20:25,513 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 26b514ab-1485-4479-9d1d-98bcbb0330d1 org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,513 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 26b514ab-1485-4479-9d1d-98bcbb0330d1 org.dspace.core.Context @ Cache size on commit is 22
2022-06-20 13:20:27,549 WARN unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ 127.0.0.1 tried to use an expired or non-valid token
2022-06-20 13:20:27,549 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:27,549 INFO unknown e8f70cdc-d0fd-4645-852a-1428fcb09857 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/core/bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/content] originated from http://localhost:4000/
2022-06-20 13:20:27,564 DEBUG unknown e8f70cdc-d0fd-4645-852a-1428fcb09857 org.dspace.content.BitstreamServiceImpl @ anonymous::find_bitstream:bitstream_id=be3264c9-1263-401e-ad30-2b2f0a2180e2
2022-06-20 13:20:27,564 WARN unknown e8f70cdc-d0fd-4645-852a-1428fcb09857 org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Authentication is required (status:401)
Thanks
It's an URL like this:
http://localhost:4000/bitstreams/8e7eec16-76b6-4a6b-bfe4-7ef96b88bd7c/download
This is a log example:
2022-06-20 13:20:01,594 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:01,594 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:01,616 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:01,616 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 77f2c73b-64e4-463d-8a60-9f11bacdf71b org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /
2022-06-20 13:20:03,934 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:03,934 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:03,965 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:03,965 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 277d98eb-4ac4-4523-a7ea-a6e032d31911 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /
2022-06-20 13:20:06,020 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:06,020 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:06,036 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:06,036 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 7fd46ec4-4ea9-4b75-80b5-586599bbee92 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/system/processes/2] originated from /
2022-06-20 13:20:21,011 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:21,011 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:21,026 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:21,026 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 bc9bf16d-b58c-4c69-b92e-61713b14ab50 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /processes/2
2022-06-20 13:20:23,335 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:23,335 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:23,357 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:23,357 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 ed348e92-17ae-4875-88a9-2ac6873751d2 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api] originated from /processes/2
2022-06-20 13:20:25,390 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:25,390 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:25,405 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:25,405 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:25,421 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,421 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,421 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 705a17c7-31c8-4661-835c-950d9b3abf32 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/core/bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/bundle] originated from /processes/2
2022-06-20 13:20:25,421 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 9c5bcc7e-e978-453c-a888-8e91c2d125e2 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/core/bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/format] originated from /processes/2
2022-06-20 13:20:25,437 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 9c5bcc7e-e978-453c-a888-8e91c2d125e2 org.dspace.content.BitstreamServiceImpl @ ::find_bitstream:bitstream_id=be3264c9-1263-401e-ad30-2b2f0a2180e2
2022-06-20 13:20:25,437 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 705a17c7-31c8-4661-835c-950d9b3abf32 org.dspace.content.BitstreamServiceImpl @ ::find_bitstream:bitstream_id=be3264c9-1263-401e-ad30-2b2f0a2180e2
2022-06-20 13:20:25,513 DEBUG unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ Received valid token for username:
2022-06-20 13:20:25,513 DEBUG unknown unknown org.dspace.app.rest.security.StatelessAuthenticationFilter @ Found authentication data in request for EPerson
2022-06-20 13:20:25,513 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,513 INFO 9cf3d41f-12e5-4b27-ad88-8765b011ab37 26b514ab-1485-4479-9d1d-98bcbb0330d1 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [POST /server721/api/authn/shortlivedtokens] originated from /bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/download
2022-06-20 13:20:25,513 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 26b514ab-1485-4479-9d1d-98bcbb0330d1 org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:25,513 DEBUG 9cf3d41f-12e5-4b27-ad88-8765b011ab37 26b514ab-1485-4479-9d1d-98bcbb0330d1 org.dspace.core.Context @ Cache size on commit is 22
2022-06-20 13:20:27,549 WARN unknown unknown org.dspace.app.rest.security.jwt.JWTTokenHandler @ 127.0.0.1 tried to use an expired or non-valid token
2022-06-20 13:20:27,549 DEBUG unknown unknown org.dspace.core.LegacyPluginServiceImpl @ Adding Sequence plugin for interface= org.dspace.authenticate.AuthenticationMethod, class=org.dspace.authenticate.PasswordAuthentication
2022-06-20 13:20:27,549 INFO unknown e8f70cdc-d0fd-4645-852a-1428fcb09857 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server721/api/core/bitstreams/be3264c9-1263-401e-ad30-2b2f0a2180e2/content] originated from http://localhost:4000/
2022-06-20 13:20:27,564 DEBUG unknown e8f70cdc-d0fd-4645-852a-1428fcb09857 org.dspace.content.BitstreamServiceImpl @ anonymous::find_bitstream:bitstream_id=be3264c9-1263-401e-ad30-2b2f0a2180e2
2022-06-20 13:20:27,564 WARN unknown e8f70cdc-d0fd-4645-852a-1428fcb09857 org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Authentication is required (status:401)
Thanks
Vicente Zapatero Martin
Jul 6, 2022, 8:31:11 AM7/6/22
to DSpace Technical Support
I can't download any bitstream. Metadata csv's files, etc. In version dspace 7.3 I have the same error. Surely I forgot any configuration.
Any idea?
Thanks.
Vicente Zapatero Martin
Jul 7, 2022, 7:43:41 AM7/7/22
to DSpace Technical Support
I add these screenshots.When I clicked in file I get "sprint Whitelable Error Page".
Tim Donohue
Jul 11, 2022, 12:00:09 PM7/11/22
to Vicente Zapatero Martin, DSpace Technical Support
Hi Vicente,
This is just a guess, but it's possible you have some sort of misconfiguration between the frontend & backend which is causing the frontend to not be "trusted" by the backend.
You should check our troubleshooting guide and see if there are any errors in your Browser's DevTools: https://wiki.lyrasis.org/display/DSPACE/Troubleshoot+an+error#Troubleshootanerror-DSpace7.x(orabove)
This is just a guess, but it's possible you have some sort of misconfiguration between the frontend & backend which is causing the frontend to not be "trusted" by the backend.
You should check our troubleshooting guide and see if there are any errors in your Browser's DevTools: https://wiki.lyrasis.org/display/DSPACE/Troubleshoot+an+error#Troubleshootanerror-DSpace7.x(orabove)
It might be that you are hitting a CSRF token issue, or a CORS error, or similar. If so, the solution to those are in our Common Installation Issues listed here: https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-CommonInstallationIssues
Good luck & if you need more help let us know on this list.
Tim
From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of Vicente Zapatero Martin <vzapate...@gmail.com>
Sent: Thursday, July 7, 2022 6:43 AM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] Re: Export Metadata Unauthorized 401
Sent: Thursday, July 7, 2022 6:43 AM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] Re: Export Metadata Unauthorized 401
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/a3108dcf-637e-4286-9515-866fcea2450an%40googlegroups.com.
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/a3108dcf-637e-4286-9515-866fcea2450an%40googlegroups.com.
Vicente Zapatero Martin
Jul 13, 2022, 4:28:53 AM7/13/22
to DSpace Technical Support
It's quite strange. I only receive this 401 error when i'm trying to access to "processes" log and csv (metadata-import) bitstreams but when i access to a article bitstream (pdf, docx) i can download it.
I've been reading CSRF and CORS error but I was analyzing browser developer tools, request and cookies. Token and samesite (Lex) cookie have got values both.
I don't know, I'm using a testing environment in the same domain:
UI Front End: localhost.local:4000
Back End: localhost.local:8080
Perhaps should I configure SSL for local testing environment??
Thanks
Tim Donohue
Jul 13, 2022, 4:19:10 PM7/13/22
to Vicente Zapatero Martin, DSpace Technical Support
Hi Vincente,
A 401 error from the DSpace backend tends to mean one of two things:
- Either you are not logged in, or your account simply doesn't have permissions (e.g. some areas of the application are only available to Administrators)
- Or, you have a CSRF or samesite cookie issue, where your authentication information is being "lost" between the backend and the frontend. However, if this is occurring, you'd usually see the same problem on all pages which require authentication.
Again I'd highly recommend looking at the Troubleshooting Guide for tips. You may want to pay close attention to what is going on in your browser's DevTools (the network tab) when you access the pages which return a 401. I'd also recommend verifying
you are a member of the Administrator group and no other errors are in the dspace.log or Tomcat logs.
If you find any other clues and need more help, let us know on this list.
Tim
From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of Vicente Zapatero Martin <vzapate...@gmail.com>
Sent: Wednesday, July 13, 2022 3:28 AM
Subject: Re: [dspace-tech] Re: Export Metadata Unauthorized 401
To view this discussion on the web visit
https://groups.google.com/d/msgid/dspace-tech/2a41fa79-71c3-4a39-a5d2-e5a67e09e9a0n%40googlegroups.com.
Vicente Zapatero Martin
Jul 15, 2022, 8:34:34 AM7/15/22
to DSpace Technical Support
Thanks Tim.
I have been looking in Troubleshooting Guide. I have been what's going on y devtools, finding out differences in request and response heads between demo7 dspace site and my localhost testing site.
It's how you have said: authentication to backend "is lost". When I download a file from an article access to document it's allowed for anonymous users so I have no problem with user with permissions or without them. I have read installations instructions in wiki and I repeated localhost installation some times from zero but I have the same results.
DEVTOOLS OUTPUT IN DEMO7 DSPACE
REQUEST
GET /server/api/core/bitstreams/d46aa5dc-38cf-4980-94a4-2bbc9192b373/content?authentication-token=eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiIzMzU2NDdiNi04YTUyLTRlY2ItYThjMS03ZWJhYmIxOTliZGEiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE2NTc4ODQ1MTJ9.Q3u0u_h5pZ6foZoGO0uN8sZgJVxqDM_9IcN7ksdw31s HTTP/1.1
Host: api7.dspace.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://demo7.dspace.org/
Cookie: DSPACE-XSRF-COOKIE=5a900961-b49d-4ce6-ba20-930eb5fa51f8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
GET /server/api/core/bitstreams/d46aa5dc-38cf-4980-94a4-2bbc9192b373/content?authentication-token=eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiIzMzU2NDdiNi04YTUyLTRlY2ItYThjMS03ZWJhYmIxOTliZGEiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE2NTc4ODQ1MTJ9.Q3u0u_h5pZ6foZoGO0uN8sZgJVxqDM_9IcN7ksdw31s HTTP/1.1
Host: api7.dspace.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://demo7.dspace.org/
Cookie: DSPACE-XSRF-COOKIE=5a900961-b49d-4ce6-ba20-930eb5fa51f8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
RESPONSE
HTTP/1.1 200 200
Date: Fri, 15 Jul 2022 11:28:30 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Language: en
ETag: "87b04f95b4d65819dd9d0ee7d6af963e"
Accept-Ranges: bytes
Expires: Fri, 15 Jul 2022 12:28:30 GMT
Cache-Control: private,no-cache
Content-Disposition: inline;filename="metadata-export138.log"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Type: application/octet-stream;charset=UTF-8
Content-Length: 263
Access-Control-Expose-Headers: Authorization, expires, Location, Content-Disposition, WWW-Authenticate, Set-Cookie, X-Requested-With, DSPACE-XSRF-TOKEN
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
HTTP/1.1 200 200
Date: Fri, 15 Jul 2022 11:28:30 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
Content-Language: en
ETag: "87b04f95b4d65819dd9d0ee7d6af963e"
Accept-Ranges: bytes
Expires: Fri, 15 Jul 2022 12:28:30 GMT
Cache-Control: private,no-cache
Content-Disposition: inline;filename="metadata-export138.log"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
X-Frame-Options: DENY
Content-Type: application/octet-stream;charset=UTF-8
Content-Length: 263
Access-Control-Expose-Headers: Authorization, expires, Location, Content-Disposition, WWW-Authenticate, Set-Cookie, X-Requested-With, DSPACE-XSRF-TOKEN
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
DEVTOOLS OUTPUT IN LOCALHOST
REQUEST
GET /server73d/api/core/bitstreams/ca84230d-3719-4cff-a5c7-ac88565ccaf4/content?authentication-token=eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiIzZGU0NjA2NS1jNjBiLTQzNTMtYTdhNy1hMTVhODY3N2QyZjQiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE2NTc4ODQzNDF9.jiElZ4EQkRtXskRh_Y195rSfgqNhZW9t18DcCg2mhGA HTTP/1.1
Host: localhost.local:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost.local:4000/
Cookie: DSPACE-XSRF-COOKIE=88924c55-e638-40d7-96c3-d6fe78112683; klaro-anonymous=%7B%22authentication%22%3Atrue%2C%22preferences%22%3Atrue%2C%22acknowledgement%22%3Atrue%2C%22google-analytics%22%3Atrue%7D; _ga=GA1.2.1520468102.1657614120; CORRELATION-ID=585749b6-116f-4ba7-9d58-3c142ee3c923; dsLanguage=es; XSRF-TOKEN=88924c55-e638-40d7-96c3-d6fe78112683; dsAuthInfo={%22accessToken%22:%22eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiIzZGU0NjA2NS1jNjBiLTQzNTMtYTdhNy1hMTVhODY3N2QyZjQiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE2NTc4ODYwMjB9.ivBPfxVET6B_HOi-xAxd7elLWmpsHkT84qjp-JV4KOw%22%2C%22expires%22:1657886020000}; klaro-3de46065-c60b-4353-a7a7-a15a8677d2f4={%22authentication%22:true%2C%22preferences%22:true%2C%22acknowledgement%22:true%2C%22google-analytics%22:true}
Upgrade-Insecure-Requests: 1
GET /server73d/api/core/bitstreams/ca84230d-3719-4cff-a5c7-ac88565ccaf4/content?authentication-token=eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiIzZGU0NjA2NS1jNjBiLTQzNTMtYTdhNy1hMTVhODY3N2QyZjQiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE2NTc4ODQzNDF9.jiElZ4EQkRtXskRh_Y195rSfgqNhZW9t18DcCg2mhGA HTTP/1.1
Host: localhost.local:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost.local:4000/
Cookie: DSPACE-XSRF-COOKIE=88924c55-e638-40d7-96c3-d6fe78112683; klaro-anonymous=%7B%22authentication%22%3Atrue%2C%22preferences%22%3Atrue%2C%22acknowledgement%22%3Atrue%2C%22google-analytics%22%3Atrue%7D; _ga=GA1.2.1520468102.1657614120; CORRELATION-ID=585749b6-116f-4ba7-9d58-3c142ee3c923; dsLanguage=es; XSRF-TOKEN=88924c55-e638-40d7-96c3-d6fe78112683; dsAuthInfo={%22accessToken%22:%22eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiIzZGU0NjA2NS1jNjBiLTQzNTMtYTdhNy1hMTVhODY3N2QyZjQiLCJzZyI6W10sImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoicGFzc3dvcmQiLCJleHAiOjE2NTc4ODYwMjB9.ivBPfxVET6B_HOi-xAxd7elLWmpsHkT84qjp-JV4KOw%22%2C%22expires%22:1657886020000}; klaro-3de46065-c60b-4353-a7a7-a15a8677d2f4={%22authentication%22:true%2C%22preferences%22:true%2C%22acknowledgement%22:true%2C%22google-analytics%22:true}
Upgrade-Insecure-Requests: 1
RESPONSE
HTTP/1.1 401
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Language: es-ES
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Length: 316
Date: Fri, 15 Jul 2022 11:25:46 GMT
Keep-Alive: timeout=20
Connection: keep-alive
HTTP/1.1 401
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Language: es-ES
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: text/html;charset=UTF-8
Content-Length: 316
Date: Fri, 15 Jul 2022 11:25:46 GMT
Keep-Alive: timeout=20
Connection: keep-alive
I've been looking for in tomcat logs but nothing important. Only 401 request.
Could it be for not use a SSL in the backend? I found out more cookies sent in localhost http environment. I was considering deploying backed with https.
I continue with it. Many thanks.
Tim Donohue
Jul 15, 2022, 11:50:03 AM7/15/22
to Vicente Zapatero Martin, DSpace Technical Support
Hi Vincente,
If your backend is running on a different machine/server (i.e. it's not on your localhost), then it MUST be running via HTTPS. So, yes, it's possible that HTTPS is the problem if that is how you have your backend running. However, if you are running both the frontend & backend on your local machine using localhost URLs, and accessing both from your same local machine, then HTTP should work fine.
If your backend is running on a different machine/server (i.e. it's not on your localhost), then it MUST be running via HTTPS. So, yes, it's possible that HTTPS is the problem if that is how you have your backend running. However, if you are running both the frontend & backend on your local machine using localhost URLs, and accessing both from your same local machine, then HTTP should work fine.
Many developers simply run the frontend/backend on localhost via HTTP...and everything works fine in that way. But, as soon as you want to access either via a non-localhost URL, then you MUST switch (at least the backend) over to HTTPS. See also step 16
(which talks about this) of the backend installation process: https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-BackendInstallation
Tim
From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of Vicente Zapatero Martin <vzapate...@gmail.com>
Sent: Friday, July 15, 2022 7:34 AM
To view this discussion on the web visit
https://groups.google.com/d/msgid/dspace-tech/e1004bf7-b594-4076-9a13-381d2f48b3c3n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages