We have been withdrawing items from our collections from time to time when authors decide they would like to restrict their submission. We can verify that the item is no longer viewable through the browse and search functions in dspace after making the withdrawal. However we recently discovered that the restricted items are still viewable through a web browser by entering the URL of the pdf located in the bitstream directory. This is also evident when I visit other dspace sites on the web. This appears to be a security issue/bug in DSpace as the items are not actually withdrawn but only partially hidden. Has anyone else encounter this issue and if so is there a fix or work around.
We also discovered that when an item is withdrawn the browse function in dspace throws the following exception. The browse lists still contain a reference to the withdrawn item but should exclude the withdrawn item from its list because the item can’t be browsed. When the item is reinstated the exceptions stop. This also appears to be a bug.
An internal server error occurred on http://qspace.library.queensu.ca:
Date: 9/9/08 1:49 PM
Session ID: B0F698642DC0A0C3C4B6D290843C6005
-- URL Was: http://qspace.library.queensu.ca/dspace/browse-title?top=1974%2F1236
-- Method: GET
-- Parameters were:
-- top: "1974/1236"
Exception:
org.postgresql.util.PSQLException: No value specified for parameter 2.
at org.postgresql.core.v3.SimpleParameterList.checkAllParametersSet(SimpleParameterList.java:150)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:179)
at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:452)
at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:354)
at org.postgresql.jdbc2.AbstractJdbc2Statement.executeQuery(AbstractJdbc2Statement.java:258)
at org.apache.commons.dbcp.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:92)
at org.apache.commons.dbcp.DelegatingPreparedStatement.executeQuery(DelegatingPreparedStatement.java:92)
at org.dspace.storage.rdbms.DatabaseManager.queryPrepared(DatabaseManager.java:354)
at org.dspace.browse.Browse.getResultsAfterFocus(Browse.java:886)
at org.dspace.browse.Browse.doBrowse(Browse.java:725)
at org.dspace.browse.Browse.getItemsByTitle(Browse.java:174)
at org.dspace.app.webui.servlet.BrowseServlet.doDSGet(BrowseServlet.java:359)
at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:151)
at org.dspace.app.webui.servlet.DSpaceServlet.doGet(DSpaceServlet.java:99)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Ron Stevenhaagen
Technical Specialist
Information Technology Services
Queen's University
Kingston, Ontario