getDisseminator fedoraIntCallUser
11 views
Skip to first unread message
Rastislav Hudak
Sep 6, 2016, 10:25:37 AM9/6/16
to Fedora Community
Hello community!
Any idea where it is (...isn't) configured that fedora should use fedoraIntCallUser for internal redirects?
Trying to upgrade to fedora 3.8 I've run into this. We've got a disseminator defined like
<wsdl:operation name="getDATASTREAMX">
<http:operation location="(DATASTREAMX)"/>
<wsdl:input>
<http:urlReplacement/>
</wsdl:input>
<wsdl:output>
<mime:content type="text/xml"/>
</wsdl:output>
</wsdl:operation>
In the previous version (3.3.1), it meant when calling
...get/o:123/bdef:Asset/getUWMETADATA
fedora used the fedoraIntCallUser to get
...get/o:123/UWMETADATA/<timestamp>
and returned it.
This isn't happening now, fedora translates the request but isn't using the fedoraIntCallUser.
I've checked beSecurity.xml and fedora-users.xml and those seem configured ok. The fedoraIntCallUser is authorized to get the datastream, that's working. It's only that fedora isn't using it...
urn:fedora:names:fedora:2.1:subject:loginId=[]
Thanks for any help!
Rasta
University of Vienna
Any idea where it is (...isn't) configured that fedora should use fedoraIntCallUser for internal redirects?
A. Soroka
Sep 6, 2016, 2:26:26 PM9/6/16
to fedora-c...@googlegroups.com
What actually _is_ happening?
---
A. Soroka
The University of Virginia Library
> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-communi...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
---
A. Soroka
The University of Virginia Library
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-communi...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Rastislav Hudak
Sep 6, 2016, 2:42:50 PM9/6/16
to Fedora Community
Since the datastream is not requested using the internal credentials, the request won't be authorized. Exception below.
org.fcrepo.server.errors.HttpServiceNotFoundException: [DefaultExternalContentManager] returned an error. The underlying error was a org.fcrepo.server.errors.GeneralException The message was "Error getting http://fedora.phaidra-test.univie.ac.at:8080/fedora/get/o:18737/UWMETADATA/2016-09-02T12:03:54.722Z" . at org.fcrepo.server.storage.DefaultExternalContentManager.getExternalContent(DefaultExternalContentManager.java:167) at org.fcrepo.server.access.dissemination.DisseminationService.assembleDissemination(DisseminationService.java:711) at org.fcrepo.server.access.DefaultAccess.getDissemination(DefaultAccess.java:450) at org.fcrepo.server.access.FedoraAccessServlet.getDissemination(FedoraAccessServlet.java:708) at org.fcrepo.server.access.FedoraAccessServlet.doGet(FedoraAccessServlet.java:429) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369) at org.fcrepo.server.security.jaas.AuthFilterJAAS.doFilter(AuthFilterJAAS.java:304) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:109) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:299) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:682) Caused by: org.fcrepo.server.errors.GeneralException: Error getting http://fedora.phaidra-test.univie.ac.at:8080/fedora/get/o:18737/UWMETADATA/2016-09-02T12:03:54.722Z at org.fcrepo.server.storage.DefaultExternalContentManager.getFromWeb(DefaultExternalContentManager.java:228) at org.fcrepo.server.storage.DefaultExternalContentManager.getFromWeb(DefaultExternalContentManager.java:371) at org.fcrepo.server.storage.DefaultExternalContentManager.getExternalContent(DefaultExternalContentManager.java:161) ... 32 more Caused by: java.io.IOException: Request failed [403 Forbidden] at org.fcrepo.common.http.WebClient.execute(WebClient.java:282) at org.fcrepo.common.http.WebClient.get(WebClient.java:222) at org.fcrepo.common.http.WebClient.get(WebClient.java:173) at org.fcrepo.server.storage.DefaultExternalContentManager.getFromWeb(DefaultExternalContentManager.java:190) ... 34 more
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-community+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Fedora Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fedora-community+unsubscribe@googlegroups.com.
A. Soroka
Sep 7, 2016, 9:35:56 AM9/7/16
to fedora-c...@googlegroups.com
What is the actual identity being used for the backend request?
---
A. Soroka
The University of Virginia Library
> > To unsubscribe from this group and stop receiving emails from it, send an email to fedora-communi...@googlegroups.com.
---
A. Soroka
The University of Virginia Library
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-communi...@googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-communi...@googlegroups.com.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
Rastislav Hudak
Sep 7, 2016, 10:24:06 AM9/7/16
to Fedora Community
I'm not sure what you mean by identity (the beServiceRole?)...
...but looking at this log...
(DisseminationService) Replaced dissURL: http://fedora.phaidra-test.univie.ac.at:8080/fedora/get/o:18737/UWMETADATA/2016-09-02
T12:03:54.722Z DissBindingInfo index: 3
(DisseminationService) ProtocolType: H
(DisseminationService) ******************getDisseminationContent beServiceRole: sdep:Collection-AssetImpl
(DisseminationService) ******************getDisseminationContent beServiceCallBasicAuth: false
(DisseminationService) ******************getDisseminationContent beServiceCallSSL: false
(DisseminationService) ******************getDisseminationContent beServiceCallUsername:
(DisseminationService) ******************getDisseminationContent beServiceCallPassword:
...and into the code...
if (ServerUtility.isURLFedoraServer(dissURL)) {
beServiceRole = BackendPolicies.FEDORA_INTERNAL_CALL;
} else {
beServiceRole = deploymentPID;
}
...I'd thought the isURLFedoraServer might have a problem with some configuration. That method does not log anything, but looking at the disseminator url, I don't see anything wrong here...
<bean class="org.fcrepo.server.config.Parameter">
<constructor-arg type="java.lang.String" value="fedoraServerPort"></constructor-arg>
<property name="value" value="8080" />
</bean>
<bean class="org.fcrepo.server.config.Parameter">
<constructor-arg type="java.lang.String" value="fedoraRedirectPort"></constructor-arg>
<property name="value" value="8443" />
</bean>
...
<bean class="org.fcrepo.server.config.Parameter">
<constructor-arg type="java.lang.String" value="fedoraAppServerContext"></constructor-arg>
<property name="value" value="fedora" />
</bean>
...
<bean class="org.fcrepo.server.config.Parameter">
<constructor-arg type="java.lang.String" value="fedoraServerHost"></constructor-arg>
<property name="value" value="fedora.phaidra-test.univie.ac.at" />
</bean>
> > To unsubscribe from this group and stop receiving emails from it, send an email to fedora-community+unsubscribe@googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-community+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Fedora Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to fedora-community+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Fedora Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fedora-community+unsubscribe@googlegroups.com.
Rastislav Hudak
Sep 8, 2016, 6:49:05 AM9/8/16
to Fedora Community
So I've added some log and found iiiit!
This
String fHost = CONFIG.getParameter(FEDORA_SERVER_HOST,Parameter.class).getValue();
returns the value from fedora.fcfg where it was incomplete (phaidra-test.univie.ac.at instead of fedora.phaidra-test.univie.ac.at).
I'm not sure why this haven't been a problem anywhere else, but I guess it's because the applicationContext.xml is mostly used to get the value...
Reply all
Reply to author
Forward
0 new messages