Installation issues with ICAT and TopCAT

[kriste...@gmail.com]

Hallo,

I'm trying to get ICAT and TopCAT installed on a virtual machine running CentOS 6.3 (64 bits)

All is well right up until the end when I have TopCAT installed and try to login from TopCAT and get a check username/password error.
The installation and test script (test.py) for ICAT gave no errors.

I also tried to use the create.py script from the verification test just to populathe the empty db with something. Got an execption thrown here "Read acces not allowed..."
Since the test.py script from the ICAT installation worked I tried to find out what's going on. Connecting to the ICAT is fine, but while

groups = service.search(sessionId, "Group[name='annoying animals']")

works fine. The call in the service verification

facilities = service.search(sessionId, "Facility[name='My Facility']")

yeilds
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/suds/client.py", line 542, in __call__
return client.invoke(args, kwargs)
File "/usr/lib/python2.6/site-packages/suds/client.py", line 602, in invoke
result = self.send(soapenv)
File "/usr/lib/python2.6/site-packages/suds/client.py", line 657, in send
result = self.failed(binding, e)
File "/usr/lib/python2.6/site-packages/suds/client.py", line 712, in failed
r, p = binding.get_fault(reply)
File "/usr/lib/python2.6/site-packages/suds/bindings/binding.py", line 265, in get_fault
raise WebFault(p, faultroot)
suds.WebFault: Server raised fault: 'Read access to this Facility is not allowed.'

I'm not sure if this is related to the TopCAT authentication problem.
I use the root account in the authn_db PASSWD table to connect.

What am I doing wrong? I suspect it's a simple thing I'm missing but I cannot figure out what.

Some installation information (I'll be happy to supply more input):

ICAT 4.2.1
TopCAT 1.7
Glassfish 3.1.2
MySQL 5.1.67

Authentication method is db.

I'll attach the complete erro message from server.log as soon as I figure out if this can be in an attached file. It starts with
[#|2013-01-16T13:24:50.166+0100|FINE|glassfish3.1.2|org.eclipse.persistence.session.file:/home/icat/glassfish3/glassfish/domains/domain1/applications/TopCAT/WEB-INF/lib/TopCATEJB-1.7.jar_TopCATEJBPU.sql|_ThreadID=209;_ThreadName=Thread-2;ClassName=null;MethodName=null;|SELECT ID, AUTHENTICATION_SERVICE_TYPE, AUTHENTICATION_SERVICE_URL, DEFAULT_PASSWORD, DEFAULT_USER, DOWNLOAD_PLUGIN_NAME, NAME, PLUGIN_NAME, SERVER_URL, VERSION FROM TOPCAT_ICAT_SERVER WHERE (NAME = ?)
bind => [1 parameter bound]|#]

[#|2013-01-16T13:24:50.168+0100|WARNING|glassfish3.1.2|javax.enterprise.system.container.ejb.com.sun.ejb.containers|_ThreadID=209;_ThreadName=Thread-2;|EJB5184:A system exception occurred during an invocation on EJB UserManagementBean, method: public void uk.ac.stfc.topcat.ejb.session.UserManagementBean.login(java.lang.String,java.lang.String,java.lang.String,java.util.Map) throws uk.ac.stfc.topcat.core.exception.AuthenticationException|#]

[#|2013-01-16T13:24:50.170+0100|WARNING|glassfish3.1.2|javax.enterprise.system.container.ejb.com.sun.ejb.containers|_ThreadID=209;_ThreadName=Thread-2;|javax.ejb.EJBException

/Krister Larsson

[Steve Fisher]

The authorization is not set correctly. The "root account" has access to Group, User, UserGroup and Rule only. This is why the test.py works with the Group.

I don't now what authorization rules you have defined. However as you were authenticated with the root user, unless your authz rules allow him to access "Facility" then you will get the message you saw.

I hope this is clear ;-)

Steve

--
You received this message because you are subscribed to the Google Groups "icatproject-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to icatproject-sup...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[kriste...@gmail.com]

Got it. Thanks Steve.