Could it be possible that this is related to https://fedora-commons.org/jira/browse/FCREPO-703 ?
Huân, to see if this is the case, you could modify fedora.fcfg and change the parameter datastreamContentDispositionInlineEnabled to false to verify if this is the case. Regards Steve > -----Original Message----- > From: Huân Thebault [mailto:[email protected]] > Sent: 01 June 2010 15:10 > To: fedora-commons-developers > Subject: Re: [Fedora-commons-developers] PEP Denying Access > > > Hi Nish > > You're right, I don't have policies to allow anonymous > access. But the real > problem is that I am NOT using anonymous access. I'm > identifying myself as > "fedoraAdmin". > > I attach a log file, corresponding to the following scenario : > - 2010-06-01 15:51:48.726 : I go to "/fedora/objects" url. I am > prompted for authentification, I am authentifying myself as > "fedoraAdmin" > - I search "*", everything's fine, I've got results > - I try to access an object called "CRDO-Aix:PYJ011" > - I'm prompted for authentication, I give "fedoraAdmin" > credentials, > but the HTTP basic auth. popup come up again and again and again... > And as you can see in logs, I'm then seen as "anonymous" > > > > ----- > Huân Thebault > Centre de Calcul de l'IN2P3 > Development Team > Tel. Std +33 4 78 93 08 80 > > > > > > > > -----Message d'origine----- > De : Nishen Naidoo [mailto:[email protected]] > Envoyé : mardi 1 juin 2010 13:11 > À : [email protected]; 'Huan Thebault' > Cc : 'fedora-commons-develop...@lists. sourceforge. net' > Objet : RE: [Fedora-commons-developers] PEP Denying Access > > Hi Huan, > > You probably don't have policies to allow anoymous access to > resources. From > the request, it is identifying that there is no authenticated > user trying to > access the item. For this to work you will need to add a policy to the > bootstrap policies to allow this. > > Something like this might work: > > <?xml version="1.0" encoding="UTF-8"?> > <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" > xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0- > policy-schema- > os.xsd > urn:oasis:names:tc:xacml:2.0:context:schema:os > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0- > context-schema > -os.xsd" > PolicyId="anonymous:readall" > RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combinin > g-algorithm:pe > rmit-overrides"> > <Description>A policy to provide public users the ability to view all > objects in the demo object collection</Description> > <Target> > <Subjects> > <Subject> > <SubjectMatch > MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>anonymous</ > AttributeValue > > > <SubjectAttributeDesignator > AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" > DataType="http://www.w3.org/2001/XMLSchema#string"; /> > </SubjectMatch> > </Subject> > </Subjects> > <Resources> > <Resource> > <!-- to view everything under the resource collection --> > <ResourceMatch > MatchId="urn:oasis:names:tc:xacml:2.0:function:anyURI-regexp-match"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>/.*</Attrib > uteValue> > <ResourceAttributeDesignator > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" > DataType="http://www.w3.org/2001/XMLSchema#anyURI"; /> > </ResourceMatch> > </Resource> > </Resources> > <Actions> > <Action> > <ActionMatch > MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>urn:fedora: > names:fedora:2 > .1:action:api-a</AttributeValue> > <ActionAttributeDesignator > AttributeId="urn:fedora:names:fedora:2.1:action:api" > DataType="http://www.w3.org/2001/XMLSchema#string"; /> > </ActionMatch> > </Action> > <Action> > <ActionMatch > MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>read</Attri > buteValue> > <ActionAttributeDesignator > AttributeId="urn:fedora:names:fedora:2.1:action:id" > DataType="http://www.w3.org/2001/XMLSchema#string"; /> > </ActionMatch> > </Action> > </Actions> > </Target> > <Rule Effect="Permit" > RuleId="au:edu:mq:melcoe:ramp:fedora:xacml:2.0:rule:generic-permit"/> > </Policy> > > > > > > > > Nishen Naidoo > IT Projects Developer > Library IT > MACQUARIE UNIVERSITY NSW 2109 > > E-Mail: [email protected] > Phone: +61 2 98506553 > Mobile: +61 4 30006783 > Fax: +61 2 98507912 > http://www.library.mq.edu.au/ > > CRICOS Provider No 00002J > > This message is intended for the addressee named and may contain > confidential information. If you are not the intended > recipient, please > delete it and notify the sender. Views expressed in this > message are those > of the individual sender, and are not necessarily the views > of Macquarie > University Library or Macquarie University. > > Please consider the environment before printing this email. > ________________________________________ > From: yf508 [[email protected]] > Sent: Tuesday, 1 June 2010 6:13 PM > To: 'Huan Thebault' > Cc: 'fedora-commons-develop...@lists. sourceforge. net' > Subject: Re: [Fedora-commons-developers] PEP Denying Access > > > Looking at sources, the "3" at last line means : > > DECISION_NOT_APPLICABLE , which is an error (it should be : > > DECISION_PERMIT, DECISION_INDETERMINATE, DECISION_DENY) > > It seems to me that 'DECISION_NOT_APPLICABLE' means the > required policy does > not exist - it's not an error state. So the problem you have might be > related to bootstrap policies (there are bootstrap policies > in Fedora 2.x. > I'm not using Fedora 3.x so not sure whether there are some > bootstrap ones > in 3.x). > > Frank > > --------------------------------- > Dr. Yankui(Frank) Feng > Digital Library Systems Developer > The University of York > Heslington, York, YO10 5DD, UK > Tel: +44 (0) 1904-434507 > Email: yf508 at york.ac.uk > --------------------------------- > > > -------------------------------------------------------------- > -------------- > -- > > _______________________________________________ > Fedora-commons-developers mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers > ------------------------------------------------------------------------------ _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
