Hi Willy, I was unable to reproduce this also...looks like we need more detail on the environment where this is happening. Although we haven't been able to verify it yet, I figured it'd be good to put this in the tracker:
http://fedora-commons.org/jira/browse/FCREPO-510 Can you attach your install.properties and any more detail you have on your environment there? Thanks, Chris On Thu, Jun 25, 2009 at 9:30 AM, Bill Branan<[email protected]> wrote: > Hi Willy, > When the first, unauthenticated, request is passed in it should be caught > and rejected during the authorization check, since there is no available > user. Do you happen to have your XACML policies set in such a way that would > allow any user to perform an ingest function? > Of course, the unauthenticated call should not be passed through in the > first place. We're still trying to reproduce this. Could you tell us a bit > more about your environment? > Has anyone else seen this behavior? > Thanks, > Bill > > On Wed, Jun 24, 2009 at 8:45 PM, Willy Mene <[email protected]> wrote: >> >> Ok, I think I found the problem. >> If your http client uses preemptive authorization (i.e. the Authorization >> http header is sent with the encoded username and password even before the >> server gives an unauthorized response) , then everything works fine. >> However, if you client does not send this header in the initial request >> and http challenge/response authentication comes into play, then we run into >> this issue of attempted double object creation. With the initial request, >> Fedora always enters the ingest process and creates the object BEFORE the >> authorization challenge is sent to the client. Therefore, when the client >> sends the authorization response, Fedora finds that the object was already >> created and we see this error. You can see this in the snippet of the log I >> sent earlier. >> Fedora 3.1 was working with non-preemptive authorization. Did something >> change in 3.2? >> Willy >> >> On Jun 24, 2009, at 6:35 AM, Bill Branan wrote: >> >> Hi Willy, >> I just tried this and didn't have any problems. I restarted the server (to >> make sure there were no lingering sessions) then used Poster to POST to the >> URL you indicated (different host) with some simple FOXML. I was prompted >> for authentication by Firefox, followed by a 200 response. >> You mentioned that Fedora appears to be attempting to create the object >> twice. Does the first attempt to create the object occur before you submit >> the authentication prompt? Is the object created correctly on the first >> attempt, or is it just an empty object that happens to have the correct PID? >> >> Here is the FOXML I used, just for reference: >> <?xml version="1.0" encoding="UTF-8"?> >> <foxml:digitalObject VERSION="1.1" PID="newpid:foobar" >> xmlns:foxml="info:fedora/fedora-system:def/foxml#" >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:schemaLocation="info:fedora/fedora-system:def/foxml# >> http://www.fedora.info/definitions/1/0/foxml1-1.xsd";> >> <foxml:objectProperties> >> <foxml:property NAME="info:fedora/fedora-system:def/model#state" >> VALUE="Active"/> >> <foxml:property NAME="info:fedora/fedora-system:def/model#label" >> VALUE="Label"/> >> </foxml:objectProperties> >> </foxml:digitalObject> >> Bill >> >> On Tue, Jun 23, 2009 at 5:41 PM, Willy Mene <[email protected]> wrote: >>> >>> I'm playing with our Fedora 3.2 instance and the REST API. I'm using >>> the Firefox Poster add-on to do an http POST of some simple valid >>> FOXML to the (example) http://fedorabox:8080/fedora/objects/newpid:foobar >>> URI and am running into problems. >>> >>> The first time I attempt to do the POST, I get the error "The PID >>> 'newpid:foobar' already exists in the registry; the object can't be re- >>> created." even though it is a brand new object. However, if I search >>> Fedora for the object, I do find it was created. When I look through >>> the logs, I see that Fedora tries to create the object twice with this >>> one request. >>> >>> If I try to POST a second object with a new pid and new FOXML, the >>> requests succeeds without error. Fedora only tries the ingest once. >>> >>> My guess is that the initial authentication handshake with the first >>> POST causes Fedora to attempt the ingest twice. The second POST >>> succeeds since the browser is already authenticated, and doesn't need >>> to go through the handshake. I ran into this because I have some >>> client software that authenticates with every post (since it's not a >>> browser) and I keep running into this problem. I did not have this >>> issue with 3.0 or 3.1. I have included the stacktrace error below. >>> >>> Has anyone else run into this? Any help appreciated. >>> >>> Thanks, >>> Willy >>> >>> javax.ws.rs.WebApplicationException: >>> fedora.server.errors.ObjectExistsException: The PID 'newpid:foobar' >>> already exists in the registry; the object can't be re-created. >> > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Fedora-commons-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > ------------------------------------------------------------------------------ _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
