Hey guys, Ok, I've attached a sanitized install.properties file from this box to the JIRA issue. It is a test box, so we've turned off XACML policy enforcement and the API-M SSL requirement. Maybe it is some kind of configuration issue on our end. Let me know if you need any more info.
Thanks, Willy On Jun 25, 2009, at 12:37 PM, Chris Wilper wrote: > Hi Willy, > > I was unable to reproduce this also...looks like we need more detail > on the environment where this is happening. Although we haven't been > able to verify it yet, I figured it'd be good to put this in the > tracker: > > http://fedora-commons.org/jira/browse/FCREPO-510 > > Can you attach your install.properties and any more detail you have on > your environment there? > > Thanks, > Chris > > On Thu, Jun 25, 2009 at 9:30 AM, Bill Branan<[email protected] > > wrote: >> Hi Willy, >> When the first, unauthenticated, request is passed in it should be >> caught >> and rejected during the authorization check, since there is no >> available >> user. Do you happen to have your XACML policies set in such a way >> that would >> allow any user to perform an ingest function? >> Of course, the unauthenticated call should not be passed through in >> the >> first place. We're still trying to reproduce this. Could you tell >> us a bit >> more about your environment? >> Has anyone else seen this behavior? >> Thanks, >> Bill >> >> On Wed, Jun 24, 2009 at 8:45 PM, Willy Mene <[email protected]> >> wrote: >>> >>> Ok, I think I found the problem. >>> If your http client uses preemptive authorization (i.e. the >>> Authorization >>> http header is sent with the encoded username and password even >>> before the >>> server gives an unauthorized response) , then everything works fine. >>> However, if you client does not send this header in the initial >>> request >>> and http challenge/response authentication comes into play, then >>> we run into >>> this issue of attempted double object creation. With the initial >>> request, >>> Fedora always enters the ingest process and creates the object >>> BEFORE the >>> authorization challenge is sent to the client. Therefore, when >>> the client >>> sends the authorization response, Fedora finds that the object was >>> already >>> created and we see this error. You can see this in the snippet of >>> the log I >>> sent earlier. >>> Fedora 3.1 was working with non-preemptive authorization. Did >>> something >>> change in 3.2? >>> Willy >>> >>> On Jun 24, 2009, at 6:35 AM, Bill Branan wrote: >>> >>> Hi Willy, >>> I just tried this and didn't have any problems. I restarted the >>> server (to >>> make sure there were no lingering sessions) then used Poster to >>> POST to the >>> URL you indicated (different host) with some simple FOXML. I was >>> prompted >>> for authentication by Firefox, followed by a 200 response. >>> You mentioned that Fedora appears to be attempting to create the >>> object >>> twice. Does the first attempt to create the object occur before >>> you submit >>> the authentication prompt? Is the object created correctly on the >>> first >>> attempt, or is it just an empty object that happens to have the >>> correct PID? >>> >>> Here is the FOXML I used, just for reference: >>> <?xml version="1.0" encoding="UTF-8"?> >>> <foxml:digitalObject VERSION="1.1" PID="newpid:foobar" >>> xmlns:foxml="info:fedora/fedora-system:def/foxml#" >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>> xsi:schemaLocation="info:fedora/fedora-system:def/foxml# >>> http://www.fedora.info/definitions/1/0/foxml1-1.xsd";> >>> <foxml:objectProperties> >>> <foxml:property NAME="info:fedora/fedora-system:def/model#state" >>> VALUE="Active"/> >>> <foxml:property NAME="info:fedora/fedora-system:def/model#label" >>> VALUE="Label"/> >>> </foxml:objectProperties> >>> </foxml:digitalObject> >>> Bill >>> >>> On Tue, Jun 23, 2009 at 5:41 PM, Willy Mene <[email protected]> >>> wrote: >>>> >>>> I'm playing with our Fedora 3.2 instance and the REST API. I'm >>>> using >>>> the Firefox Poster add-on to do an http POST of some simple valid >>>> FOXML to the (example) http://fedorabox:8080/fedora/objects/newpid:foobar >>>> URI and am running into problems. >>>> >>>> The first time I attempt to do the POST, I get the error "The PID >>>> 'newpid:foobar' already exists in the registry; the object can't >>>> be re- >>>> created." even though it is a brand new object. However, if I >>>> search >>>> Fedora for the object, I do find it was created. When I look >>>> through >>>> the logs, I see that Fedora tries to create the object twice with >>>> this >>>> one request. >>>> >>>> If I try to POST a second object with a new pid and new FOXML, the >>>> requests succeeds without error. Fedora only tries the ingest >>>> once. >>>> >>>> My guess is that the initial authentication handshake with the >>>> first >>>> POST causes Fedora to attempt the ingest twice. The second POST >>>> succeeds since the browser is already authenticated, and doesn't >>>> need >>>> to go through the handshake. I ran into this because I have some >>>> client software that authenticates with every post (since it's >>>> not a >>>> browser) and I keep running into this problem. I did not have this >>>> issue with 3.0 or 3.1. I have included the stacktrace error below. >>>> >>>> Has anyone else run into this? Any help appreciated. >>>> >>>> Thanks, >>>> Willy >>>> >>>> javax.ws.rs.WebApplicationException: >>>> fedora.server.errors.ObjectExistsException: The PID 'newpid:foobar' >>>> already exists in the registry; the object can't be re-created. >>> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Fedora-commons-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users >> >> ------------------------------------------------------------------------------ _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
