Hello all, I'm trying to get Fedora (SVN trunk revision 8643) to accept file:// URLs as part of an ingest, and am running into odd problems.
The error I get is this: > # fedora-ingest.sh f ~/filetemp.xml info:fedora/fedora-system:FOXML-1.1 > localhost:8080 fedoraAdmin [my password here] http > Error : org.fcrepo.server.errors.HttpServiceNotFoundException: > [DefaultExternalContentManager] returned an error. The underlying error was > a org.fcrepo.server.errors.HttpServiceNotFoundException The message was > "[FileExternalContentManager] returned an error. The underlying error was a > java.lang.IllegalArgumentException The message was "URI has an authority > component" . " . The relevant part of my FoXML looks like this: > <foxml:datastream CONTROL_GROUP="M" ID="AUDIODOWNLOAD" STATE="A" > VERSIONABLE="true"> > <foxml:datastreamVersion LABEL="MP3" > ID="AUDIODOWNLOAD.0" MIMETYPE="audio/mpeg" SIZE="0"> > <foxml:contentDigest TYPE="SHA-512"/> > <foxml:contentLocation > REF="file://myfilesystem/something.mp3" TYPE="URL" /> > </foxml:datastreamVersion> > </foxml:datastream> I have modified the XACML policy deny-unallowed-file-resolution.xml as suggested in its internal notes and at [1]. It's copied in at the bottom of the email, along with a diff comparing my version to the distribution version. I did wonder if perhaps the regex contained a typo of a missing slash ( ^file:/ as opposed to ^file:// ), but I've tried it with and without the slash to no avail. Fedora has the appropriate privileges to access the filesystem. The full file:// URLs used in the ingest don't involve symlinks, and I've been restarting Tomcat in between attempts. I'm running Fedora on Debian Lenny with the Sun JDK 1.6.0_12. I'd appreciate any pointers on how to overcome this issue, as it'd speed up my ingest considerably. Regards, Graeme Graeme West Digital Repository Developer Information Services Glasgow Caledonian University [email protected] [1] http://fedora-commons.org/confluence/display/FCR30/Ingest+with+the+file+URI+scheme deny-unallowed-file-resolution.xml: > <?xml version="1.0" encoding="UTF-8"?> > <Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > PolicyId="deny-file-resolve-if-not-allowed-dir" > > RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"> > <Description>deny any file datastream resolution if not in allowed file > patterns</Description> > <Target> > <Subjects> > <AnySubject/> > </Subjects> > <Resources> > <AnyResource/> > </Resources> > <Actions> > <Action> > <ActionMatch > MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>urn:fedora:names:fedora:2.1:action:id-retrieveFile</AttributeValue> > <ActionAttributeDesignator > DataType="http://www.w3.org/2001/XMLSchema#string"; > AttributeId="urn:fedora:names:fedora:2.1:action:id"/> > </ActionMatch> > </Action> > </Actions> > </Target> > <!-- uncomment (and change the deny rule id) if access via the file > protocol is desired. > The regular expression determines the locations and files allowed for > retrieval; it must match the canonical file URI for a resource. > Restricting access to administrators will allow datastreams in control > group 'M' to be ingested from the file system. > Restricting access by URI only will allow datastreams in control group 'E' > to be located on the file system. > --> > > <Rule RuleId="1" Effect="Permit"> > <Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> > <Apply > FunctionId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>^file://myfilesystem/*$</AttributeValue> > <Apply > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> > <ResourceAttributeDesignator > AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:fileUri" > DataType="http://www.w3.org/2001/XMLSchema#string"/> > </Apply> > </Apply> > <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in"> > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>administrator</AttributeValue> > <SubjectAttributeDesignator AttributeId="fedoraRole" > DataType="http://www.w3.org/2001/XMLSchema#string"/> > </Apply> > </Condition> > </Rule> > > <Rule RuleId="2" Effect="Deny"> > </Rule> > </Policy> Diff from distribution version of deny-unallowed-file-resolution.xml: 28c28 < --- > <!-- 32c32 < <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string";>^file://ouachita/*$</AttributeValue> --- > <AttributeValue > DataType="http://www.w3.org/2001/XMLSchema#string";>^file:/allowed/.*$</AttributeValue> 41c41 < </Apply> --- > </Apply> 44,45c44,45 < < <Rule RuleId="2" Effect="Deny"> --- > --> > <Rule RuleId="1" Effect="Deny"> Glasgow Caledonian University is a registered Scottish charity, number SC021474 Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009 http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
