Hello all,
I'm trying to get Fedora (SVN trunk revision 8643) to accept file:// URLs as part of an ingest, and am running into odd problems.
The error I get is this:
# fedora-ingest.sh f ~/filetemp.xml info:fedora/fedora-system:FOXML-1.1 localhost:8080 fedoraAdmin [my password here] http
Error : org.fcrepo.server.errors.HttpServiceNotFoundException: [DefaultExternalContentManager] returned an error. The underlying error was a org.fcrepo.server.errors.HttpServiceNotFoundException The message was "[FileExternalContentManager] returned an error. The underlying error was a java.lang.IllegalArgumentException The message was "URI has an authority component" . " .
The relevant part of my FoXML looks like this:
<foxml:datastream CONTROL_GROUP="M" ID="AUDIODOWNLOAD" STATE="A" VERSIONABLE="true">
<foxml:datastreamVersion LABEL="MP3" ID="AUDIODOWNLOAD.0" MIMETYPE="audio/mpeg" SIZE="0">
<foxml:contentDigest TYPE="SHA-512"/>
<foxml:contentLocation REF="file://myfilesystem/something.mp3" TYPE="URL" />
</foxml:datastreamVersion>
</foxml:datastream>
I have modified the XACML policy deny-unallowed-file-resolution.xml as suggested in its internal notes and at [1]. It's copied in at the bottom of the email, along with a diff comparing my version to the distribution version. I did wonder if perhaps the regex contained a typo of a missing slash ( ^file:/ as opposed to ^file:// ), but I've tried it with and without the slash to no avail.
Fedora has the appropriate privileges to access the filesystem. The full file:// URLs used in the ingest don't involve symlinks, and I've been restarting Tomcat in between attempts. I'm running Fedora on Debian Lenny with the Sun JDK 1.6.0_12.
I'd appreciate any pointers on how to overcome this issue, as it'd speed up my ingest considerably.
Regards,
Graeme
Graeme West
Digital Repository Developer
Information Services
Glasgow Caledonian University
[email protected]
[1] http://fedora-commons.org/confluence/display/FCR30/Ingest+with+the+file+URI+scheme
deny-unallowed-file-resolution.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
PolicyId="deny-file-resolve-if-not-allowed-dir"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Description>deny any file datastream resolution if not in allowed file patterns</Description>
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:id-retrieveFile</AttributeValue>
<ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:fedora:names:fedora:2.1:action:id"/>
</ActionMatch>
</Action>
</Actions>
</Target>
<!-- uncomment (and change the deny rule id) if access via the file protocol is desired.
The regular _expression_ determines the locations and files allowed for retrieval; it must match the canonical file URI for a resource.
Restricting access to administrators will allow datastreams in control group 'M' to be ingested from the file system.
Restricting access by URI only will allow datastreams in control group 'E' to be located on the file system.
-->
<Rule RuleId="1" Effect="Permit">
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:regexp-string-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^file://myfilesystem/*$</AttributeValue>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
<ResourceAttributeDesignator AttributeId="urn:fedora:names:fedora:2.1:resource:datastream:fileUri"
DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">administrator</AttributeValue>
<SubjectAttributeDesignator AttributeId="fedoraRole" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</Apply>
</Condition>
</Rule>
<Rule RuleId="2" Effect="Deny">
</Rule>
</Policy>
Diff from distribution version of deny-unallowed-file-resolution.xml:
28c28
<
---
<!--
32c32
< <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^file://ouachita/*$</AttributeValue>
---
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">^file:/allowed/.*$</AttributeValue>
41c41
< </Apply>
---
</Apply>
44,45c44,45
<
< <Rule RuleId="2" Effect="Deny">
---
-->
<Rule RuleId="1" Effect="Deny">
Glasgow Caledonian University is a registered Scottish charity, number SC021474
Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
