-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel--
We discussed this problem a bit on the Fedora committers' call this morning, and here are some more things to try: Firstly, did you use a "fedora.server" -style URL for your reference to the policy datastream? If so, that might circumvent the external DS policies, which could cause some of this odd behavior. Secondly, for your case d) below, when you stored the policy in other:pid/OTHER, did you also remove other:pid/POLICY before testing? If not, that might explain your case d) and inability to see the policy itself without authenticating. Thirdly, we'd like to hear a bit more about your context. Which version of Fedora are you using, and are you using FESL authorization or legacy authorization? This last question is important because FESL offers some powerful ways to implement collection-wide policies that aren't available in legacy authorization, and using them might obviate the problem entirely. - --- A. Soroka Software & Systems Engineering :: Online Library Environment the University of Virginia Library On Mar 22, 2012, at 5:51 AM, Daniel wrote: > /Can you retrieve col:policy/POLICY directly? If you try changing the ID of > that datastream to something like "COLLECTIONPOLICY" (or something shorter) > does your configuration work?/ > > It is getting interesting now. I tested the following scenarios: > > a) The policy is stored in col:policy/POLICY and refered as external > reference by object:test/POLICY > -> From now on authorization is denied to open object:test > > b) The policy is stored outside the repository and refered as external > reference by object:test/POLICY > -> works > > c) The policy is stored in other:pid/POLICY and refered as external > reference by object:test/POLICY > -> From now on authorization is denied to open object:test > > d) The policy is stored in other:pid/OTHER and refered as external reference > by object:test/POLICY > -> From now on authorization is denied to open object:test > > So case d) shows that the problem is not that the policy is guarding the > source object in other:pid/OTHER > > If I put the link to other:pid/OTHER (SERVER:PORT/FEDORA/PATH/PID) in a > browser, an authorization is requested. I guess, this is the problem but I > have no idea why this authorization is requested and how to turn it off (or > how to authorize this request). I tried to find a repository wide XACML > policy that may be responsible but I haven't found one. > > Do you have further suggestions? Thank you again very much! > > > -- > View this message in context: > http://fedora-commons.1317035.n2.nabble.com/Authentication-Problem-with-External-Referenced-Policies-tp7388893p7394868.html > Sent from the Fedora Commons Users mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Fedora-commons-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPazOaAAoJEATpPYSyaoIkNREH/RJWQf0LmDhURFvEmcjSW480 6qAuOAzzKEavW198jbYQ9t6u08vVCMA9wh/M5tW04zOTPO89vCYLME+/AMb+h19i K5TzmqQfeN7TYIe0JpUEuU3UggrhtLGYt0Yu9bVw9SKtboPepfF8OUZcEMhb/9Fw 6EhLOz3CE7siAuz3IxU9hhmJiwTljigdIMcM/55A8MYJ+XDlFp4NhDHXqCGQDlBF Ph8k9fRh6vCOtzaCVcdQpg9i1C+urwKzmoF/rHsqmWucPHwDOOQbLNpTqM5lHtVL jpwIe1S6um6G1h+9AGu5ArYHlPPbQBPCC33dH1CvzGgY+dIU/mwil7SSlqGCx4s= =lU3H -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
