Greetings,
I've been testing 3.6.1 and encountered a weird problem. I have a repo-wide
policy (FESL) that grants API-A access to localhost, which works across the
board except on the findObjects method. If I pass along admin credentials, the
fedora-policy:access-admin policy matches and I receive the expected results.
My combining algorithm is set to HierarchicalLowestChildPermitOverridesPolicyAlg
Here's my service call:
http://localhost:8088/fedora/objects?pid=true&title=true&terms=fedora-system:FedoraObject-3.0&query=&maxResults=20&resultFormat=xml
Here is what I believe to be a pertinent section of the log:
....
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule) exiting
parmsOk normally org.fcrepo.server.security.ContextAttributeFinderModule
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule)
willService() org.fcrepo.server.security.ContextAttributeFinderModule deny this
known adhoc attribute urn:fedora:names:fedora:2.1:action:contextId
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule)
AttributeFinder:willService()
org.fcrepo.server.security.ContextAttributeFinderModule returns false
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule)
AttributeFinder:getAttributeFromEvaluationCtxorg.fcrepo.server.security.ContextAttributeFinderModule
exit on couldn't get resource attribute from xacml request wrong bag n=0
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (ContextAttributeFinderModule)
ContextAttributeFinder:getContextId exit on can't get contextId on request
callback
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (ContextAttributeFinderModule)
contextId=null attributeId=urn:fedora:names:fedora:2.1:subject:role
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule)
org.fcrepo.server.security.ContextAttributeFinderModule got temp=null
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule)
AttributeFinder:findAttribute exit on attribute value not
foundorg.fcrepo.server.security.ContextAttributeFinderModule
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (PolicyManager) Matched policies
and created abstract policy.
DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (MelcoePDPImpl) response is:
<Response>
<Result ResourceId="/fedora-system:FedoraObject-3.0">
<Decision>NotApplicable</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>
.....
Thanks for your time.
David Lacy
Falvey Library Technology Services
Villanova University
library.villanova.edu
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
