Can you show us your Spring config for authN (config/spring/web/security.xml)? I could be totally off-base here, but I suspect this may have to do with the fact that findObjects is supported by a distinct servlet.
--- A. Soroka Software & Systems Engineering :: Online Library Environment the University of Virginia Library On Oct 9, 2012, at 10:53 AM, David Lacy wrote: > Greetings, > > I’ve been testing 3.6.1 and encountered a weird problem. I have a repo-wide > policy (FESL) that grants API-A access to localhost, which works across the > board except on the findObjects method. If I pass along admin credentials, > the fedora-policy:access-admin policy matches and I receive the expected > results. My combining algorithm is set to > HierarchicalLowestChildPermitOverridesPolicyAlg > > Here’s my service call: > http://localhost:8088/fedora/objects?pid=true&title=true&terms=fedora-system:FedoraObject-3.0&query=&maxResults=20&resultFormat=xml > > Here is what I believe to be a pertinent section of the log: > > …. > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule) exiting > parmsOk normally org.fcrepo.server.security.ContextAttributeFinderModule > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule) > willService() org.fcrepo.server.security.ContextAttributeFinderModule deny > this known adhoc attribute urn:fedora:names:fedora:2.1:action:contextId > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule) > AttributeFinder:willService() > org.fcrepo.server.security.ContextAttributeFinderModule returns false > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule) > AttributeFinder:getAttributeFromEvaluationCtxorg.fcrepo.server.security.ContextAttributeFinderModule > exit on couldn't get resource attribute from xacml request wrong bag n=0 > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (ContextAttributeFinderModule) > ContextAttributeFinder:getContextId exit on can't get contextId on request > callback > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (ContextAttributeFinderModule) > contextId=null attributeId=urn:fedora:names:fedora:2.1:subject:role > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule) > org.fcrepo.server.security.ContextAttributeFinderModule got temp=null > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (AttributeFinderModule) > AttributeFinder:findAttribute exit on attribute value not > foundorg.fcrepo.server.security.ContextAttributeFinderModule > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (PolicyManager) Matched policies > and created abstract policy. > DEBUG 2012-10-09 10:31:53.516 [http-8088-2] (MelcoePDPImpl) response is: > <Response> > <Result ResourceId="/fedora-system:FedoraObject-3.0"> > <Decision>NotApplicable</Decision> > <Status> > <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> > </Status> > </Result> > </Response> > ….. > > Thanks for your time. > > David Lacy > Falvey Library Technology Services > Villanova University > library.villanova.edu > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev_______________________________________________ > Fedora-commons-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
