AFAIK the username:password@ syntax is a browser artefact that the Java
HTTP access libraries (apache commons httpclient) that Fedora uses doesn't
support.
This also means that you can't do a server-server import where the source
Fedora server requires authentication, and it causes problems with
disseminators.
However, looking at the code, most of the "wiring" is there:
https://github.com/fcrepo/fcrepo/blob/master/fcrepo-server/src/main/java/org/fcrepo/server/access/DefaultAccess.java
it just needs getDatastreamDissemination (around line 1145) to extract a
username and password from somewhere and put it into ContentManagerParams.
Ideally, there would be a configured table of known external servers and
credentials that could be kept secure so passwords aren't bandied about.
I may be wrong though and there's already a way to do this :-)
On 10 May 2013 06:36, Scott Prater <[email protected]> wrote:
> Stefano --
>
> Are you ingesting the datastreams as managed datastreams, or as redirect
> or external datastreams?
>
> If the former, once Fedora ingests the FOXML, the object is referred to
> by its internal Fedora URI, and no source URLs or passwords are exposed
> in any object export.
>
> If the datastreams are managed, then you may want to take a compromise
> approach: fetch them to the local machine using curl or some such tool,
> then ingest the local file. Once it's ingested, you can delete the
> local file.
>
> Managed datastreams are usually preferred to external or redirect
> datastreams; there are use cases for external and redirect datastreams
> (which is why they exist), but the normal case is to store datastreams
> as managed.
>
> -- Scott
>
> On 05/09/2013 01:08 PM, Benjamin Armintor wrote:
> > Stefano-
> > I remember some conversation a couple of years ago about supporting
> > BASIC auth in services, but as far as I know they didn't go anywhere.
> > Maybe another committer remembers something? In any case, I don't see
> > why storing the credentials like that wouldn't work, if you can accept
> > the plain-text issues you cite.
> >
> > As far as certs, Im afraid you're on your own. I will warn you that
> > Java errs on the side of verification unless you instruct it not to, so
> > invalid certs will cause other problems.
> >
> > - Ben
> >
> >
> > On Thu, May 9, 2013 at 12:32 PM, Stefano Cossu <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> > Hi there,
> > I'm starting to tinker with Fedora and trying to write a CMA
> workflow.
> > I'm building a digital object that should grab an image datastream
> from
> > an HTTPS server which requires basic authentication.
> > I tried inserting the authentication data in the URL for the
> datastream,
> > but now I have 2 problems:
> > 1) Username and password are stored in plain text in the FOXML,
> visible
> > by everyone who looks up that record in Fedora, as well as all over
> the
> > logs.
> > 2) I still can't connect to the server this way. The server's
> > certificate is expired, I don't know if that plays a role.
> >
> > Fedora throws this error:
> >
> > ERROR 2013-05-09 11:04:28.618 [http-8080-1] (BaseRestResource)
> > Unexpected error fulfilling REST API request
> > org.fcrepo.server.errors.HttpServiceNotFoundException:
> > [DefaultExternalContentManager] returned an error. The underlying
> error
> > was a org.fcrepo.server.errors.GeneralException T
> > he message was "Error getting
> > https://username:password@imageserver/myHugePicture"; .
> > at
> >
> org.fcrepo.server.storage.DefaultExternalContentManager.getExternalContent(DefaultExternalContentManager.java:152)
> > ~[fcrepo-server-3.6.2.jar:na]
> > at
> >
> org.fcrepo.server.access.DefaultAccess.getDatastreamDissemination(DefaultAccess.java:1148)
> > ~[fcrepo-server-3.6.2.jar:na]
> > at
> >
> org.fcrepo.server.rest.DatastreamResource.getDatastream(DatastreamResource.java:247)
> > ~[fcrepo-server-3.6.2.jar:na]
> > [...]
> >
> > And the image server's Apache error log:
> >
> > Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] Connection to
> > child 0 established (server imageserver:443)
> > [Thu May 09 11:04:25 2013] [info] Seeding PRNG with 144 bytes of
> entropy
> > [Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] SSL library
> error
> > 1 in handshake (server imageserver:443)
> > [Thu May 09 11:04:25 2013] [info] SSL Library Error: 336151608
> > error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal
> error
> > [Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] Connection
> closed
> > to child 0 with abortive shutdown (server imageserver:443)
> > [...]
> >
> > Of course, I can always use a redirect datastream and let the client
> > deal with authentication and SSL, but I'd like to hide the source
> URI if
> > possible.
> >
> >
> > Below is the FOXML representation of my object:
> >
> > <foxml:digitalObject VERSION="1.1" PID="test:dervPub_obj"
> > xsi:schemaLocation="info:fedora/fedora-system:def/foxml#
> > http://www.fedora.info/definitions/1/0/foxml1-1.xsd";>
> > <foxml:objectProperties>
> > <foxml:property
> > NAME="info:fedora/fedora-system:def/model#state" VALUE="Active"/>
> > <foxml:property
> > NAME="info:fedora/fedora-system:def/model#label" VALUE="Disseminator
> > object"/>
> > <foxml:property
> > NAME="info:fedora/fedora-system:def/model#ownerId"
> VALUE="fedoraAdmin"/>
> > <foxml:property
> > NAME="info:fedora/fedora-system:def/model#createdDate"
> > VALUE="2013-05-09T15:37:41.708Z"/>
> > <foxml:property
> > NAME="info:fedora/fedora-system:def/view#lastModifiedDate"
> > VALUE="2013-05-09T15:37:41.892Z"/>
> > </foxml:objectProperties>
> > <foxml:datastream ID="AUDIT" STATE="A" CONTROL_GROUP="X"
> > VERSIONABLE="false">
> > <foxml:datastreamVersion ID="AUDIT.0" LABEL="Audit Trail
> for
> > this object" CREATED="2013-05-09T15:37:41.708Z" MIMETYPE="text/xml"
> > FORMAT_URI="info:fedora/fedora-system:format/xml.fedora.audit">
> > <foxml:xmlContent>
> > <audit:auditTrail>
> > <audit:record ID="AUDREC1">
> > <audit:process type="Fedora API-M"/>
> > <audit:action>addDatastream</audit:action>
> > <audit:componentID>SOURCE_IMG</audit:componentID>
> > <audit:responsibility>fedoraAdmin</audit:responsibility>
> > <audit:date>2013-05-09T15:37:41.892Z</audit:date>
> > <audit:justification/>
> > </audit:record>
> > </audit:auditTrail>
> > </foxml:xmlContent>
> > </foxml:datastreamVersion>
> > </foxml:datastream>
> > <foxml:datastream ID="DC" STATE="A" CONTROL_GROUP="X"
> > VERSIONABLE="true">
> > <foxml:datastreamVersion ID="DC1.0" LABEL="Dublin Core
> Record
> > for this object" CREATED="2013-05-09T15:37:41.708Z"
> MIMETYPE="text/xml"
> > FORMAT_URI="http://www.openarchives.org/OAI/2.0/oai_dc/"; SIZE="388">
> > <foxml:xmlContent>
> > <oai_dc:dc
> > xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/
> > http://www.openarchives.org/OAI/2.0/oai_dc.xsd";>
> > <dc:title>Disseminator object</dc:title>
> > <dc:identifier>test:dervPub_obj</dc:identifier>
> > </oai_dc:dc>
> > </foxml:xmlContent>
> > </foxml:datastreamVersion>
> > </foxml:datastream>
> > <foxml:datastream ID="RELS-EXT" STATE="A" CONTROL_GROUP="X"
> > VERSIONABLE="false">
> > <foxml:datastreamVersion ID="RELS-EXT.0"
> LABEL="Relationships"
> > CREATED="2013-05-09T15:37:41.837Z" MIMETYPE="application/rdf+xml"
> > FORMAT_URI="info:fedora/fedora-system:FedoraRELSExt-1.0" SIZE="273">
> > <foxml:xmlContent>
> > <rdf:RDF>
> > <rdf:Description
> > rdf:about="info:fedora/test:dervPub_obj">
> > <hasModel
> > rdf:resource="info:fedora/test:dervPub_CModel"/>
> > </rdf:Description>
> > </rdf:RDF>
> > </foxml:xmlContent>
> > </foxml:datastreamVersion>
> > </foxml:datastream>
> > <foxml:datastream ID="SOURCE_IMG" STATE="A" CONTROL_GROUP="E"
> > VERSIONABLE="true">
> > <foxml:datastreamVersion ID="SOURCE_IMG.0" LABEL="full
> sized
> > image" CREATED="2013-05-09T15:37:41.892Z" MIMETYPE="image/jpeg">
> > <foxml:contentLocation TYPE="URL"
> > REF="https://username:password@imageserver/myHugePicture"/>
> > </foxml:datastreamVersion>
> > </foxml:datastream>
> >
> > I would really appreciate your help.
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Learn Graph Databases - Download FREE O'Reilly Book
> > "Graph Databases" is the definitive new guide to graph databases and
> > their applications. This 200-page book is written by three acclaimed
> > leaders in the field. The early access version is available now.
> > Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> > _______________________________________________
> > Fedora-commons-users mailing list
> > [email protected]
> > <mailto:[email protected]>
> > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Learn Graph Databases - Download FREE O'Reilly Book
> > "Graph Databases" is the definitive new guide to graph databases and
> > their applications. This 200-page book is written by three acclaimed
> > leaders in the field. The early access version is available now.
> > Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> >
> >
> >
> > _______________________________________________
> > Fedora-commons-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
> >
>
>
> --
> Scott Prater
> Shared Development Group
> General Library System
> University of Wisconsin - Madison
> [email protected]
> 5-5415
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> Fedora-commons-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
