Testing datastream access throws errors in Fedora Log, using "unknown" user for testing authentication

Project:RUcore API's
Version:7.1
Component:Get API
Category:task
Priority:normal
Assigned:chadmills
Status:closed
Description

If an object has a POLICY datastream, the objects other datastreams are tested to see if the users has access to them. This testing causes errors in the Fedora log when a request is made that is unauthorized.

This is believed to be a characteristic of Fedora, but in future version of Fedora they might provide a better solution. Perform R&D when upgrading Fedora to see if this is the case.

Comments

#1

Version:6-x» 7.0

#2

Version:7.0» 7-x

Kicking this to the next release. The HEAD request method that causes the errors cannot be replaced in this release.

#3

Still have to perform HEAD requests, so no end to the errors. After 7.0 going to look into new Fedora 3.5 features.

#4

Title:Testing datastream access throws errors in Fedora Log» Testing datastream access throws errors in Fedora Log, using "unknown" user for testing authentication
Version:7-x» 7.1
Status:active» test

We need to define the "unknown" user in the Fedora users file. The errors stem from the lack of an "unknown" entry in that file, so Fedora throws an ERROR. To test I preformed two requests, one using the "unknown" user and another using a username that is in the logs.

Using an established username:
------------------------------------
WARN 2013-05-09 13:33:18.348 [http-8080-2] (DefaultManagement) Relationships API methods: the 'pid' (rutgers-lib:200995) form of a relationship's subject is deprecated. Please specify the subject using the info:fedora/ uri scheme.
INFO 2013-05-09 13:33:18.349 [http-8080-2] (DefaultManagement) Completed getRelationships(pid: rutgers-lib:200995, relationship: null)
INFO 2013-05-09 13:33:18.385 [http-8080-2] (FedoraAccessServlet) Got request: <a href="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/TECHNICAL1" title="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/TECHNICAL1">http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/TECHNICAL1</a>
INFO 2013-05-09 13:33:18.948 [http-8080-2] (FedoraAccessServlet) Got request: <a href="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/THUMBJPEG-1" title="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/THUMBJPEG-1">http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/THUMBJPEG-1</a>

Using a username that is not in the Fedora users file:
--------------------------------
WARN 2013-05-09 13:33:30.344 [http-8080-2] (DefaultManagement) Relationships API methods: the 'pid' (rutgers-lib:200995) form of a relationship's subject is deprecated. Please specify the subject using the info:fedora/ uri scheme.
INFO 2013-05-09 13:33:30.344 [http-8080-2] (DefaultManagement) Completed getRelationships(pid: rutgers-lib:200995, relationship: null)
ERROR 2013-05-09 13:33:30.381 [http-8080-2] (AuthFilterJAAS) javax.security.auth.login.LoginException: Login Failure: all modules ignored
INFO 2013-05-09 13:33:30.381 [http-8080-2] (FedoraAccessServlet) Got request: <a href="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/TECHNICAL1" title="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/TECHNICAL1">http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/TECHNICAL1</a>
ERROR 2013-05-09 13:33:30.872 [http-8080-2] (AuthFilterJAAS) javax.security.auth.login.LoginException: Login Failure: all modules ignored
INFO 2013-05-09 13:33:30.872 [http-8080-2] (FedoraAccessServlet) Got request: <a href="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/THUMBJPEG-1" title="http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/THUMBJPEG-1">http://127.0.0.1:8080/fedora/get/rutgers-lib:200995/THUMBJPEG-1</a>

Note the additional "ERROR" messages. In the future if we test with an authenticated user and there username is not in the file the same message will appear. Changing to FESL might help, but for now this will quell many ERROR messages in the Fedora log since a majority of visitors are unauthenticated.

#5

Status:test» closed

No errors were found related to this.

Back to top