Deegree CSW with DRM

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Deegree CSW with DRM

Jonas Eberle
Hi at all,

I tried setting up the Digital Rights Management especially to control
the requests for deegree csw for several users. The OwsProxy works fine.

For testing the authorization I started with the GetCapabilities-Request:
http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW

That works perfect, but when I try the following authentication, I see
the altresponsepage.jsp file in the browser:
http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW&user=SEC_ADMIN&password=JOSE
(the password has changed from JOSE67 to JOSE)

The same error occurs with the request GetMap.

The database-tables for the drm-admin are installed. I can log in the
drm-admin, but have problems working with it (I can't edit rights for a
role (no authentication), can't create new users (JavaScript-Error)). I
can't work with the commandline tool, too (Error: Exception in thread
"main" java.lang.NoClassDefFoundError:
org/deegree/tools/security/DRMAccess).

Can anybody tell me, why the admin user (SEC_ADMIN) ist not allowed to
make the GetCapabilities-Request and maybe how can I solve this problem?

Is there a working version for the drm-admin? I tried the trunk-Version
from CVS, and also the version in the branches dir. I can't work with
any of this version.

Thanks a lot,
Jonas

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
deegree-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/deegree-users
Reply | Threaded
Open this post in threaded view
|

Re: Deegree CSW with DRM

Andreas Poth
Hi,

a) SEC_ADMIN is the adminstration user for the rights management; he is
allowed to add/remove users and resources and he is allowed to
grant/remove rights. But this does not mean that he is allowed to access
a resource anyhow. What you have to do is to add a new user to the
rights management and assign rights for performing GetCapabilities
GetMap to the desired Layers to him.

b) ... java.lang.NoClassDefFoundError:
org/deegree/tools/security/DRMAccess ... it seem your classpath is not
correct. Please make sure that deegree2.jar or if you compiled deegree
by your own, the target directory of compilation is in the classpath.

best regards

ANDREAS

Jonas Eberle schrieb:

>Hi at all,
>
>I tried setting up the Digital Rights Management especially to control
>the requests for deegree csw for several users. The OwsProxy works fine.
>
>For testing the authorization I started with the GetCapabilities-Request:
>http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW
>
>That works perfect, but when I try the following authentication, I see
>the altresponsepage.jsp file in the browser:
>http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW&user=SEC_ADMIN&password=JOSE
>(the password has changed from JOSE67 to JOSE)
>
>The same error occurs with the request GetMap.
>
>The database-tables for the drm-admin are installed. I can log in the
>drm-admin, but have problems working with it (I can't edit rights for a
>role (no authentication), can't create new users (JavaScript-Error)). I
>can't work with the commandline tool, too (Error: Exception in thread
>"main" java.lang.NoClassDefFoundError:
>org/deegree/tools/security/DRMAccess).
>
>Can anybody tell me, why the admin user (SEC_ADMIN) ist not allowed to
>make the GetCapabilities-Request and maybe how can I solve this problem?
>
>Is there a working version for the drm-admin? I tried the trunk-Version
>from CVS, and also the version in the branches dir. I can't work with
>any of this version.
>
>Thanks a lot,
>Jonas
>
>-------------------------------------------------------------------------
>This SF.net email is sponsored by: Splunk Inc.
>Still grepping through log files to find problems?  Stop.
>Now Search log events and configuration files using AJAX and a browser.
>Download your FREE copy of Splunk now >>  http://get.splunk.com/
>_______________________________________________
>deegree-users mailing list
>[hidden email]
>https://lists.sourceforge.net/lists/listinfo/deegree-users
>  
>


--
Dr. Andreas Poth

l a t / l o n  GmbH
Aennchenstrasse 19            53177 Bonn, Germany
phone ++49 +228 18496-0       fax ++49 +228 18496-29
http://www.lat-lon.de         http://www.deegree.org


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
deegree-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/deegree-users
Reply | Threaded
Open this post in threaded view
|

Re: Deegree CSW with DRM

Jonas Eberle
Hi Andreas,

first of all thank you for your answers. The commandline tool works
partially, but I think I can fill the database tables manually as well.

I created a new user, group and role which should be allowed to make a
GetRecordById-Request for the catalog service.

When I append the variables user and password in the Request-URL [1],
the response always shows the altresponsepage.jsp. You can see my
database tables in the appended file.

Maybe you can give me a few tips, what is wrong.

Thanks in advance,
Jonas

[1] =
http://localhost:8080/owsproxy/proxy?REQUEST=GetRecordById&version=2.0.0&service=CSW&elementSetName=full&id=31&user=test&password=test

Andreas Poth schrieb:

> Hi,
>
> a) SEC_ADMIN is the adminstration user for the rights management; he is
> allowed to add/remove users and resources and he is allowed to
> grant/remove rights. But this does not mean that he is allowed to access
> a resource anyhow. What you have to do is to add a new user to the
> rights management and assign rights for performing GetCapabilities
> GetMap to the desired Layers to him.
>
> b) ... java.lang.NoClassDefFoundError:
> org/deegree/tools/security/DRMAccess ... it seem your classpath is not
> correct. Please make sure that deegree2.jar or if you compiled deegree
> by your own, the target directory of compilation is in the classpath.
>
> best regards
>
> ANDREAS
>
> Jonas Eberle schrieb:
>
>> Hi at all,
>>
>> I tried setting up the Digital Rights Management especially to control
>> the requests for deegree csw for several users. The OwsProxy works fine.
>>
>> For testing the authorization I started with the GetCapabilities-Request:
>> http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW
>>
>> That works perfect, but when I try the following authentication, I see
>> the altresponsepage.jsp file in the browser:
>> http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW&user=SEC_ADMIN&password=JOSE
>> (the password has changed from JOSE67 to JOSE)
>>
>> The same error occurs with the request GetMap.
>>
>> The database-tables for the drm-admin are installed. I can log in the
>> drm-admin, but have problems working with it (I can't edit rights for a
>> role (no authentication), can't create new users (JavaScript-Error)). I
>> can't work with the commandline tool, too (Error: Exception in thread
>> "main" java.lang.NoClassDefFoundError:
>> org/deegree/tools/security/DRMAccess).
>>
>> Can anybody tell me, why the admin user (SEC_ADMIN) ist not allowed to
>> make the GetCapabilities-Request and maybe how can I solve this problem?
>>
>> Is there a working version for the drm-admin? I tried the trunk-Version
>> >from CVS, and also the version in the branches dir. I can't work with
>> any of this version.
>>
>> Thanks a lot,
>> Jonas
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >>  http://get.splunk.com/
>> _______________________________________________
>> deegree-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/deegree-users
>>  
>>
>
>

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
deegree-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/deegree-users

security_tables.txt (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Deegree CSW with DRM

Andreas Poth
Hi,

your entries in sec_securable_objects are not correct and so
sec_jt_roles_secobjects. For the owsProxy a Metadataobject (this means
the name of the securable object) is csw:profile. You must define
a) a securable object with that name
b) assign rights for GetRecordById on this securable object and o role
c) assign a group with this role
d) make sure that your user is member of this role

because of general errors in sec_jt_roles_secobjects (e.g. you defined
that all members of all groups assigned to role 'Role1' are allowed to
perform GetRecordById on group 'Testgruppe' which is - please excuse me
- nonsens) I strongly recomment to use DRMAccess

best regards

ANDREAS


Jonas Eberle schrieb:

>Hi Andreas,
>
>first of all thank you for your answers. The commandline tool works
>partially, but I think I can fill the database tables manually as well.
>
>I created a new user, group and role which should be allowed to make a
>GetRecordById-Request for the catalog service.
>
>When I append the variables user and password in the Request-URL [1],
>the response always shows the altresponsepage.jsp. You can see my
>database tables in the appended file.
>
>Maybe you can give me a few tips, what is wrong.
>
>Thanks in advance,
>Jonas
>
>[1] =
>http://localhost:8080/owsproxy/proxy?REQUEST=GetRecordById&version=2.0.0&service=CSW&elementSetName=full&id=31&user=test&password=test
>
>Andreas Poth schrieb:
>  
>
>>Hi,
>>
>>a) SEC_ADMIN is the adminstration user for the rights management; he is
>>allowed to add/remove users and resources and he is allowed to
>>grant/remove rights. But this does not mean that he is allowed to access
>>a resource anyhow. What you have to do is to add a new user to the
>>rights management and assign rights for performing GetCapabilities
>>GetMap to the desired Layers to him.
>>
>>b) ... java.lang.NoClassDefFoundError:
>>org/deegree/tools/security/DRMAccess ... it seem your classpath is not
>>correct. Please make sure that deegree2.jar or if you compiled deegree
>>by your own, the target directory of compilation is in the classpath.
>>
>>best regards
>>
>>ANDREAS
>>
>>Jonas Eberle schrieb:
>>
>>    
>>
>>>Hi at all,
>>>
>>>I tried setting up the Digital Rights Management especially to control
>>>the requests for deegree csw for several users. The OwsProxy works fine.
>>>
>>>For testing the authorization I started with the GetCapabilities-Request:
>>>http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW
>>>
>>>That works perfect, but when I try the following authentication, I see
>>>the altresponsepage.jsp file in the browser:
>>>http://localhost:8080/owsproxy/proxy?REQUEST=GetCapabilities&SERVICE=CSW&user=SEC_ADMIN&password=JOSE
>>>(the password has changed from JOSE67 to JOSE)
>>>
>>>The same error occurs with the request GetMap.
>>>
>>>The database-tables for the drm-admin are installed. I can log in the
>>>drm-admin, but have problems working with it (I can't edit rights for a
>>>role (no authentication), can't create new users (JavaScript-Error)). I
>>>can't work with the commandline tool, too (Error: Exception in thread
>>>"main" java.lang.NoClassDefFoundError:
>>>org/deegree/tools/security/DRMAccess).
>>>
>>>Can anybody tell me, why the admin user (SEC_ADMIN) ist not allowed to
>>>make the GetCapabilities-Request and maybe how can I solve this problem?
>>>
>>>Is there a working version for the drm-admin? I tried the trunk-Version
>>>>from CVS, and also the version in the branches dir. I can't work with
>>>any of this version.
>>>
>>>Thanks a lot,
>>>Jonas
>>>
>>>-------------------------------------------------------------------------
>>>This SF.net email is sponsored by: Splunk Inc.
>>>Still grepping through log files to find problems?  Stop.
>>>Now Search log events and configuration files using AJAX and a browser.
>>>Download your FREE copy of Splunk now >>  http://get.splunk.com/
>>>_______________________________________________
>>>deegree-users mailing list
>>>[hidden email]
>>>https://lists.sourceforge.net/lists/listinfo/deegree-users
>>>
>>>
>>>      
>>>
>>    
>>
>>------------------------------------------------------------------------
>>
>>-------------------------------------------------------------------------
>>This SF.net email is sponsored by: Splunk Inc.
>>Still grepping through log files to find problems?  Stop.
>>Now Search log events and configuration files using AJAX and a browser.
>>Download your FREE copy of Splunk now >>  http://get.splunk.com/
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>deegree-users mailing list
>>[hidden email]
>>https://lists.sourceforge.net/lists/listinfo/deegree-users
>>    
>>


--
Dr. Andreas Poth

l a t / l o n  GmbH
Aennchenstrasse 19            53177 Bonn, Germany
phone ++49 +228 18496-0       fax ++49 +228 18496-29
http://www.lat-lon.de         http://www.deegree.org


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
deegree-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/deegree-users
Reply | Threaded
Open this post in threaded view
|

Re: Deegree CSW with DRM

Jonas Eberle
Hi Andreas,

yes, you're right, that was absolute nonsens in the database table. I
solved the problem, the id's in sec_rights table were not correct, i
found the correct entries in the source code.

Thanks for your answer,
Jonas

Andreas Poth schrieb:

> Hi,
>
> your entries in sec_securable_objects are not correct and so
> sec_jt_roles_secobjects. For the owsProxy a Metadataobject (this means
> the name of the securable object) is csw:profile. You must define
> a) a securable object with that name
> b) assign rights for GetRecordById on this securable object and o role
> c) assign a group with this role
> d) make sure that your user is member of this role
>
> because of general errors in sec_jt_roles_secobjects (e.g. you defined
> that all members of all groups assigned to role 'Role1' are allowed to
> perform GetRecordById on group 'Testgruppe' which is - please excuse me
> - nonsens) I strongly recomment to use DRMAccess
>
> best regards
>
> ANDREAS

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
deegree-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/deegree-users