Yes, in that sense it would be straightforward- though this question of where the credentials would be stored was one of things that derailed the feature in the first place!


On Thu, May 9, 2013 at 4:40 PM, Rich d'Rich <rich.d.rich@gmail.com> wrote:
AFAIK the username:password@ syntax is a browser artefact that the Java HTTP access libraries (apache commons httpclient) that Fedora uses doesn't support.

This also means that you can't do a server-server import where the source Fedora server requires authentication, and it causes problems with disseminators.

However, looking at the code, most of the "wiring" is there:
https://github.com/fcrepo/fcrepo/blob/master/fcrepo-server/src/main/java/org/fcrepo/server/access/DefaultAccess.java

it just needs getDatastreamDissemination (around line 1145) to extract a username and password from somewhere and put it into ContentManagerParams. Ideally, there would be a configured table of known external servers and credentials that could be kept secure so passwords aren't bandied about.

I may be wrong though and there's already a way to do this :-)


On 10 May 2013 06:36, Scott Prater <prater@wisc.edu> wrote:
Stefano --

Are you ingesting the datastreams as managed datastreams, or as redirect
or external datastreams?

If the former, once Fedora ingests the FOXML, the object is referred to
by its internal Fedora URI, and no source URLs or passwords are exposed
in any object export.

If the datastreams are managed, then you may want to take a compromise
approach: fetch them to the local machine using curl or some such tool,
then ingest the local file.  Once it's ingested, you can delete the
local file.

Managed datastreams are usually preferred to external or redirect
datastreams;  there are use cases for external and redirect datastreams
(which is why they exist), but the normal case is to store datastreams
as managed.

-- Scott

On 05/09/2013 01:08 PM, Benjamin Armintor wrote:
> Stefano-
>    I remember some conversation a couple of years ago about supporting
> BASIC auth in services, but as far as I know they didn't go anywhere.
>   Maybe another committer remembers something?  In any case, I don't see
> why storing the credentials like that wouldn't work, if you can accept
> the plain-text issues you cite.
>
> As far as certs, Im afraid you're on your own.  I will warn you that
> Java errs on the side of verification unless you instruct it not to, so
> invalid certs will cause other problems.
>
> - Ben
>
>
> On Thu, May 9, 2013 at 12:32 PM, Stefano Cossu <scossu@artic.edu
> <mailto:scossu@artic.edu>> wrote:
>
>     Hi there,
>     I'm starting to tinker with Fedora and trying to write a CMA workflow.
>     I'm building a digital object that should grab an image datastream from
>     an HTTPS server which requires basic authentication.
>     I tried inserting the authentication data in the URL for the datastream,
>     but now I have 2 problems:
>     1) Username and password are stored in plain text in the FOXML, visible
>     by everyone who looks up that record in Fedora, as well as all over the
>     logs.
>     2) I still can't connect to the server this way. The server's
>     certificate is expired, I don't know if that plays a role.
>
>     Fedora throws this error:
>
>     ERROR 2013-05-09 11:04:28.618 [http-8080-1] (BaseRestResource)
>     Unexpected error fulfilling REST API request
>     org.fcrepo.server.errors.HttpServiceNotFoundException:
>     [DefaultExternalContentManager] returned an error.  The underlying error
>     was a org.fcrepo.server.errors.GeneralException  T
>     he message was  "Error getting
>     https://username:password@imageserver/myHugePicture" .
>               at
>     org.fcrepo.server.storage.DefaultExternalContentManager.getExternalContent(DefaultExternalContentManager.java:152)
>     ~[fcrepo-server-3.6.2.jar:na]
>               at
>     org.fcrepo.server.access.DefaultAccess.getDatastreamDissemination(DefaultAccess.java:1148)
>     ~[fcrepo-server-3.6.2.jar:na]
>               at
>     org.fcrepo.server.rest.DatastreamResource.getDatastream(DatastreamResource.java:247)
>     ~[fcrepo-server-3.6.2.jar:na]
>     [...]
>
>     And the image server's Apache error log:
>
>     Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] Connection to
>     child 0 established (server imageserver:443)
>     [Thu May 09 11:04:25 2013] [info] Seeding PRNG with 144 bytes of entropy
>     [Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] SSL library error
>     1 in handshake (server imageserver:443)
>     [Thu May 09 11:04:25 2013] [info] SSL Library Error: 336151608
>     error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error
>     [Thu May 09 11:04:25 2013] [info] [client 10.80.25.47] Connection closed
>     to child 0 with abortive shutdown (server imageserver:443)
>     [...]
>
>     Of course, I can always use a redirect datastream and let the client
>     deal with authentication and SSL, but I'd like to hide the source URI if
>     possible.
>
>
>     Below is the FOXML representation of my object:
>
>     <foxml:digitalObject VERSION="1.1" PID="test:dervPub_obj"
>     xsi:schemaLocation="info:fedora/fedora-system:def/foxml#
>     http://www.fedora.info/definitions/1/0/foxml1-1.xsd">
>           <foxml:objectProperties>
>               <foxml:property
>     NAME="info:fedora/fedora-system:def/model#state" VALUE="Active"/>
>               <foxml:property
>     NAME="info:fedora/fedora-system:def/model#label" VALUE="Disseminator
>     object"/>
>               <foxml:property
>     NAME="info:fedora/fedora-system:def/model#ownerId" VALUE="fedoraAdmin"/>
>               <foxml:property
>     NAME="info:fedora/fedora-system:def/model#createdDate"
>     VALUE="2013-05-09T15:37:41.708Z"/>
>               <foxml:property
>     NAME="info:fedora/fedora-system:def/view#lastModifiedDate"
>     VALUE="2013-05-09T15:37:41.892Z"/>
>           </foxml:objectProperties>
>           <foxml:datastream ID="AUDIT" STATE="A" CONTROL_GROUP="X"
>     VERSIONABLE="false">
>               <foxml:datastreamVersion ID="AUDIT.0" LABEL="Audit Trail for
>     this object" CREATED="2013-05-09T15:37:41.708Z" MIMETYPE="text/xml"
>     FORMAT_URI="info:fedora/fedora-system:format/xml.fedora.audit">
>                   <foxml:xmlContent>
>                       <audit:auditTrail>
>                           <audit:record ID="AUDREC1">
>                               <audit:process type="Fedora API-M"/>
>     <audit:action>addDatastream</audit:action>
>     <audit:componentID>SOURCE_IMG</audit:componentID>
>     <audit:responsibility>fedoraAdmin</audit:responsibility>
>     <audit:date>2013-05-09T15:37:41.892Z</audit:date>
>                               <audit:justification/>
>                           </audit:record>
>                       </audit:auditTrail>
>                   </foxml:xmlContent>
>               </foxml:datastreamVersion>
>           </foxml:datastream>
>           <foxml:datastream ID="DC" STATE="A" CONTROL_GROUP="X"
>     VERSIONABLE="true">
>               <foxml:datastreamVersion ID="DC1.0" LABEL="Dublin Core Record
>     for this object" CREATED="2013-05-09T15:37:41.708Z" MIMETYPE="text/xml"
>     FORMAT_URI="http://www.openarchives.org/OAI/2.0/oai_dc/" SIZE="388">
>                   <foxml:xmlContent>
>                       <oai_dc:dc
>     xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/
>     http://www.openarchives.org/OAI/2.0/oai_dc.xsd">
>                           <dc:title>Disseminator object</dc:title>
>     <dc:identifier>test:dervPub_obj</dc:identifier>
>                       </oai_dc:dc>
>                   </foxml:xmlContent>
>               </foxml:datastreamVersion>
>           </foxml:datastream>
>           <foxml:datastream ID="RELS-EXT" STATE="A" CONTROL_GROUP="X"
>     VERSIONABLE="false">
>               <foxml:datastreamVersion ID="RELS-EXT.0" LABEL="Relationships"
>     CREATED="2013-05-09T15:37:41.837Z" MIMETYPE="application/rdf+xml"
>     FORMAT_URI="info:fedora/fedora-system:FedoraRELSExt-1.0" SIZE="273">
>                   <foxml:xmlContent>
>                       <rdf:RDF>
>                           <rdf:Description
>     rdf:about="info:fedora/test:dervPub_obj">
>                               <hasModel
>     rdf:resource="info:fedora/test:dervPub_CModel"/>
>                           </rdf:Description>
>                       </rdf:RDF>
>                   </foxml:xmlContent>
>               </foxml:datastreamVersion>
>           </foxml:datastream>
>           <foxml:datastream ID="SOURCE_IMG" STATE="A" CONTROL_GROUP="E"
>     VERSIONABLE="true">
>               <foxml:datastreamVersion ID="SOURCE_IMG.0" LABEL="full sized
>     image" CREATED="2013-05-09T15:37:41.892Z" MIMETYPE="image/jpeg">
>                   <foxml:contentLocation TYPE="URL"
>     REF="https://username:password@imageserver/myHugePicture"/>
>               </foxml:datastreamVersion>
>           </foxml:datastream>
>
>     I would really appreciate your help.
>
>
>
>     ------------------------------------------------------------------------------
>     Learn Graph Databases - Download FREE O'Reilly Book
>     "Graph Databases" is the definitive new guide to graph databases and
>     their applications. This 200-page book is written by three acclaimed
>     leaders in the field. The early access version is available now.
>     Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
>     _______________________________________________
>     Fedora-commons-users mailing list
>     Fedora-commons-users@lists.sourceforge.net
>     <mailto:Fedora-commons-users@lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
>
>
>
> _______________________________________________
> Fedora-commons-users mailing list
> Fedora-commons-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>


--
Scott Prater
Shared Development Group
General Library System
University of Wisconsin - Madison
prater@wisc.edu
5-5415

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users