[OTDev] A&A clarifications
Nina Jeliazkova jeliazkova.nina at gmail.comWed Mar 9 17:00:28 CET 2011
- Previous message: [OTDev] A&A clarifications
- Next message: [OTDev] A&A clarifications
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 9 March 2011 17:56, surajit ray <mr.surajit.ray at gmail.com> wrote: > Yeah but the authorisation request on POST for the dataset URI, with > my fresh token returns a false. I have refered to that in a previous > mail on this thread. > Well, you don't need to ask for auth on the top level. There is no policy registered currently (you could verify this by listing policies for this URL), thus the "false". However, POSTs are allowed on ambit dataset services on the top level, simply because the service not checking any policies for the top level /dataset. @Andreas - I am not sure if the policy server allows registering a policy of the top level - could you please tell ? Best regards, Nina > > Regards > Surajit > > On 9 March 2011 07:53, Nina Jeliazkova <jeliazkova.nina at gmail.com> wrote: > > > > > > On 9 March 2011 17:51, surajit ray <mr.surajit.ray at gmail.com> wrote: > >> > >> Hi, > >> > >> Is it not necessary to have POST access to the top level dataset > >> service URI to upload datasets ? > > > > Yes, but POSTs on the top level is allowed for every registered user, and > if > > all users start registering their own policies on top level, it will not > > work anyway, as only the first attempt will be successful. > > > > Nina > >> > >> Regds > >> Surajit > >> > >> On 9 March 2011 06:42, Nina Jeliazkova <jeliazkova.nina at gmail.com> > wrote: > >> > Hi Surajit, > >> > > >> > You should create policies for specific datasets , e.g. > >> > https://ambit.uni-plovdiv.bg:8443/ambit2/dataset/XXX , not the top > >> > level > >> > https://ambit.uni-plovdiv.bg:8443/ambit2/dataset . I don't see a > policy > >> > created for this URL, but even if it is created, it will be ignored by > >> > the > >> > services. > >> > > >> > > >> > You could inspect policies via GUI here > >> > http://apps.ideaconsult.net:8080/vtox (log in and there will be > >> > Policies > >> > link) > >> > > >> > Regards, > >> > Nina > >> > > >> > On 9 March 2011 15:14, surajit ray <mr.surajit.ray at gmail.com> wrote: > >> >> > >> >> Hi, > >> >> > >> >> curl -i -X GET http://opensso.in-silico.ch/Pol/opensso-pol -H > >> >> > >> >> > "subjectid:AQIC5wM2LY4SfcyH9ELyynby356aOvAkimDZeEz2wzWTSX4=@AAJTSQACMDE=#" > >> >> > >> >> does not show the policy its saying it has created. It is not listing > >> >> the created policies. > >> >> > >> >> Also I am attaching the policy file I am trying to use to get POST > >> >> access to ambit. However a authorization thus > >> >> > >> >> curl -i -d "uri=https://ambit.uni-plovdiv.bg:8443/ambit2/dataset/" > –d > >> >> "action=POST" -d > >> >> > >> >> > "subjectid=AQIC5wM2LY4SfcyH9ELyynby356aOvAkimDZeEz2wzWTSX4=@AAJTSQACMDE=#" > >> >> http://opensso.in-silico.ch/opensso/identity/authorize > >> >> > >> >> yields > >> >> > >> >> HTTP/1.0 200 OK > >> >> Server: nginx/0.6.32 > >> >> Date: Wed, 09 Mar 2011 13:12:06 GMT > >> >> Content-Type: text/plain;charset=UTF-8 > >> >> Proxy-Connection: keep-alive > >> >> Content-Length: 14 > >> >> > >> >> boolean=false > >> >> > >> >> > >> >> I am really confused if it has created a policy or not ? Or if it has > >> >> made an incomplete policy ! > >> >> > >> >> How can I get POST access to > >> >> https://ambit.uni-plovdiv.bg:8443/ambit2/dataset/ > >> >> > >> >> Regards > >> >> Surajit > >> >> > >> >> On 9 March 2011 18:37, surajit ray <mr.surajit.ray at gmail.com> wrote: > >> >> > Hi, > >> >> > > >> >> > the command > >> >> > > >> >> > curl -i -H "Content-Type: application/xml" -T > /home/maxtox/maxtox.pol > >> >> > -X POST http://opensso.in-silico.ch/Pol/opensso-pol -H > >> >> > > >> >> > > >> >> > > "subjectid:AQIC5wM2LY4SfcyH9ELyynby356aOvAkimDZeEz2wzWTSX4=@AAJTSQACMDE=#" > >> >> > > >> >> > to create a policy returns > >> >> > > >> >> > HTTP/1.0 500 Internal Server Error > >> >> > Server: nginx/0.6.32 > >> >> > Date: Wed, 09 Mar 2011 13:02:39 GMT > >> >> > Content-Type: text/plain > >> >> > Proxy-Connection: keep-alive > >> >> > Content-Length: 44 > >> >> > > >> >> > IOException. Please contact administrator. > >> >> > > >> >> > I was expecting that it did not create the policy since I did not > 200 > >> >> > OK. However when I ran the same again I got > >> >> > > >> >> > HTTP/1.0 400 Bad Request > >> >> > Server: nginx/0.6.32 > >> >> > Date: Wed, 09 Mar 2011 13:04:26 GMT > >> >> > Content-Type: text/plain > >> >> > Proxy-Connection: keep-alive > >> >> > Content-Length: 111 > >> >> > > >> >> > OpenSSOPolicy allow_ambit_dataset_access_for_maxtox already exists > in > >> >> > organization dc=opensso,dc=java,dc=net. > >> >> > > >> >> > > >> >> > which means it created the policy. Therefore it should have given a > >> >> > 200 OK before. Or is this policy invalid ? > >> >> > > >> >> > Regards > >> >> > Surajit > >> >> > > >> >> > > >> >> > > >> >> > On 9 March 2011 18:30, surajit ray <mr.surajit.ray at gmail.com> > wrote: > >> >> >> Hi Andreas, > >> >> >> > >> >> >> Documentation at > >> >> >> > >> >> >> > >> >> >> > http://opentox.org/dev/documentation/Guidance%20on%20Using%20AA#example-session-policies > >> >> >> > >> >> >> incorrectly states that the subjectid should be URL encoded. The > >> >> >> command > >> >> >> > >> >> >> curl -i -X GET http://opensso.in-silico.ch/Pol/opensso-pol -H > >> >> >> > >> >> >> > >> >> >> > "subjectid:AQIC5wM2LY4SfcyH9ELyynby356aOvAkimDZeEz2wzWTSX4%3D%40AAJTSQACMDE%3D%23" > >> >> >> > >> >> >> returns ....... > >> >> >> > >> >> >> HTTP/1.0 400 Bad Request > >> >> >> Server: nginx/0.6.32 > >> >> >> Date: Wed, 09 Mar 2011 12:57:15 GMT > >> >> >> Content-Type: text/plain > >> >> >> Proxy-Connection: keep-alive > >> >> >> Content-Length: 59 > >> >> >> > >> >> >> Token could not be resolved to a user id. Token expired?. > >> >> >> > >> >> >> > >> >> >> > >> >> >> While the same without url encoding > >> >> >> curl -i -X GET http://opensso.in-silico.ch/Pol/opensso-pol -H > >> >> >> > >> >> >> > >> >> >> > "subjectid:AQIC5wM2LY4SfcyH9ELyynby356aOvAkimDZeEz2wzWTSX4=@AAJTSQACMDE=#" > >> >> >> > >> >> >> returns > >> >> >> > >> >> >> > >> >> >> HTTP/1.0 200 OK > >> >> >> Server: nginx/0.6.32 > >> >> >> Date: Wed, 09 Mar 2011 12:57:22 GMT > >> >> >> Content-Type: text/plain > >> >> >> Proxy-Connection: keep-alive > >> >> >> Content-Length: 1 > >> >> >> > >> >> >> > >> >> >> > >> >> >> Could you please change the same on the documentation page ? > >> >> >> > >> >> >> Regards > >> >> >> Surajit > >> >> >> > >> >> >> > >> >> >> > >> >> >> On 8 March 2011 19:07, Andreas Maunz <andreas at maunz.de> wrote: > >> >> >>> surajit ray wrote on 03/08/2011 02:23 PM: > >> >> >>>> > >> >> >>>> Could you please clarify these inconsistencies (if the cannot be > >> >> >>>> changed) in the help document ? > >> >> >>> > >> >> >>> Definitely, I'll make the point more explicit. > >> >> >>> > >> >> >>> Andreas > >> >> >>> > >> >> >> > >> >> > > >> >> > >> >> > >> >> > >> >> -- > >> >> Surajit Ray > >> >> Partner > >> >> www.rareindianart.com > >> >> > >> >> _______________________________________________ > >> >> Development mailing list > >> >> Development at opentox.org > >> >> http://www.opentox.org/mailman/listinfo/development > >> >> > >> > > >> > > >> > >> > >> > >> -- > >> Surajit Ray > >> Partner > >> www.rareindianart.com > > > > > > > > -- > Surajit Ray > Partner > www.rareindianart.com >
- Previous message: [OTDev] A&A clarifications
- Next message: [OTDev] A&A clarifications
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Development mailing list