Activity
From 02/26/2012 to 03/26/2012
03/26/2012
- 04:25 PM Revision 7091 (metacat): add logging statements when there is a problem calling setReplicationStatus
- 03:11 PM Revision 7090 (metacat): Get the serialVersion param from the MMP params map rather than the request object params map in setAccess().
- 02:10 PM Revision 7089 (metacat): Add a few more debugging statements to HazelcastService for troubleshooting hazelcast map concurrency.
03/23/2012
- 05:22 PM Revision 7088 (metacat): handle case where EML access rule "permission" is not in our constrained list (EML 2.0.0 doc showed this with a "none" permission for public principal). we now omit this invalid access rule when interpreting it in system metadata -- effectively dropping that invalid access rule. "none" had been stored as a 0 in the DB xml_access table and would not have given or denied access for the document so I think it can safely be omitted for good. for example, see knb-lter-gce.101.2 with this rule:
- <allow>
<principal>public</principal>
<permission>none</permission>
</allow>
03/22/2012
- 09:31 PM Revision 7087 (metacat): Use Jjava.util.Calendar rather than com.ibm ...
- 03:14 PM Revision 7086 (metacat): Also allow MNs to set the FAILED status in setReplicationStatus(). this was an oversight on my part, trying to keep MNs that truly did succeed from overriding the COMPLETED status with FAILED.
- 12:13 PM Revision 7085 (metacat): use Java-based temp file creation instead of Date (ms) timestamp to ensure uniqueness of the file and avoid re-use by two concurrent threads.
03/21/2012
03/19/2012
- 06:14 PM Revision 7083 (metacat): Don't check for populated obsoletes and obsoletedBy fields during CN.create(), only MN.create(). The CN should expect that the MN has populated this field because of existing revision information, and should trust the MN information. Addresses https://redmine.dataone.org/issues/2507.
- 06:08 PM Revision 7082 (metacat): Some minor logging changes.
- 12:40 PM Revision 7081 (metacat): use scope prefix (knb-lter-%) for random test doc population
- 12:33 PM Revision 7080 (metacat): include new jars for CN.delete() interface
- https://redmine.dataone.org/issues/2506
- 10:12 AM Revision 7079 (metacat): use isAdminAuthorized() to check access to CN.create(). Note this method takes a pid and permission parameter and neither is used. Also removed the NotFound exception because it would never come up.
- 10:01 AM Revision 7078 (metacat): check that caller is CN/admin for CN.delete()
- https://redmine.dataone.org/issues/2506
- 09:52 AM Revision 7077 (metacat): include CN.delete()
- https://redmine.dataone.org/issues/2506
03/16/2012
- 04:07 PM Revision 7076 (metacat): Notify each replica MN when critical portions of system metadata change so the MN can pull the latest copy into its store. AccessPolicy and RightsHolder changes are the most critical for the MN to keep updated on.
- 11:40 AM Revision 7075 (metacat): Only allow CNs to call MN.synchronizationFailed() by calling isAdminAuthorized(). The pid must also be valid.
03/15/2012
- 07:50 PM Revision 7074 (metacat): Modify CNodeService.setReplicationStatus() slightly to restrict MN-based calls to only set the status to COMPLETED. The CNs should be setting failures or invalidations, or the status can remain at QUEUED or REQUESTED, and the MNAuditTask can revisit those replicas as needed.
- 07:14 PM Revision 7073 (metacat): Add a notifyReplicaNodes() method that calls MNStorage.systemMetadataChanged() on MN replica nodes for a given object identifier. This will be called when there are changes to AccessPolicy and rights holder since these are critical access metadata for an MN, but they can only be changed on the CN.
- 12:10 PM Revision 7072 (metacat): Add some debugging statements in isAuthorized().
- 12:08 PM Revision 7071 (metacat): In setReplicationStatus(), first check for a replica target MN subject match with the session subject. If this fails, look to see if CN admin access is allowed. Otherwise throw NotAuthorized. Addresses https://redmine.dataone.org/issues/2494
- 11:46 AM Revision 7070 (metacat): do not allow "Metacat-conforming" identifiers to be used. "test.1.001" is interpreted as "test.1.1" which renders "test.1.002" unusable unless a traditional Metacat "update" is used for that id/revision which contradicts the DataONE use of Identifiers that have no lexical requirements for revisions.
- 08:08 AM Revision 7069 (metacat): check for session when checking administrative authorization
03/14/2012
- 12:02 PM Revision 7068 (metacat): Remove individual calls to isAdminAuthorized() in favor of the centralized isAuthorized() call that handles it now.
- 11:57 AM Revision 7067 (metacat): Incorporate isAdminAuthorized() into isAuthorized() for blanket CN access to objects.
03/13/2012
- 04:00 PM Revision 7066 (metacat): check for null Session before continuing with setReplicationStatus()
- https://redmine.dataone.org/issues/2476#note-3
- 03:09 PM Revision 7065 (metacat): do not attempt to parse empty file for the failure (BaseException serialization). There are cases when this is not given (failure="") when there is not a failure.
- https://redmine.dataone.org/issues/2476
- 03:05 PM Revision 7064 (metacat): check for null session (public) calls to MN.replicate() before passing it to the asynchronous implementation
- 02:58 PM Revision 7063 (metacat): do not replicate if session is null
- 02:19 PM Revision 7062 (metacat): throw not authorized when attempting to getReplica as an invalid/non-existent node
- 12:19 PM Revision 7061 (metacat): transitive properties for mapped subjects:
- -group membership
-verified flag
https://redmine.dataone.org/issues/2430
https://redmine.dataone.org/issues/2432 - 11:24 AM Revision 7060 (metacat): check group membership defined at group level (in addition to membership defined as part of of the Person level)
- https://redmine.dataone.org/issues/2429
- 10:43 AM Revision 7059 (metacat): logging for permission checks - trying to nail down details of MN checking
- 10:08 AM Revision 7058 (metacat): use Event.CREATE.xmlValue() when converting "insert" to "create"
- http://redmine.dataone.org/issues/2471
03/12/2012
- 08:20 PM Revision 7057 (metacat): log records should be inclusive of fromDate parameter (>=)
- https://redmine.dataone.org/issues/2471
- 04:38 PM Revision 7056 (metacat): use Timestamp object from results, not a new Date object from that Timestamp object
- 12:12 PM Revision 7055 (metacat): add an alternative method for loading system metadata identifiers but leave it commented out. We may find that using the ObjectList method is too much overhead, but it will always be consistent with what metacat reports for listObjects().
- 12:09 PM Revision 7054 (metacat): add note about long-running load for shared system metadata map
- 12:08 PM Revision 7053 (metacat): increase amount of text the 'xml_path_index.path' column can accommodate. I was seeing errors like this during indexing:
- knb 20120312-11:42:05: [ERROR]: DocumentImpl.buildIndex - SQL Exception while indexing document knb-lter-and.3147 : E...
03/09/2012
- 12:40 PM Revision 7052 (metacat): Added the following values to the HTTPD site configuration:
- JkOptions +ForwardURICompatUnparsed
AllowEncodedSlashes On
AcceptPathInfo On
03/08/2012
- 04:16 PM Revision 7051 (metacat): If PID is not part of the multipart params, we end up with a NullPointerException. Throw an InvalidRequest in this case rather than ServiceFailure resulting from the NPE.
- 03:52 PM Revision 7050 (metacat): add note about https://redmine.dataone.org/issues/2451 to the documentation
- 02:21 PM Revision 7049 (metacat): translate "insert" events in Metacat as Event.CREATE events ("create") for DataONE
- https://redmine.dataone.org/issues/2461
- 11:18 AM Revision 7048 (metacat): for good measure, use the D1 encoding util for url decoding the parameters for listObjects
- https://redmine.dataone.org/issues/2460
- 10:42 AM Revision 7047 (metacat): log record paging:
- -use start and count parameters
-if start+count exceeds the total number of records, then only return from start to t...
03/07/2012
- 02:49 PM Revision 7046 (metacat): Use 'fromDate' and 'toDate' as listObject param filters to comply with the API documentation. We had changed this in MNResourceHandler, but somehow missed it in CNResourceHandler.
- 02:30 PM Revision 7045 (metacat): check whether mapping (
03/06/2012
- 08:26 PM Revision 7044 (metacat): catch additional NotFound exception for: "do not include log entries for documents that the caller is not allowed to read." https://redmine.dataone.org/issues/2444
- 02:03 PM Revision 7043 (metacat): serialize exception in header for describe response when there is a BaseException
- https://redmine.dataone.org/issues/2440
- 01:41 PM Revision 7042 (metacat): do not include log entries for documents that the caller is not allowed to read. https://redmine.dataone.org/issues/2444
- 01:35 PM Revision 7041 (metacat): use revision provided in the docid when looking up guid. had been using latest revision which I think incorrectly reports on the log history.
- noticed this when looking at: https://redmine.dataone.org/issues/2444
03/05/2012
- 06:36 PM Revision 7040 (metacat): Add testIsEquivIdentityAuthorized() to ensure that [MN|CN].isAuthorized() is authorizing equivalent identities correctly. Note: Using TypeMarshaller.marshalTypeToOutputStream(type, System.out) to serialize an object seems to jack up output to stdout - not sure why.
- 06:30 PM Revision 7039 (metacat): A minor change to isAuthorized() - compare each Person in the SubjectInfo (not just the primary Subject) since each person could have an equivalent identity mapped to the primary Subject. Add debug logging for the comparison.
- 04:36 PM Revision 7038 (metacat): added debug logging
- https://redmine.dataone.org/issues/2429
- 04:27 PM Revision 7037 (metacat): check if verified flag is null before evaluating (NPE during MN Auth test)
- https://redmine.dataone.org/issues/2429
- 12:32 PM Revision 7036 (metacat): throw InvalidToken when there is invalid SubjectInfo embedded in the certificate
- https://redmine.dataone.org/issues/2431
- 09:58 AM Revision 7035 (metacat): fixed Oracle script issues identified by: Brian Turcotte <bturcott@sfwmd.gov>. He provided the fixes, so thank you!
03/01/2012
02/29/2012
Also available in: Atom