Ticket #280 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

tried to delete an article on single box staging server using our wiki instructions. breakage.

Reported by: russ Assigned to: ebrown
Priority: critical Milestone:
Component: topaz Version:
Keywords: Cc:
Blocking: Blocked By:

Description

howdy.

we need to delete an article that was published on our staging server in order to reingest corrections.

we have some instructions on how to do that, which involve commenting out the pdpName section of /etc/topaz/topaz.xml, and then running the articles script with the --delete flag.

i commented things out, and retarted the stack on the staging server. i ran the command and got the following error in the trace:

java.io.FileNotFoundException?: Can not find a file or resource named '/tmp/PDPConfig.xml' specified for 'com.sun.xacml.PDPConfigFile' in System property

i uncommented topaz.xml, restarted the stack again, and now i get errors in topaz.log whenever it tries to do anything (display an article, search, construct tabs on the home page)

the topaz.log errors *also* complain about missing /tmp/PDPConfig.xml files.

any clues? our stage is on rc8

Dependency Graph

Change History

02/15/07 13:46:23 changed by russ

here's the process we have for deleting an article:

Delete an Article

1. Create the script /usr/local/topaz/bin/articles with the following 3 lines:

#!/usr/bin/env bash . /usr/local/topaz/bin/tools java -cp getJars Articles "$@"

2. Disable xacml on topaz (comment out the pdpName sections in /etc/topaz/topaz.xml)

3. Run the script

articles -uri http://<topazhost>:8008/ws-articles-webapp/services/ArticleServicePort -delete <article URI>

The articleURI is info:doi/10.1371/journal.pone.0000136

Running this on plostopaz01 is fine as long as you bring down plosone01 when you are running plostopaz01 with xacml disabled and webhead can route all traffic to plosone02 and plostopaz02.

02/15/07 13:46:52 changed by russ

here's a stack trace from topaz.log on home.action reload:

2007-02-15 13:35:09,179 ERROR ArticleServicePortSoapBindingImpl?> Failed to initialize ArticleImpl?. [http-8008-Processor25 org.topazproject.ws.article.ArticleServicePortSoapBindingImpl?] java.io.FileNotFoundException?: Can not find a file or resource named '/tmp/PDPConfig.xml' specified for 'com.sun.xacml.PDPConfigFile' in System property

at org.topazproject.xacml.PDPFactory.getPDPConfigFile(PDPFactory.java:226) at org.topazproject.xacml.PDPFactory.getInstance(PDPFactory.java:79) at org.topazproject.xacml.ws.WSXacmlUtil.lookupPDP(WSXacmlUtil.java:84) at org.topazproject.ws.article.ArticleServicePortSoapBindingImpl?$WSArticlePEP.<init>(ArticleServicePortSoapBindingImpl?.java:161) at org.topazproject.ws.article.ArticleServicePortSoapBindingImpl?.init(ArticleServicePortSoapBindingImpl?.java:40) at org.apache.axis.providers.java.JavaProvider?.getNewServiceObject(JavaProvider?.java:238) at org.apache.axis.providers.java.JavaProvider?.getSessionServiceObject(JavaProvider?.java:201) at org.apache.axis.providers.java.JavaProvider?.getApplicationScopedObject(JavaProvider?.java:131) at org.apache.axis.providers.java.JavaProvider?.getServiceObject(JavaProvider?.java:109) at org.apache.axis.providers.java.JavaProvider?.invoke(JavaProvider?.java:287) at org.apache.axis.strategies.InvocationStrategy?.visit(InvocationStrategy?.java:32) at org.apache.axis.SimpleChain?.doVisiting(SimpleChain?.java:118) at org.apache.axis.SimpleChain?.invoke(SimpleChain?.java:83) at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454) at org.apache.axis.server.AxisServer?.invoke(AxisServer?.java:281) at org.apache.axis.transport.http.AxisServlet?.doPost(AxisServlet?.java:699) at javax.servlet.http.HttpServlet?.service(HttpServlet?.java:709) at org.apache.axis.transport.http.AxisServletBase?.service(AxisServletBase?.java:327) at javax.servlet.http.HttpServlet?.service(HttpServlet?.java:802) at org.apache.catalina.core.ApplicationFilterChain?.internalDoFilter(ApplicationFilterChain?.java:252) at org.apache.catalina.core.ApplicationFilterChain?.doFilter(ApplicationFilterChain?.java:173) at org.topazproject.ws.users.filter.UserAccountsFilter?.doFilter(UserAccountsFilter?.java:103) at org.apache.catalina.core.ApplicationFilterChain?.internalDoFilter(ApplicationFilterChain?.java:202) at org.apache.catalina.core.ApplicationFilterChain?.doFilter(ApplicationFilterChain?.java:173) at edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:284) at org.topazproject.cas.client.filter.CASValidateFilterWrapper.doFilter(CASValidateFilterWrapper.java:70) at org.apache.catalina.core.ApplicationFilterChain?.internalDoFilter(ApplicationFilterChain?.java:202) at org.apache.catalina.core.ApplicationFilterChain?.doFilter(ApplicationFilterChain?.java:173) at org.apache.catalina.core.StandardWrapperValve?.invoke(StandardWrapperValve?.java:213) at org.apache.catalina.core.StandardContextValve?.invoke(StandardContextValve?.java:178) at org.apache.catalina.core.StandardHostValve?.invoke(StandardHostValve?.java:126) at org.apache.catalina.valves.ErrorReportValve?.invoke(ErrorReportValve?.java:105) at org.apache.catalina.core.StandardEngineValve?.invoke(StandardEngineValve?.java:107) at org.apache.catalina.connector.CoyoteAdapter?.service(CoyoteAdapter?.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint?.processSocket(PoolTcpEndpoint?.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread?.runIt(LeaderFollowerWorkerThread?.java:80) at org.apache.tomcat.util.threads.ThreadPool?$ControlRunnable?.run(ThreadPool?.java:684) at java.lang.Thread.run(Thread.java:595)

2007-02-15 13:35:09,198 ERROR ArticleServicePortSoapBindingImpl?> Failed to initialize ArticleImpl?. [http-8008-Processor24 org.topazproject.ws.article.ArticleServicePortSoapBindingImpl?] java.io.FileNotFoundException?: Can not find a file or resource named '/tmp/PDPConfig.xml' specified for 'com.sun.xacml.PDPConfigFile' in System property

at org.topazproject.xacml.PDPFactory.getPDPConfigFile(PDPFactory.java:226) at org.topazproject.xacml.PDPFactory.getInstance(PDPFactory.java:79) at org.topazproject.xacml.ws.WSXacmlUtil.lookupPDP(WSXacmlUtil.java:84) at org.topazproject.ws.article.ArticleServicePortSoapBindingImpl?$WSArticlePEP.<init>(ArticleServicePortSoapBindingImpl?.java:161) at org.topazproject.ws.article.ArticleServicePortSoapBindingImpl?.init(ArticleServicePortSoapBindingImpl?.java:40) at org.apache.axis.providers.java.JavaProvider?.getNewServiceObject(JavaProvider?.java:238) at org.apache.axis.providers.java.JavaProvider?.getSessionServiceObject(JavaProvider?.java:201) at org.apache.axis.providers.java.JavaProvider?.getApplicationScopedObject(JavaProvider?.java:131) at org.apache.axis.providers.java.JavaProvider?.getServiceObject(JavaProvider?.java:109) at org.apache.axis.providers.java.JavaProvider?.invoke(JavaProvider?.java:287) at org.apache.axis.strategies.InvocationStrategy?.visit(InvocationStrategy?.java:32) at org.apache.axis.SimpleChain?.doVisiting(SimpleChain?.java:118) at org.apache.axis.SimpleChain?.invoke(SimpleChain?.java:83) at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454) at org.apache.axis.server.AxisServer?.invoke(AxisServer?.java:281) at org.apache.axis.transport.http.AxisServlet?.doPost(AxisServlet?.java:699) at javax.servlet.http.HttpServlet?.service(HttpServlet?.java:709) at org.apache.axis.transport.http.AxisServletBase?.service(AxisServletBase?.java:327) at javax.servlet.http.HttpServlet?.service(HttpServlet?.java:802) at org.apache.catalina.core.ApplicationFilterChain?.internalDoFilter(ApplicationFilterChain?.java:252) at org.apache.catalina.core.ApplicationFilterChain?.doFilter(ApplicationFilterChain?.java:173) at org.topazproject.ws.users.filter.UserAccountsFilter?.doFilter(UserAccountsFilter?.java:103) at org.apache.catalina.core.ApplicationFilterChain?.internalDoFilter(ApplicationFilterChain?.java:202) at org.apache.catalina.core.ApplicationFilterChain?.doFilter(ApplicationFilterChain?.java:173) at edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:284) at org.topazproject.cas.client.filter.CASValidateFilterWrapper.doFilter(CASValidateFilterWrapper.java:70) at org.apache.catalina.core.ApplicationFilterChain?.internalDoFilter(ApplicationFilterChain?.java:202) at org.apache.catalina.core.ApplicationFilterChain?.doFilter(ApplicationFilterChain?.java:173) at org.apache.catalina.core.StandardWrapperValve?.invoke(StandardWrapperValve?.java:213) at org.apache.catalina.core.StandardContextValve?.invoke(StandardContextValve?.java:178) at org.apache.catalina.core.StandardHostValve?.invoke(StandardHostValve?.java:126) at org.apache.catalina.valves.ErrorReportValve?.invoke(ErrorReportValve?.java:105) at org.apache.catalina.core.StandardEngineValve?.invoke(StandardEngineValve?.java:107) at org.apache.catalina.connector.CoyoteAdapter?.service(CoyoteAdapter?.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint?.processSocket(PoolTcpEndpoint?.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread?.runIt(LeaderFollowerWorkerThread?.java:80) at org.apache.tomcat.util.threads.ThreadPool?$ControlRunnable?.run(ThreadPool?.java:684) at java.lang.Thread.run(Thread.java:595)

02/15/07 14:15:40 changed by ebrown

  • owner changed from somebody to ebrown.
  • status changed from new to assigned.

02/15/07 15:38:49 changed by pradeep

Make sure you don't have a '-Dcom.sun.xacml.PDPConfigFile=/tmp/PDPConfig.xml' in the following places:

/etc/sysconfig/topazcommon /etc/sysconfig/topaz

Looks like this env variable was not cleaned up after some temporary hacks of running with a different set of XACML policies. (FYI. The com.sun.xacml.PDPConfigFile option above is a way to override the default configuration of the XACML PDP.)

02/15/07 15:41:40 changed by russ

  • status changed from assigned to closed.
  • resolution set to fixed.

removal of the /etc/sysconfig/topaz file resolved the problem.

it's odd that it didn't appear sooner - perhaps the /tmp/PDPConfig.xml file was removed recently or maybe it was the editing of /etc/topaz/topaz.xml to allow article deletion that caused this to manifest.

thanks eric!!!

02/15/07 16:14:40 changed by ebrown

For future reference... I don't know how much this old email may explain things...

Date: December 20, 2006 9:26:39 AM PST
Subject: permit-all during user-migration

Russ,

Let us do a permit-all policy during user-migration.

1. Copy the 2 attached files to /tmp

2. Add the following line to /etc/sysconfig/topaz

export TOMCAT_OPTS='-Dcom.sun.xacml.PDPConfigFile=/tmp/PDPConfig.xml'

3. Restart topaz.

Thanks, Pradeep 

<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://sunxacml.sourceforge.net/schema/config-0.3"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  defaultPDP="ingest-user-pdp" defaultAttributeFactory="attr"
  defaultCombiningAlgFactory="comb" defaultFunctionFactory="func">
  <pdp name="standard-pdp">
    <attributeFinderModule class="com.sun.xacml.finder.impl.CurrentEnvModule"/>
    <attributeFinderModule
      class="org.topazproject.xacml.finder.ConfigurationAttributeFinderModule"/>
    <attributeFinderModule
      class="org.topazproject.xacml.ws.ServletEndpointContextAttributeFinderModule"/>
    <policyFinderModule class="org.topazproject.xacml.finder.ResourcePolicyModule"
      name="standard-policy-finder">
      <list>
        <string>policy/sets/standard-set.xml</string>
      </list>
    </policyFinderModule>
    <policyFinderModule class="org.topazproject.xacml.finder.ResourceReferencePolicyModule">
      <list>
        <string>policy/rules/deny-revokes.xml</string>
        <string>policy/rules/deny-anonymous.xml</string>
        <string>policy/rules/deny-all.xml</string>
        <string>policy/rules/deny-disabled.xml</string>
        <string>policy/rules/deny-inactive.xml</string>
        <string>policy/rules/permit-creator.xml</string>
        <string>policy/rules/permit-self.xml</string>
        <string>policy/rules/permit-grants.xml</string>
        <string>policy/rules/permit-admin.xml</string>
        <string>policy/rules/permit-all.xml</string>
        <string>policy/rules/permit-bootstrap.xml</string>
        <string>policy/rules/permitted-anonymous-operations.xml</string>
        <string>policy/rules/permitted-user-operations.xml</string>
      </list>
    </policyFinderModule>
  </pdp>
  <pdp name="test-pdp">
    <attributeFinderModule class="com.sun.xacml.finder.impl.CurrentEnvModule"/>
    <attributeFinderModule
      class="org.topazproject.xacml.finder.ConfigurationAttributeFinderModule"/>
    <attributeFinderModule
      class="org.topazproject.xacml.ws.ServletEndpointContextAttributeFinderModule"/>
    <policyFinderModule class="org.topazproject.xacml.finder.ResourcePolicyModule"
      name="test-policy-finder">
      <list>
        <string>policy/sets/test-set.xml</string>
      </list>
    </policyFinderModule>
    <policyFinderModule class="org.topazproject.xacml.finder.ResourceReferencePolicyModule">
      <list>
        <string>policy/rules/deny-revokes.xml</string>
        <string>policy/rules/deny-anonymous.xml</string>
        <string>policy/rules/deny-all.xml</string>
        <string>policy/rules/deny-disabled.xml</string>
        <string>policy/rules/deny-inactive.xml</string>
        <string>policy/rules/permit-creator.xml</string>
        <string>policy/rules/permit-self.xml</string>
        <string>policy/rules/permit-grants.xml</string>
        <string>policy/rules/permit-admin.xml</string>
        <string>policy/rules/permit-all.xml</string>
        <string>policy/rules/permit-bootstrap.xml</string>
        <string>policy/rules/permitted-anonymous-operations.xml</string>
        <string>policy/rules/permitted-user-operations.xml</string>
      </list>
    </policyFinderModule>
  </pdp>
  <pdp name="ingest-user-pdp">
    <attributeFinderModule class="com.sun.xacml.finder.impl.CurrentEnvModule"/>
    <attributeFinderModule
      class="org.topazproject.xacml.finder.ConfigurationAttributeFinderModule"/>
    <attributeFinderModule
      class="org.topazproject.xacml.ws.ServletEndpointContextAttributeFinderModule"/>
    <policyFinderModule class="org.topazproject.xacml.finder.URLPolicyModule"
      name="ingest-user-policy-finder">
      <list>
        <string>file:///tmp/permit-all.xml</string>
      </list>
    </policyFinderModule>
  </pdp>
  <attributeFactory name="attr" useStandardDatatypes="true"/>
  <combiningAlgFactory name="comb" useStandardAlgorithms="true"/>
  <functionFactory name="func" useStandardFunctions="true">
    <condition>
      <function class="org.topazproject.xacml.cond.ItqlQueryFunction"/>
      <function class="org.topazproject.xacml.cond.PermissionFunction$IsGranted"/>
      <function class="org.topazproject.xacml.cond.PermissionFunction$IsRevoked"/>
      <function class="org.topazproject.xacml.cond.CachedBagFunction"/>
      <function class="org.topazproject.xacml.cond.StringToIntegerFunction"/>
    </condition>
  </functionFactory>
</config>

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  PolicyId="permit-all"
  RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">

  <Description>
    All permissions.
  </Description>

  <Target>
    <AnyTarget/>
  </Target>

  <Rule RuleId="permitAll" Effect="Permit"/>
  <!--  
  <Obligations>
    <Obligation ObligationId="log" FulfillOn="Permit">
      <AttributeAssignment AttributeId="policy" 
        DataType="http://www.w3.org/2001/XMLSchema#string">permit-all</AttributeAssignment>
    </Obligation>
  </Obligations>
  -->
</Policy>