[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: password protection



Ok, now i see the problem, its because the getAscii() makes a recursive call to itself. I will have to investigate how to fix that problem. Calls other than ascii should work, i think.

Luca Giacomelli wrote:
Hi John,
I think so....I make some tests with firefox, MS explorer and ferret. With ferret is impossible to find informations into logs but with firefox and MS explorer I found the exception inside catalina.out
I tried also to use this syntax http://username:address@hidden:8080/thredds/dodsC/agg/climatology.ascii?time[0:1:11] in order to renew username and password inside the new page opened pushing "get ascii" button.
I'm sending you my catalog.xml
I think that the main password system works because I need username and password in order to open the DOS Dataset Access Form.
Ciao, Luca



John Caron wrote:

Hi again:

Sorry, i misunderstood the stack trace below. It appears the TDS is trying to access a password-protected opendap server, possibly itself?

Luca Giacomelli wrote:

Dear support,
I'd like to control the access to my datasets (thredds version 3.8.03). I tried to configure Tomcat Users. Now all seems to works but I can't get ascii data (after the authentication). I can see an empty web page and and I can read this error in catalina.out:


OUCH! IOException: Server returned HTTP response code: 401 for URL: http://137.204.52.160:8080/thredds/dodsC/agg/climatology.dods
java.io.IOException: Server returned HTTP response code: 401 for URL: http://137.204.52.160:8080/thredds/dodsC/agg/climatology.dods
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:800)


at dods.dap.DConnect.openConnection(DConnect.java:193)
at dods.dap.DConnect.getDataFromUrl(DConnect.java:451)
at dods.dap.DConnect.getData(DConnect.java:410)
at dods.servlet.dodsASCII.sendASCII(dodsASCII.java:92)
at dods.servlet.DODSServlet.doGetASC(DODSServlet.java:862)
at dods.servlet.DODSServlet.doGet(DODSServlet.java:1459)
at dods.servers.netcdf.NcDODSServlet.doGet(NcDODSServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)


at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)

at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)

at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)


at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)

at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)

at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)

       at java.lang.Thread.run(Thread.java:534)

In my ${tomcat_home}/webapps/thredds/WEB-INF/web.xml I added this security-constraint:
<security-constraint>
<display-name>User thredds</display-name>
<web-resource-collection>
<web-resource-name>thredds allowed</web-resource-name>
<url-pattern>/dodsC/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>thredds</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>


I'd like to know how to limit data access.

Best regards, Luca




--
Giacomelli Luca
Laboratorio di Simulazioni Numeriche del Clima e degli Ecosistemi Marini
Università degli Studi di Bologna-Corso di Laurea in Scienze Ambientali
Via S.Alberto 163, 48100 Ravenna
Tel. +39 0544937324 - Fax +39 0544937323

Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invito ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandomene gentilmente comunicazione. Grazie.

Pursuant to Legislative Decree No. 196/2003, you are hereby informed that this message contains confidential information intended only for the use of the addressee. If you are not the addressee, and have received this message by mistake, please delete it and immediately notify me. You may not copy or disseminate this message to anyone. Thank you.





-- Giacomelli Luca Laboratorio di Simulazioni Numeriche del Clima e degli Ecosistemi Marini Università degli Studi di Bologna-Corso di Laurea in Scienze Ambientali Via S.Alberto 163, 48100 Ravenna Tel. +39 0544937324 - Fax +39 0544937323

Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invito ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandomene gentilmente comunicazione. Grazie.

Pursuant to Legislative Decree No. 196/2003, you are hereby informed that this message contains confidential information intended only for the use of the addressee. If you are not the addressee, and have received this message by mistake, please delete it and immediately notify me. You may not copy or disseminate this message to anyone. Thank you.


------------------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>
<catalog name="SiNCEM THREDDS Server base Catalog"
        xmlns="http://www.unidata.ucar.edu/namespaces/thredds/InvCatalog/v1.0";
        xmlns:xlink="http://www.w3.org/1999/xlink";>

  <service name="thisDODS" serviceType="OpenDAP" base="/thredds/dodsC/">
    <datasetRoot path="test" location="/dataTest/"/>
  </service>

<datasetScan name="Test all files in a directory" ID="testDatasetScan" path="testAll" location="/dataTest/">

       <metadata inherited="true">
         <serviceName>thisDODS</serviceName>
       </metadata>

      <filter>
      <include wildcard="*.nc" />
      </filter>

    </datasetScan>

   <dataset name="Test Aggregation 1" ID="TestAgg" urlPath="agg/climatology">
     <serviceName>thisDODS</serviceName>

     <netcdf xmlns="http://www.unidata.ucar.edu/namespaces/netcdf/ncml-2.2";>
       <dimension name="time" length="0"/>
         <variable name="time" type="int" shape="time">
           <attribute name="units" value="months since 2000-01-01 00:00"/>
           <attribute name="_CoordinateAxisType" value="Time" />
         </variable>
      <aggregation dimName="time" type="joinNew">
        <scan dateFormatMark="MEDATLAS_mersea_grid1o8_MED_CLIM_#MM" location="/dataTest/" 
suffix=".nc" />
      </aggregation>
     </netcdf>

   </dataset>


</catalog>


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.