Versions Compared

Old Version 1

changes.mady.by.user Melissa Anez

Saved on

compared with

New Version 2

changes.mady.by.user Ernest Gillis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. $FEDORA_HOME/tomcat/logs/catalina.out should contain no errors.
  2. View your Fedora instance through a web browser:

 

Setting XACML Policies

...

Install required polices, remove some restrictive policies.

  1. First stop your Fedora instance by running:$FEDORA_HOME/tomcat/bin/shutdown.sh

  2. Remove they deny-purge policies:

    Code Block
    languagebash
    titleCommand Line to remove "deny-purge" policies
    $ rm -v /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-purge-*

  3. Create a folder for islandora specific policiesNavigate to the Fedora "repository-policies" directory:

    Code Block
    languagebash
    titleCommand Line to create islandora specific policies
    $ mkdircd /usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora

  4. Download / Clone the Islandora specific XACML policies from the Islandora GitHub XACML Policies repoThen copy all the policies included with islandora into the newly created "islandora" folder located here "/usr/local/fedora/data/fedora-xacml-policies/repository-policies/":

    Code Block
    languagebash
    $ cpgit -vclone https:/var/wwwgithub.com/islandora/sites/all/modules/islandora/policies/* Islandora/islandora-xacml-policies.git islandora

The Islandora XACML policies should now be located in "/usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora

...

titleIslandora Install Location

...

".

...

These policies will be located in the policies folder of the islandora module There should be at least these 4 policies:

  • permit-apim-to-authenticated-user.xml
  • permit-getDatastream-unrestricted.xml
  • permit-getDatastreamHistory-unrestricted.xml
  • permit-upload-to-authenticated-user.xml

...

Code Block
languagebash
/usr/local/fedora/data/fedora-xacml-policies/repository-policies/
├── default
│   ├── deny-apim-if-not-localhost.xml
│   ├── deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml
│   ├── deny-policy-management-if-not-administrator.xml
│   ├── deny-reloadPolicies-if-not-localhost.xml
│   ├── deny-unallowed-file-resolution.xml
│   ├── permit-anything-to-administrator.xml
│   ├── permit-apia-unrestricted.xml
│   ├── permit-dsstate-check-unrestricted.xml
│   ├── permit-oai-unrestricted.xml
│   ├── permit-serverStatus-unrestricted.xml
│   └── readme.txt
└── islandora
    ├── permit-apim-to-authenticated-user.xml
    ├── permit-getDatastreamHistory-unrestricted.xml
    ├── permit-getDatastream-unrestricted.xml
    └── permit-upload-to-authenticated-user.xml

 11. Navigate to $FEDORA

Adjusting access for more than "localhost"

Install required polices, remove some restrictive policies.

  1. Open the $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml

...

  1. in your favorite editor

  2. Locate the text:

    Code Block
    languagebash
    &lt;AttributeValue DataType="<a href="

...

  1. http://www.w3.org/2001/XMLSchema#string"

...

  1. >http://www.w3.org/2001/XMLSchema#string</a>"&gt;127.0.0.

...

  1. 1&lt;/AttributeValue&gt;

  2. Duplicate this line for every IP address you wish to access Fedora from (i.e. your Islandora Drupal server, your desktop computer, etc).
    For example

    Code Block
    languagebash
  1. <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">127.0.0.1</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">192.168.56.1</AttributeValue>

...

  1.  Note
    The Fedora default XACML policies can be restored to their default state at any time by simply removing the 'default' directory, and stopping/starting Fedora. Always backup your polices first before doing this!
 
...
  1. Start up Fedora by using the startup command from step 8:
     Code Block
    $FEDORA_HOME/tomcat/bin/startup.sh
...
  1. Access the Fedora Web Administrator: http://localhost:8080/fedora/admin and ensure you can ingest and purge objects.
14. For information on using Fedora, make use of the tutorials at the Fedora Commons site.