This feature is disabled by default, and requires configuration in order to enable it. See the allowed list configuration section below. |
When referencing content hosted outside of the repository, you can create an empty binary to act as a placeholder for the external content, specifying the URL of the external content. |
Instead of supplying the binary in the body of the request, you provide a Link header which uses the rel="http://fedora.info/definitions/fcrepo#ExternalContent" and specifies where to get the resource and how to handle it.
Link: <http://example.org/some/content>; rel="http://fedora.info/definitions/fcrepo#ExternalContent"; handling="proxy"; type="image/tiff" |
The Fedora API specifies 3 methods of handling external content, all of which are supported.
If you provide a type= parameter to the Link header this content type will be used, however if type= is omitted, then the server attempts to determine the Content-Type.
If the external URI has a file prefix (ie. local disk storage) then application/octet-stream is returned.
If the external URI has a http prefix then a HEAD request is made to the URI provided in the Link header to retrieve the Content-type header, if this header is not returned the resource cannot be added to the repository.
The URI of the external content must be absolute. Relative paths and paths using relative path modifiers ("../") will result in the operation failing with a 400 status code. |
Creating the proxy LDP-NR
> curl -i -H"Link: <file:///local/file/storage/wonderful.tiff>; rel=\"http://fedora.info/definitions/fcrepo#ExternalContent\"; handling=\"proxy\"; type=\"image/tiff\"" -XPUT -ufedoraAdmin:fedoraAdmin http://localhost:8080/rest/test_proxy_local_file HTTP/1.1 201 Created Date: Fri, 29 Jun 2018 14:15:54 GMT Set-Cookie: JSESSIONID=aedg7ilmx9zxugi8x9em7l8h;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 28-Jun-2018 14:15:54 GMT ETag: "0e409de61b53a864ad3a87f4faf884d88cf041ff" Last-Modified: Fri, 29 Jun 2018 14:15:55 GMT Link: <http://localhost:8080/rest/test_proxy_local_file/fcr:metadata>; rel="describedby"; anchor="http://localhost:8080/rest/test_proxy_local_file" Link: <http://localhost:8080/static/constraints/NonRDFSourceConstraints.rdf>; rel="http://www.w3.org/ns/ldp#constrainedBy" Content-Location: file:/local/file/storage/wonderful.tiff Link: <http://localhost:8080/rest/test_proxy_local_file/fcr:acl>; rel="acl" Location: http://localhost:8080/rest/test_proxy_local_file Content-Type: text/plain Content-Length: 48 Server: Jetty(9.3.1.v20150714) http://localhost:8080/rest/test_proxy_local_file |
Results of a request
> curl -i http://localhost:8080/rest/test_proxy_local_file -ufedoraAdmin:fedoraAdmin HTTP/1.1 200 OK Date: Fri, 29 Jun 2018 16:40:48 GMT Set-Cookie: JSESSIONID=zhy7150ie8vo1bsc9ycb1ghu1;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 28-Jun-2018 16:40:48 GMT ETag: "0e409de61b53a864ad3a87f4faf884d88cf041ff" Last-Modified: Fri, 29 Jun 2018 14:15:55 GMT Content-Type: image/tiff Accept-Ranges: bytes Content-Disposition: attachment; filename=""; creation-date="Fri, 29 Jun 2018 14:15:55 GMT"; modification-date="Fri, 29 Jun 2018 14:15:55 GMT"; size=14761236 Link: <http://www.w3.org/ns/ldp#Resource>;rel="type" Link: <http://www.w3.org/ns/ldp#NonRDFSource>;rel="type" Link: <http://localhost:8080/rest/test_proxy_local_file/fcr:acl>; rel="acl" Content-Location: file:/Users/whikloj/Desktop/wonderful.tiff Link: <http://localhost:8080/rest/test_proxy_local_file/fcr:metadata>; rel="describedby" Link: <http://localhost:8080/static/constraints/NonRDFSourceConstraints.rdf>; rel="http://www.w3.org/ns/ldp#constrainedBy" Accept-External-Content-Handling: copy,redirect,proxy Allow: DELETE,HEAD,GET,PUT,OPTIONS Cache-Control: no-transform, must-revalidate, max-age=0 Content-Length: 14761236 Server: Jetty(9.3.1.v20150714) ...<BODY CONTENT>... |
Creating the redirect LDP-NR
> curl -i -H"Link: <http://localhost:8111/wonderful.jp2>; rel=\"http://fedora.info/definitions/fcrepo#ExternalContent\"; handling=\"redirect\"; type=\"image/jp2\"" -XPUT -ufedoraAdmin:fedoraAdmin http://localhost:8080/rest/test_redirect_remote_file HTTP/1.1 201 Created Date: Fri, 29 Jun 2018 16:11:16 GMT Set-Cookie: JSESSIONID=1rv3ytcylpb093ra1mhznx9dp;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 28-Jun-2018 16:11:16 GMT ETag: "009b79832d68313dd45ca6aab0528b34f9054713" Last-Modified: Fri, 29 Jun 2018 16:11:16 GMT Link: <http://localhost:8080/rest/test_redirect_remote_file/fcr:metadata>; rel="describedby"; anchor="http://localhost:8080/rest/test_redirect_remote_file" Link: <http://localhost:8080/static/constraints/NonRDFSourceConstraints.rdf>; rel="http://www.w3.org/ns/ldp#constrainedBy" Content-Location: http://localhost:8111/wonderful.jp2 Link: <http://localhost:8080/rest/test_redirect_remote_file/fcr:acl>; rel="acl" Location: http://localhost:8080/rest/test_redirect_remote_file Content-Type: text/plain Content-Length: 52 Server: Jetty(9.3.1.v20150714) http://localhost:8080/rest/test_redirect_remote_file |
Results of a request
> curl -i http://localhost:8080/rest/test_redirect_remote_file -ufedoraAdmin:fedoraAdmin -L HTTP/1.1 307 Temporary Redirect Date: Fri, 29 Jun 2018 16:11:59 GMT Set-Cookie: JSESSIONID=cg9yt3o4whnmmxe9vllwerdz;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 28-Jun-2018 16:11:59 GMT ETag: "009b79832d68313dd45ca6aab0528b34f9054713" Last-Modified: Fri, 29 Jun 2018 16:11:16 GMT Content-Type: image/jp2 Accept-Ranges: bytes Content-Disposition: attachment; filename=""; creation-date="Fri, 29 Jun 2018 16:11:16 GMT"; modification-date="Fri, 29 Jun 2018 16:11:16 GMT"; size=305517 Link: <http://www.w3.org/ns/ldp#Resource>;rel="type" Link: <http://www.w3.org/ns/ldp#NonRDFSource>;rel="type" Link: <http://localhost:8080/rest/test_redirect_remote_file/fcr:acl>; rel="acl" Content-Location: http://localhost:8111/wonderful.jp2 Link: <http://localhost:8080/rest/test_redirect_remote_file/fcr:metadata>; rel="describedby" Link: <http://localhost:8080/static/constraints/NonRDFSourceConstraints.rdf>; rel="http://www.w3.org/ns/ldp#constrainedBy" Accept-External-Content-Handling: copy,redirect,proxy Allow: DELETE,HEAD,GET,PUT,OPTIONS Location: http://localhost:8111/wonderful.jp2 Content-Length: 305517 Server: Jetty(9.3.1.v20150714) HTTP/1.1 200 OK Date: Fri, 29 Jun 2018 16:12:59 GMT Server: Apache/2.4.29 (Unix) PHP/7.2.4 Last-Modified: Fri, 29 Jun 2018 16:09:29 GMT ETag: "4a96d-56fca128f2040" Accept-Ranges: bytes Content-Length: 305517 ...<BODY CONTENT>... |
Create the LDP-NR using external content
> curl -i -H"Link: <http://localhost:8111/wonderful.jp2>; rel=\"http://fedora.info/definitions/fcrepo#ExternalContent\"; handling=\"copy\"; type=\"image/jp2\"" -XPUT -ufedoraAdmin:fedoraAdmin http://localhost:8080/rest/test_copy_remote_file HTTP/1.1 201 Created Date: Fri, 29 Jun 2018 16:19:45 GMT Set-Cookie: JSESSIONID=1hmga57f6q5hh1td785dghsjfh;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 28-Jun-2018 16:19:45 GMT ETag: "d9cc4f3b266a19f0c225356a5caabb9080d680b4" Last-Modified: Fri, 29 Jun 2018 16:19:45 GMT Link: <http://localhost:8080/rest/test_copy_remote_file/fcr:metadata>; rel="describedby"; anchor="http://localhost:8080/rest/test_copy_remote_file" Link: <http://localhost:8080/static/constraints/NonRDFSourceConstraints.rdf>; rel="http://www.w3.org/ns/ldp#constrainedBy" Link: <http://localhost:8080/rest/test_copy_remote_file/fcr:acl>; rel="acl" Location: http://localhost:8080/rest/test_copy_remote_file Content-Type: text/plain Content-Length: 48 Server: Jetty(9.3.1.v20150714) http://localhost:8080/rest/test_copy_remote_file |
Results of a request
> curl -i http://localhost:8080/rest/test_copy_remote_file -ufedoraAdmin:fedoraAdmin HTTP/1.1 200 OK Date: Fri, 29 Jun 2018 16:39:56 GMT Set-Cookie: JSESSIONID=h0ywas10h63p1340ajakqp1vy;Path=/ Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 28-Jun-2018 16:39:56 GMT ETag: "d9cc4f3b266a19f0c225356a5caabb9080d680b4" Last-Modified: Fri, 29 Jun 2018 16:19:45 GMT Content-Type: image/jp2 Accept-Ranges: bytes Content-Disposition: attachment; filename=""; creation-date="Fri, 29 Jun 2018 16:19:45 GMT"; modification-date="Fri, 29 Jun 2018 16:19:45 GMT"; size=305517 Link: <http://www.w3.org/ns/ldp#Resource>;rel="type" Link: <http://www.w3.org/ns/ldp#NonRDFSource>;rel="type" Link: <http://localhost:8080/rest/test_copy_remote_file/fcr:acl>; rel="acl" Link: <http://localhost:8080/rest/test_copy_remote_file/fcr:metadata>; rel="describedby" Link: <http://localhost:8080/static/constraints/NonRDFSourceConstraints.rdf>; rel="http://www.w3.org/ns/ldp#constrainedBy" Accept-External-Content-Handling: copy,redirect,proxy Allow: DELETE,HEAD,GET,PUT,OPTIONS Cache-Control: no-transform, must-revalidate, max-age=0 Content-Length: 305517 Server: Jetty(9.3.1.v20150714) ...<BODY CONTENT>... |
In order to enable external content, administrators must provide a configuration file stating a set of allowed external paths from which Fedora may provide binary content. This list is provided to the application by using the fcrepo.external.content.allowed startup parameter as follows:
-Dfcrepo.external.content.allowed=/path/to/allow.txt |
By default, if this configuration is present at startup time Fedora will reload the configuration file any time it is modified.
Each line within the file defines a single path from which allowed resources will be allowed. The entries are subject to the following rules:
file:///allowed/path/ file:/another/allowed/path/ file:///exact/match/file.txt https://example.com/ http://example.com/ |
This example allows external content references to local files at any path within /allowed/path/ and /another/allowed/path/, as well as the specific file /exact/match/file.txt.
It also allows external content from any HTTP URIs within https://example.com/ and http://example.com/
For security reasons, it is recommended to configure the minimum set of trusted external content sources/protocols that meet your use cases. By allowing for external content, you are assuming the risks inherent to providing a proxy to open web or file system resources. These resources may change outside of the management by the repository with the potential to introduce vulnerabilities, provide access to unintended files, or place undesirable burdens of system resources. |