Skip to end of metadata
Go to start of metadata
Fedora Repository 3 Documentation
Page not found

Prerequisites

FeSL Authentication (AuthN) and Authorisation (AuthZ) are separate components, and can be selected as separate installation options (see below). FeSL AuthN is the default Fedora authentication mechanism.

If you only wish to enable FeSL AuthN you do not need any of the prerequisites or configuration options for FeSL AuthZ.

FeSL Authentication (AuthN)

FeSL AuthN has no installation prerequisites by default.

FeSL Authorization (AuthZ) - policy index

FeSL XACML policies are stored as FESLPOLICY datastreams in Fedora Digital Objects. These policies are cached to a policy index to improve performance. FeSL provides a number of options for the implementation of this policy index.

By default, a memory-cached, file-backed policy index is used. This default configuration should be suitable where the number of policies is not large. No configuration is required for this option. Alternatively two XML database implementations are provided - eXist and Oracle Berkeley DB XML (DBXML)

Rebuild policy index after configuration changes

If you change the implementation of the policy index, you must run the Policy Index Rebuilder to build the policy index for the new implementation.

If you wish to use one of the XML database implementations for the policy index, it is recommended you first install Fedora using the default policy index, start the Fedora server and access it (eg at http://localhost:8080/fedora/objects) as this will ensure that the bootstrap FeSL policies have been loaded and the corresponding FeSL policy Digital Objects have been created. Then stop Fedora and implement the policy index of your choice, running the rebuilder after reconfiguration to build the policy index for the new implementation.

eXist

Installing eXist

FeSL has been tested with eXist 1.4.0-rev10440 which is available from http://exist.sourceforge.net/download.html.

Install exist using

java -jar exist-1.4.0-rev10440.jar -p /path/to/exist/home

where /path/to/exist/home is the desired location of your installation, and is referred to here as $EXIST_HOME

The following eXist libraries must be copied to Fedora's lib directory ($CATALINA_HOME/webapps/fedora/WEB-INF lib):

  • $EXIST_HOME/exist.lib
  • $EXIST_HOME/lib/core/ws-commons-util-1.0.2.jar
  • $EXIST_HOME/lib/core/xmlrpc-client-3.1.2.jar
  • $EXIST_HOME/lib/core/xmlrpc-common-3.1.2.jar

Starting eXist

FeSL is configured to use eXist in the stand-alone server configuration.

eXist should be started using either server.bat or server.sh in the $EXIST_HOME/bin folder.

Configuring FeSL AuthZ to use DB XML

Configuration files are located in $FEDORA_HOME/pdp/conf

  • config-policy-storage.xml: Change the value of the PolicyIndex element to org.fcrepo.server.security.xacml.pdp.data.ExistPolicyIndex (a commented-out version of this element is supplied, you may remove the comments around this, and comment out the existing PolicyIndex element.
  • config-exist: Additional configuration options are specified in this file, notably the username and password. These should be modified to match your eXist configuration. The defaults assume that no admin password has been set in eXist.

Oracle Berkeley DB XML

Installing Berkeley DB XML

FeSL has been tested with DBXML 2.5.13, which is available from http://www.oracle.com/technology/software/products/berkeley-db/xml/index.html. (Success has also been reported using version 2.5.15.) 32-bit Windows users can use the .msi installer, but other platforms will require a build from source, e.g.:

./buildall.sh --prefix=/usr/local/dbxml-2.5.13 --enable-java

After installing DBXML, the DBXML_HOME, LD_LIBRARY_PATH and DYLD_LIBRARY_PATH environment variables must be set, e.g.:

export DBXML_HOME=/usr/local/dbxml-2.5.13
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${DBXML_HOME}/lib
export DYLD_LIBRARY_PATH=${DBXML_HOME}/lib:$DYLD_LIBRARY_PATH

(DYLD_LIBRARY_PATH might only be necessary for OS X)

On Windows, the PATH and CLASSPATH environment variables need to be updated to reference DBXML - dbxmlvars.bat in the DBXML home directory should be run to do this.

Configuring FeSL AuthZ to use DB XML

Configuration files are located in $FEDORA_HOME/pdp/conf

  • config-policy-storage.xml: Change the value of the PolicyIndex element to org.fcrepo.server.security.xacml.pdp.data.DbXmlPolicyIndex (a commented-out version of this element is supplied, you may remove the comments around this, and comment out the existing PolicyIndex element.
  • config-dbxml: Additional configuration options are specified in this file - notably the location of the DB XML database, which by default is located in $FEDORA_HOME/pdp/database

Installation

FeSL is a custom option in the Fedora Installer. See the Installation and Configuration for a detailed description of general Fedora installation options. Set "Enable FeSL AuthN" to "true" to enable FeSL Authentication in your Fedora installation, and set "Enable FeSL AuthZ" to true to enable FeSL Authorization.

A number of "bootstrap" policies are provided as default in FEDORA_HOME/pdp/policies. FeSL policy objects will be created from these bootstrap policies when the server is accessed for the first time after Fedora is started for the first time. You should not use this location for your own policies - instead you should create Fedora objects with FESLPOLICY datastreams.

  • No labels