You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 1, 2022. It is now read-only.
We've currently got TDS 4.6.11 deployed with a custom Authorizer plugin installed. In addition to the custom authoriser, we've got a server-side process that allows upload of NetCDF files and automatically modifies the TDS catalog to include the uploaded file. We've disabled catalog caching in the threddsConfig.xml, to ensure that changes made by our custom upload process are picked up automatically by the TDS.
Unfortunately, using this setup we're observing some unusual behaviour regarding the authorisation of restricted datasets.
Upon a new file being uploaded, we can observe the file being written to disk and the catalog XML file being updated accordingly (including a restrictAccess property on the dataset element). Accessing the catalog via the TDS web service also shows the updated catalog with the new dataset, as expected.
However, when attempting to access the newly uploaded dataset, we find that we are able to access it fully without authorization, even though the catalog confirms restrictAccess is applied. Looking at the logs, we've determined that our custom authoriser is being ignored in such cases (the authorize method is never called). This behaviour continues until the TDS is manually restarted, at which point authorization works as expected.
Our best guess is that this is likely due to the TDS' internal caching of catalogs. Is this a known issue, or are we perhaps mis-understanding something?
The text was updated successfully, but these errors were encountered:
@cofinoa please find our threddsConfig.xml following (I've stripped the comments for brevity and redacted the server info, but it's otherwise exactly what's on the server).
Unfortunately, the only way to fully add new catalogs in TDS 4.6.x is to restart the server. There is an experimental feature in 5.0 (called CatalogScan) which allows for catalogs to be added and removed without restarting, but my guess is it is not tested to work with restricted catalogs, so that may or may not be working at this point.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We've currently got TDS 4.6.11 deployed with a custom
Authorizer
plugin installed. In addition to the custom authoriser, we've got a server-side process that allows upload of NetCDF files and automatically modifies the TDS catalog to include the uploaded file. We've disabled catalog caching in thethreddsConfig.xml
, to ensure that changes made by our custom upload process are picked up automatically by the TDS.Unfortunately, using this setup we're observing some unusual behaviour regarding the authorisation of restricted datasets.
Upon a new file being uploaded, we can observe the file being written to disk and the catalog XML file being updated accordingly (including a
restrictAccess
property on thedataset
element). Accessing the catalog via the TDS web service also shows the updated catalog with the new dataset, as expected.However, when attempting to access the newly uploaded dataset, we find that we are able to access it fully without authorization, even though the catalog confirms
restrictAccess
is applied. Looking at the logs, we've determined that our custom authoriser is being ignored in such cases (theauthorize
method is never called). This behaviour continues until the TDS is manually restarted, at which point authorization works as expected.Our best guess is that this is likely due to the TDS' internal caching of catalogs. Is this a known issue, or are we perhaps mis-understanding something?
The text was updated successfully, but these errors were encountered: