You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@roller.apache.org by jonathan <je...@ryerson.ca> on 2008/09/17 21:23:36 UTC

secured paths and planet aggregations in Roller 4.0

I've been using security.xml to secure various blogs only allowing 
certain user types access:

<property name="objectDefinitionSource">
             <value>
                 PATTERN_TYPE_APACHE_ANT
		...
                  /<blogname>/**=register
                 ...
             </value>
etc...

However... This is causing big troubles when I attempt to create planet 
groups.  I get the following error when trying to add a feed 
(http://blogs.domain.com/roller/<blogname>/feed/entries/atom) to a 
custom aggregation group:


ERROR 2008-09-17 10:34:52,954 PlanetSubscriptions:save - Unexpected 
error saving subscription
Error fetching subscription - 
http://blogs.domain.com/roller/<blogname>/feed/entries/atom
--- ROOT CAUSE ---
com.sun.syndication.io.ParsingFeedException: Invalid XML: Error on line 
1: Content is not allowed in prolog.


If I remove the security configuration, the problem goes away.  Is there 
a way to do this and keep the security.xml paths secured?  I assume the 
application is getting denied access to the feed due to lack of credentials?

Any help greatly appreciated, as always.

jonathan.

Re: secured paths and planet aggregations in Roller 4.0

Posted by jonathan <je...@ryerson.ca>.

Dave wrote:
> On Thu, Sep 18, 2008 at 9:41 AM, jonathan <je...@ryerson.ca> wrote:
>> This was apparently not an issue using Roller 3.1.  Something is different
>> in the way this is handled in 4.0 (and 4.0.1)?
>>
>> jonathan wrote:
>>> I've been using security.xml to secure various blogs only allowing certain
>>> user types access:
>>>
>>> <property name="objectDefinitionSource">
>>>            <value>
>>>                PATTERN_TYPE_APACHE_ANT
>>>        ...
>>>                 /<blogname>/**=register
>>>                ...
>>>            </value>
>>> etc...
> 
> Hmm... we may have treated "local" (i.e. feeds on the local Roller
> server) feeds differently before 4.0, but I don't think so.
> 
> I thought that we did not use HTTP to fetch local feeds, instead we
> hit the database directly. I'd have to check the code to be sure --
> either way, file a bug so we can revisit this.
> 
> - Dave

It seems that the recent entries aggregation still works fine in 4.0 
(aggregating content from password-protected blogs without difficulty). 
  It's just the custom planet aggregations where I'm seeing this error 
message.

bug ROL-1748 logged.

Re: secured paths and planet aggregations in Roller 4.0

Posted by Dave <sn...@gmail.com>.

On Thu, Sep 18, 2008 at 9:41 AM, jonathan <je...@ryerson.ca> wrote:
> This was apparently not an issue using Roller 3.1.  Something is different
> in the way this is handled in 4.0 (and 4.0.1)?
>
> jonathan wrote:
>>
>> I've been using security.xml to secure various blogs only allowing certain
>> user types access:
>>
>> <property name="objectDefinitionSource">
>>            <value>
>>                PATTERN_TYPE_APACHE_ANT
>>        ...
>>                 /<blogname>/**=register
>>                ...
>>            </value>
>> etc...

Hmm... we may have treated "local" (i.e. feeds on the local Roller
server) feeds differently before 4.0, but I don't think so.

I thought that we did not use HTTP to fetch local feeds, instead we
hit the database directly. I'd have to check the code to be sure --
either way, file a bug so we can revisit this.

- Dave

Re: secured paths and planet aggregations in Roller 4.0

Posted by jonathan <je...@ryerson.ca>.

This was apparently not an issue using Roller 3.1.  Something is 
different in the way this is handled in 4.0 (and 4.0.1)?


jonathan wrote:
> I've been using security.xml to secure various blogs only allowing 
> certain user types access:
> 
> <property name="objectDefinitionSource">
>             <value>
>                 PATTERN_TYPE_APACHE_ANT
>         ...
>                  /<blogname>/**=register
>                 ...
>             </value>
> etc...
> 
> However... This is causing big troubles when I attempt to create planet 
> groups.  I get the following error when trying to add a feed 
> (http://blogs.domain.com/roller/<blogname>/feed/entries/atom) to a 
> custom aggregation group:
> 
> 
> ERROR 2008-09-17 10:34:52,954 PlanetSubscriptions:save - Unexpected 
> error saving subscription
> Error fetching subscription - 
> http://blogs.domain.com/roller/<blogname>/feed/entries/atom
> --- ROOT CAUSE ---
> com.sun.syndication.io.ParsingFeedException: Invalid XML: Error on line 
> 1: Content is not allowed in prolog.
> 
> 
> If I remove the security configuration, the problem goes away.  Is there 
> a way to do this and keep the security.xml paths secured?  I assume the 
> application is getting denied access to the feed due to lack of 
> credentials?
> 
> Any help greatly appreciated, as always.
> 
> jonathan.
>