Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

401 Unauthorized metadata-export-search request on search page requests #3333

Open
paulo-graca opened this issue Sep 19, 2024 · 1 comment · May be fixed by #3693
Open

401 Unauthorized metadata-export-search request on search page requests #3333

paulo-graca opened this issue Sep 19, 2024 · 1 comment · May be fixed by #3693
Assignees
@alexandrevryghem
Labels
bug claimed: Atmire Atmire team is working on this issue & will contribute back component: Discovery related to discovery search or browse system

Comments

@paulo-graca
Copy link
Contributor

Describe the bug

As an anonymous user, when navigating DSpace, on search pages (I've also found this in Apache Logs), I encounter some metadata-export-search requests that always return 401 Unauthorized codes. This isn't the problem, is expected to return that result. The problem is why the requests are made in the first place. Shouldn't we use some kind of feature request to validate the access?

image

To Reproduce

Steps to reproduce the behavior:

  1. I used demo.dspace.org to reproduce the issue (DSpace 8, but also affects DSpace 7.6.1)
  2. I first access to the first page
  3. Then, did a search (without any search keyword)
  4. List every request using Browser's DevTools and there was the 401 Unauthorized

Expected behavior

I was expecting that features requests could be used instead. Something like:

https://demo.dspace.org/server/api/authz/authorizations/search/object?uri=https://demo.dspace.org/server/api/...&feature=...&embed=feature
@paulo-graca paulo-graca added bug needs triage New issue needs triage and/or scheduling labels Sep 19, 2024
@github-project-automation github-project-automation bot moved this to 🆕 Triage in DSpace Backlog Sep 19, 2024
@tdonohue tdonohue added help wanted Needs a volunteer to claim to move forward and removed needs triage New issue needs triage and/or scheduling labels Sep 19, 2024
@tdonohue tdonohue moved this from 📋 To Do to 🏗 In Progress in DSpace 8.x and 7.6.x Maintenance Sep 19, 2024
@tdonohue tdonohue moved this from 🏗 In Progress to 📋 To Do in DSpace 8.x and 7.6.x Maintenance Sep 19, 2024
@alanorth
Copy link
Contributor

alanorth commented Oct 25, 2024
edited
Loading

This is also the cause of the following message in the backend dspace.log:

2024-10-25 14:47:37,679 WARN  fd564310-3d47-4a8e-9b4a-4af6105b9175 f3c1cdd4-00db-4bb8-bac2-9cbb86602209 org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Authentication is required (status:401 exception: Access is denied at: org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73))

Considering that we log this message for every single request to the search page by a non-admin user, it seems that it actually belongs at the INFO or DEBUG log level.

@alexandrevryghem alexandrevryghem self-assigned this Nov 24, 2024
@alexandrevryghem alexandrevryghem added component: Discovery related to discovery search or browse system claimed: Atmire Atmire team is working on this issue & will contribute back and removed help wanted Needs a volunteer to claim to move forward labels Nov 24, 2024
@alexandrevryghem alexandrevryghem moved this from 📋 To Do to 🏗 In Progress in DSpace 8.x and 7.6.x Maintenance Nov 24, 2024
@alexandrevryghem alexandrevryghem linked a pull request Nov 25, 2024 that will close this issue
Open
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexandrevryghem alexandrevryghem

Labels
bug claimed: Atmire Atmire team is working on this issue & will contribute back component: Discovery related to discovery search or browse system
Projects
DSpace 8.x and 7.6.x Maintenance
Status: 🏗 In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Removed unauthorized metadata-export-search request on search page alexandrevryghem/dspace-angular
4 participants
@alanorth @tdonohue @paulo-graca @alexandrevryghem