Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

401 Unauthorized metadata-export-search request on search page requests #3333

Open
paulo-graca opened this issue Sep 19, 2024 · 1 comment
Open
Labels
bug help wanted Needs a volunteer to claim to move forward

Comments

@paulo-graca
Copy link
Contributor

Describe the bug

As an anonymous user, when navigating DSpace, on search pages (I've also found this in Apache Logs), I encounter some metadata-export-search requests that always return 401 Unauthorized codes. This isn't the problem, is expected to return that result. The problem is why the requests are made in the first place. Shouldn't we use some kind of feature request to validate the access?

image

To Reproduce

Steps to reproduce the behavior:

  1. I used demo.dspace.org to reproduce the issue (DSpace 8, but also affects DSpace 7.6.1)
  2. I first access to the first page
  3. Then, did a search (without any search keyword)
  4. List every request using Browser's DevTools and there was the 401 Unauthorized

Expected behavior

I was expecting that features requests could be used instead. Something like:

https://demo.dspace.org/server/api/authz/authorizations/search/object?uri=https://demo.dspace.org/server/api/...&feature=...&embed=feature
@paulo-graca paulo-graca added bug needs triage New issue needs triage and/or scheduling labels Sep 19, 2024
@github-project-automation github-project-automation bot moved this to 🆕 Triage in DSpace Backlog Sep 19, 2024
@tdonohue tdonohue added help wanted Needs a volunteer to claim to move forward and removed needs triage New issue needs triage and/or scheduling labels Sep 19, 2024
@tdonohue tdonohue moved this from 📋 To Do to 🏗 In Progress in DSpace 8.x and 7.6.x Maintenance Sep 19, 2024
@tdonohue tdonohue moved this from 🏗 In Progress to 📋 To Do in DSpace 8.x and 7.6.x Maintenance Sep 19, 2024
@alanorth
Copy link
Contributor

alanorth commented Oct 25, 2024

This is also the cause of the following message in the backend dspace.log:

2024-10-25 14:47:37,679 WARN  fd564310-3d47-4a8e-9b4a-4af6105b9175 f3c1cdd4-00db-4bb8-bac2-9cbb86602209 org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Authentication is required (status:401 exception: Access is denied at: org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73))

Considering that we log this message for every single request to the search page by a non-admin user, it seems that it actually belongs at the INFO or DEBUG log level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug help wanted Needs a volunteer to claim to move forward
Projects
Development

No branches or pull requests

3 participants