diff --git a/docker/fedora/Dockerfile b/docker/fedora/Dockerfile
index 0ba564d12..6cc3093b8 100644
--- a/docker/fedora/Dockerfile
+++ b/docker/fedora/Dockerfile
@@ -17,6 +17,7 @@ COPY ./install.properties /opt/install.properties
COPY ./setup-and-start.sh /opt/setup-and-start.sh
COPY ./fedora.delegating-external.fcfg /opt/fedora.delegating-external.fcfg
COPY ./permit-all-s3-resolution.xml /opt/permit-all-s3-resolution.xml
+COPY ./deny-unallowed-file-resolution.xml /opt/deny-unallowed-file-resolution.xml
RUN curl -L https://github.com/fcrepo3/fcrepo/releases/download/v3.8.1/fcrepo-installer-3.8.1.jar -o /opt/fcrepo-installer.jar
diff --git a/docker/fedora/cul/fcrepo3-s3-server-0.1.jar b/docker/fedora/cul/fcrepo3-s3-server-0.2.jar
similarity index 66%
rename from docker/fedora/cul/fcrepo3-s3-server-0.1.jar
rename to docker/fedora/cul/fcrepo3-s3-server-0.2.jar
index 485276cbd..fd090c0ed 100644
Binary files a/docker/fedora/cul/fcrepo3-s3-server-0.1.jar and b/docker/fedora/cul/fcrepo3-s3-server-0.2.jar differ
diff --git a/docker/fedora/cul/s3-url-protocol-0.1.jar b/docker/fedora/cul/s3-url-protocol-0.1.jar
deleted file mode 100644
index 53ddd10f8..000000000
Binary files a/docker/fedora/cul/s3-url-protocol-0.1.jar and /dev/null differ
diff --git a/docker/fedora/cul/s3-url-protocol-0.2.jar b/docker/fedora/cul/s3-url-protocol-0.2.jar
new file mode 100644
index 000000000..2c5e61309
Binary files /dev/null and b/docker/fedora/cul/s3-url-protocol-0.2.jar differ
diff --git a/docker/fedora/deny-unallowed-file-resolution.xml b/docker/fedora/deny-unallowed-file-resolution.xml
new file mode 100644
index 000000000..5e2a574ef
--- /dev/null
+++ b/docker/fedora/deny-unallowed-file-resolution.xml
@@ -0,0 +1,42 @@
+
+
+ deny any file datastream resolution if not in FEDORA_HOME/demo/succeed
+
+
+
+
+
+
+
+ ^file:/.*$
+
+
+
+
+
+
+
+ urn:fedora:names:fedora:2.1:action:id-retrieveFile
+
+
+
+
+
+
+
+
+ ^file:/opt/fixtures/.*$
+ s
+
+
+
+
+
+
+
+
diff --git a/docker/fedora/permit-all-s3-resolution.xml b/docker/fedora/permit-all-s3-resolution.xml
index ac7d5d3ef..45539dcb0 100644
--- a/docker/fedora/permit-all-s3-resolution.xml
+++ b/docker/fedora/permit-all-s3-resolution.xml
@@ -9,7 +9,13 @@
-
+
+
+ ^s3://.*$
+
+
+
@@ -20,21 +26,14 @@
-
-
-
- ^s3://.*$
-
-
-
-
+
+
administrator
-
+
-
\ No newline at end of file
+
diff --git a/docker/fedora/setup-and-start.sh b/docker/fedora/setup-and-start.sh
index 7bde316de..eeadfd01b 100644
--- a/docker/fedora/setup-and-start.sh
+++ b/docker/fedora/setup-and-start.sh
@@ -5,27 +5,54 @@
if [ ! -f /opt/fedora/tomcat/bin/catalina.sh ]; then
java -jar /opt/fcrepo-installer.jar /opt/install.properties
echo 'Done running installer jar...'
-fi
-echo "Manually unpacking WAR to override libraries"
-mkdir -p /opt/fedora/webapp-tmp/fedora
-mv /opt/fedora/tomcat/webapps/fedora.war /opt/fedora/webapp-tmp/fedora/
-cd /opt/fedora/webapp-tmp/fedora
-jar -xvf fedora.war
-cd /opt
-mv /opt/fedora/webapp-tmp/fedora /opt/fedora/tomcat/webapps/
-
-rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
-rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpcore-4*.jar
-rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
-cp /opt/jars/apache-http/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
-rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/s3-url-protocol-*.jar
-cp /opt/jars/cul/s3-url-protocol-0.1.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
-cp /opt/jars/awssdk/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
-rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/fcrepo3-s3-server-*.jar
-cp /opt/jars/cul/fcrepo3-s3-server-0.1.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
-echo "Done overriding Fedora 3 libraries; setting new FCFG config"
-cp /opt/fedora.delegating-external.fcfg /opt/fedora/server/config/fedora.fcfg
-cp /opt/permit-all-s3-resolution.xml /opt/fedora/data/fedora-xacml-policies/repository-policies/default/permit-all-s3-resolution.xml
+ echo "Manually unpacking WAR to override libraries"
+ mkdir -p /opt/fedora/webapp-tmp/fedora
+ mv /opt/fedora/tomcat/webapps/fedora.war /opt/fedora/webapp-tmp/fedora/
+ cd /opt/fedora/webapp-tmp/fedora
+ jar -xvf fedora.war
+ cd /opt
+ mv /opt/fedora/webapp-tmp/fedora /opt/fedora/tomcat/webapps/
+
+ # # Temporarily switch Fedora port 8080 to 8081 so that the CI task process
+ # # monitoring Fedora startup doesn't think that Fedora is ready yet.
+ sed -i.bak 's/port="8080"/port="8081"/' /opt/fedora/tomcat/conf/server.xml
+
+ # # Start Fedora up for the first time (which sets up various files and directories)
+ /opt/fedora/tomcat/bin/catalina.sh start
+
+ # # Give Fedora some time to start up (and create various first-time startup files)
+ sleep 10
+
+ # Stop Fedora so that we can apply some overrides
+ /opt/fedora/tomcat/bin/catalina.sh stop
+
+ # Give Fedora some time to stop
+ sleep 10
+
+ # Revert server.xml change so that Fedora will run on port 8080 the next time we start it up.
+ rm /opt/fedora/tomcat/conf/server.xml
+ mv /opt/fedora/tomcat/conf/server.xml.bak /opt/fedora/tomcat/conf/server.xml
+
+ echo "Overriding Fedora 3 libraries"
+ rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
+ rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpcore-4*.jar
+ rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/httpclient-4*.jar
+ cp /opt/jars/apache-http/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
+ rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/s3-url-protocol-*.jar
+ cp /opt/jars/cul/s3-url-protocol-*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
+ cp /opt/jars/awssdk/*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
+ rm /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/fcrepo3-s3-server-*.jar
+ cp /opt/jars/cul/fcrepo3-s3-server-*.jar /opt/fedora/tomcat/webapps/fedora/WEB-INF/lib/
+ echo "Done overriding Fedora 3 libraries; setting new FCFG config"
+ cp /opt/fedora.delegating-external.fcfg /opt/fedora/server/config/fedora.fcfg
+
+ # NOTE: The /opt/fedora/data/fedora-xacml-policies/repository-policies/ directory and the default content
+ # inside of it doesn't exist immediately after Fedora installation. This content is created only after
+ # Fedora starts up for the first time.
+ cp /opt/permit-all-s3-resolution.xml /opt/fedora/data/fedora-xacml-policies/repository-policies/default/permit-all-s3-resolution.xml
+ cp /opt/deny-unallowed-file-resolution.xml /opt/fedora/data/fedora-xacml-policies/repository-policies/default/deny-unallowed-file-resolution.xml
+fi
+# Start Fedora in the foreground
/opt/fedora/tomcat/bin/catalina.sh run
diff --git a/docker/templates/docker-compose.test.yml b/docker/templates/docker-compose.test.yml
index be3e03fdb..91431c4e7 100644
--- a/docker/templates/docker-compose.test.yml
+++ b/docker/templates/docker-compose.test.yml
@@ -32,6 +32,9 @@ services:
- '9080:8080'
volumes:
- fedora-install-dir:/opt/fedora
+ - type: bind
+ source: ../spec/fixtures
+ target: /opt/fixtures
- type: bind
source: ./fedora/apache-http
target: /opt/jars/apache-http
diff --git a/lib/tasks/hyacinth/docker.rake b/lib/tasks/hyacinth/docker.rake
index 91e5c81bd..a8bf99d83 100644
--- a/lib/tasks/hyacinth/docker.rake
+++ b/lib/tasks/hyacinth/docker.rake
@@ -35,7 +35,7 @@ namespace :hyacinth do
expected_port = docker_compose_config['services']['fedora']['ports'][0].split(':')[0]
url_to_check = "http://localhost:#{expected_port}/fedora/describe"
puts "Waiting for Fedora to become available (at #{url_to_check})..."
- Timeout.timeout(20, Timeout::Error, 'Timed out during Fedora startup check.') do
+ Timeout.timeout(60, Timeout::Error, 'Timed out during Fedora startup check.') do
loop do
begin
sleep 0.25
diff --git a/spec/features/digital_object_editor_ui_spec.rb b/spec/features/digital_object_editor_ui_spec.rb
index 4285910bb..62c957cc5 100644
--- a/spec/features/digital_object_editor_ui_spec.rb
+++ b/spec/features/digital_object_editor_ui_spec.rb
@@ -1,7 +1,7 @@
require 'rails_helper'
describe "Digital Object Editor UI" do
-
+
before(:each) do
feature_spec_sign_in_admin_user
wait_for_ajax
@@ -9,6 +9,6 @@
it "can create a new Digital Object", :js => true do
expect(page).to have_content 'New Digital Object'
-
+
end
end
diff --git a/spec/integration/fedora_read_spec.rb b/spec/integration/fedora_read_spec.rb
new file mode 100644
index 000000000..ac243aaf3
--- /dev/null
+++ b/spec/integration/fedora_read_spec.rb
@@ -0,0 +1,40 @@
+require 'rails_helper'
+
+describe "Fedora content ds read tests" do
+ describe "creating an Asset and attempting to download the bytes directly from Fedora" do
+ let(:pid) { 'sample:123' }
+ let(:docker_mounted_fixture_file_location) { '/opt/fixtures/files/lincoln.jpg' }
+
+ it "works" do
+ generic_resource = GenericResource.new(pid: pid)
+ content_ds = generic_resource.create_datastream(
+ ActiveFedora::Datastream,
+ 'content',
+ controlGroup: 'E',
+ mimeType: BestType.mime_type.for_file_name(docker_mounted_fixture_file_location),
+ dsLabel: File.basename(docker_mounted_fixture_file_location),
+ versionable: true
+ )
+ content_ds.dsLocation = "file://#{docker_mounted_fixture_file_location}"
+ generic_resource.add_datastream(content_ds)
+
+ generic_resource.save
+
+ expect(generic_resource.datastreams['content'].dsLocation).to eq("file://#{docker_mounted_fixture_file_location}")
+ expect(generic_resource.datastreams['content'].content.length).to be_positive
+ end
+
+ # Uncomment this "test" when debugging Fedora errors:
+ # it "reads the fedora log to find out what went wrong", focus: true do
+ # puts 'reading fedora log now...'
+ # sleep 20
+ # puts `docker container list`
+ # fedora_container_id = `docker container list | grep fedora | awk '{print $1}'`.strip
+ # puts "fedora_container_id: #{fedora_container_id}"
+ # puts `docker exec #{fedora_container_id} ls -la /opt/fedora/server/logs/fedora.log`
+ # fedora_log_content = `docker exec #{fedora_container_id} cat /opt/fedora/server/logs/fedora.log`
+ # puts "fedora_log_content: #{fedora_log_content}"
+ # expect(fedora_log_content).to eq('')
+ # end
+ end
+end