Changes for Fedora 5 (#3)

README.md

@@ -44,6 +44,19 @@ Where the configurations are stored
 fcrepo_config_dir: "{{ fcrepo_home_dir }}/configs"
 ```
 
+Path to put Fedora data directory
+```
+fcrepo_data_dir: "{{ fcrepo_home_dir }}/fcrepo4-data"
+```
+
+Islandora uses the HeaderProvider to pass the users roles into Fedora. To use this you will need to set the below variable.
+
+Header name to acquire roles from
+```
+fcrepo_auth_header_name:
+```
+
+
 ## Dependencies
 
 * islandora.tomcat8
@@ -71,4 +84,4 @@ tomcat8_java_opts:
 
 ## License
 
-MIT
+MIT

defaults/main.yml

@@ -5,3 +5,4 @@ fcrepo_war_path: "{{ tomcat8_home }}/webapps/fcrepo.war"
 fcrepo_home_dir: /opt/fcrepo
 fcrepo_activemq_template: activemq.xml.j2
 fcrepo_config_dir: "{{ fcrepo_home_dir }}/configs"
+fcrepo_auth_header_name:

tasks/config.yml

@@ -7,6 +7,7 @@
   with_items:
     - claw.cnd
     - repository.json
+    - fcrepo-config.xml
   notify: restart tomcat8
 
 - name: Copy fedora activemq configuration

tasks/install.yml

@@ -1,9 +1,22 @@
-- name: Download fcrepo war
+- name: Parse Fcrepo version to pure semantic
+  set_fact:
+    fcrepo_parsed_version: "{{ fcrepo_version | regex_replace('^([0-9]+)\\.([0-9]+)\\.([0-9]+)', '\\1.\\2.\\3') }}"
+
+- name: Download fcrepo war (pre 5.0.0)
   get_url:
     url: https://github.com/fcrepo4-exts/fcrepo-webapp-plus/releases/download/fcrepo-webapp-plus-{{ fcrepo_version }}/fcrepo-webapp-plus-{{ fcrepo_version }}.war
     dest: "{{ fcrepo_war_path }}"
     owner: "{{ fcrepo_user }}"
     group: "{{ fcrepo_user }}"
+  when: fcrepo_parsed_version is version_compare("5.0.0", "<")
+
+- name: Download fcrepo war (post 5.0.0)
+  get_url:
+    url: https://github.com/fcrepo4/fcrepo4/releases/download/fcrepo-{{ fcrepo_version }}/fcrepo-webapp-{{ fcrepo_version }}.war
+    dest: "{{ fcrepo_war_path }}"
+    owner: "{{ fcrepo_user }}"
+    group: "{{ fcrepo_user }}"
+  when: fcrepo_parsed_version is version_compare("5.0.0", ">=")
 
 - name: Create fcrepo data directory
   file:

templates/fcrepo-config.xml

@@ -0,0 +1,258 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:context="http://www.springframework.org/schema/context"
+    xmlns:task="http://www.springframework.org/schema/task"
+    xmlns:p="http://www.springframework.org/schema/p"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+    http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
+    http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
+
+    <!-- Master context for fcrepo4. -->
+
+    <!-- Context that supports the actual ModeShape JCR itself -->
+    <context:property-placeholder/>
+    <context:annotation-config/>
+    <context:component-scan base-package="org.fcrepo"/>
+
+
+        <!-- **********************************
+                        MODESHAPE configuration
+                 ********************************** -->
+
+    <!-- Authentication Not Enabled -->
+    <!--
+    <bean name="modeshapeRepofactory"
+        class="org.fcrepo.kernel.modeshape.spring.ModeShapeRepositoryFactoryBean"
+        p:repositoryConfiguration="${fcrepo.modeshape.configuration}" />
+    -->
+    <!-- To use Authentication:
+      1. Comment out the above bean definition.
+      2. Uncomment this bean definition.
+      3. Uncomment one of the provider definitions (WebAC)
+      4. Uncomment the "authenticationProvider" bean definition below.
+    -->
+
+    <bean name="modeshapeRepofactory"
+        class="org.fcrepo.kernel.modeshape.spring.ModeShapeRepositoryFactoryBean"
+        p:repositoryConfiguration="file://{{ fcrepo_config_dir }}/repository.json"
+        depends-on="authenticationProvider"/>
+
+    <bean name="authenticationProvider" class="org.fcrepo.auth.common.ShiroAuthenticationProvider"/>
+
+
+
+    <!-- **************************
+              Authentication
+         ************************** -->
+
+    <!-- Optional PrincipalProvider filter that will inspect the request header, "some-header", for user role values -->
+    <bean name="headerProvider" class="org.fcrepo.auth.common.HttpHeaderPrincipalProvider">
+        <property name="headerName" value="{{ fcrepo_auth_header_name }}"/>
+        <property name="separator" value=","/>
+    </bean>
+
+    <!-- Optional PrincipalProvider filter that will use container configured roles as principals -->
+    <!--
+    <bean name="containerRolesProvider" class="org.fcrepo.auth.common.ContainerRolesPrincipalProvider">
+      <property name="roleNames">
+        <util:set set-class="java.util.HashSet">
+          <value>tomcat-role-1</value>
+          <value>tomcat-role-2</value>
+        </util:set>
+      </property>
+    </bean>
+    -->
+
+    <!-- delegatedPrincipleProvider filter allows a single user to be passed in the header "On-Behalf-Of",
+           this is to be used as the actor making the request when authenticating.
+           NOTE: On users with the role fedoraAdmin can delegate to another user.
+           NOTE: Only supported in WebAC authentication -->
+    <bean name="delegatedPrincipalProvider" class="org.fcrepo.auth.common.DelegateHeaderPrincipalProvider"/>
+
+    <bean name="accessRolesProvider" class="org.fcrepo.auth.webac.WebACRolesProvider"/>
+
+    <!-- Shiro Auth Confiuration -->
+    <!-- Define the Shiro Realm implementation you want to use to connect to your back-end -->
+    <!-- WebAC Authorization Realm -->
+    <bean id="webACAuthorizingRealm" class="org.fcrepo.auth.webac.WebACAuthorizingRealm" />
+
+    <!-- Servlet Container Authentication Realm -->
+    <bean id="servletContainerAuthenticatingRealm" class="org.fcrepo.auth.common.ServletContainerAuthenticatingRealm" />
+
+    <!-- Security Manager  -->
+    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
+      <property name="realms">
+        <util:set set-class="java.util.HashSet">
+          <ref bean="webACAuthorizingRealm"/>
+          <ref bean="servletContainerAuthenticatingRealm"/>
+        </util:set>
+      </property>
+      <!-- By default the servlet container sessions will be used.  Uncomment this line
+          to use shiro's native sessions (see the JavaDoc for more): -->
+      <!-- <property name="sessionMode" value="native"/> -->
+    </bean>
+
+    <!-- Post processor that automatically invokes init() and destroy() methods -->
+    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
+
+    <!-- Authentication Filter -->
+    <bean id="servletContainerAuthFilter" class="org.fcrepo.auth.common.ServletContainerAuthFilter"/>
+
+    <!-- Authorization Filter -->
+    <bean id="webACFilter" class="org.fcrepo.auth.webac.WebACFilter"/>
+
+    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
+      <property name="securityManager" ref="securityManager"/>
+      <property name="filterChainDefinitions">
+        <value>
+          <!-- The Auth filter should come first, followed by 0 or more of the principal provider filters, -->
+          <!-- and finally the webACFilter -->
+          /** = servletContainerAuthFilter,headerProvider,delegatedPrincipalProvider,webACFilter
+        </value>
+      </property>
+    </bean>
+
+    <!-- **************************
+            END Authentication
+         ************************** -->
+
+
+    <!-- **************************
+                 AUDIT
+         publish audit events to JMS
+         ************************** -->
+    <!--
+    <bean class="org.fcrepo.audit.InternalAuditor"/>
+    -->
+
+    <!-- **************************
+              PID Minter
+         ************************** -->
+    <!-- Mint hierarchical identifiers with args to control length and count
+          of the pairtree. A length or count of ZERO will return a 
+          non-hierarchical identifier.
+    <bean class="org.fcrepo.kernel.api.services.functions.ConfigurableHierarchicalSupplier"
+        c:desiredLength="${fcrepo.uuid.path.length:2}"
+        c:desiredCount="${fcrepo.uuid.path.count:4}"/>
+    -->
+
+    <!-- Mints Pids with no additional hierarchy.
+          Choose this if you use the AppleTreeConverter
+          in the translation chain below. -->
+    <!--
+    <bean class="org.fcrepo.mint.UUIDPidMinter" />
+    -->
+
+    <!-- Mints PIDs using external REST service
+    <bean class="org.fcrepo.mint.HttpPidMinter"
+        c:url="http://localhost/my/minter" c:method="POST"
+        c:username="${fcrepo.minter.username:minterUser}"
+        c:password="${fcrepo.minter.password:minterPass}"
+        c:regex="" c:xpath="/response/ids/value"/>
+    -->
+
+
+    <!-- Identifier translation chain -->
+    <util:list id="translationChain" value-type="org.fcrepo.kernel.api.identifiers.InternalIdentifierConverter">
+      <!-- Use AppleTreeConverter to hide Fedora's Pairtree hierarchy from public view
+          https://gitlab.amherst.edu/acdc/acrepo-apple-trees.
+          NOTE: It is recommended to use the UUIDPidMinter above with this converter.
+      -->
+      <!--
+        <bean class="edu.amherst.acdc.orchard.AppleTreeConverter"/>
+      -->
+        <bean class="org.fcrepo.kernel.modeshape.identifiers.HashConverter"/>
+        <bean class="org.fcrepo.kernel.modeshape.identifiers.NamespaceConverter"/>
+    </util:list>
+
+
+    <!-- *************************************
+               JMS/Eventing Configuration
+         ************************************* -->
+
+    <!-- publishes events from the internal bus to a JMS Topic or Queue.
+         "constructor-arg" for both is topic/queue name. -->
+
+    <!-- JMS Topic -->
+    <!-- IMPORTANT: While the JMS Topic is adequate for demonstrating Fedora's JMS message system,
+                    for production use it is recommended to either use the JMS Queue instead,
+                    or to disable JMS messaging entirely if you are not using any services that
+                    require it (e.g., indexers, fixity checking, auditing, etc.) -->
+    <bean class="org.fcrepo.jms.JMSTopicPublisher">
+      <constructor-arg value="fedora"/>
+    </bean>
+
+    <!-- JMS Queue -->
+    <!-- The JMS Queue is the RECOMMENDED messaging configuration for production deployments.
+         Unlike the topic, the queue will retain messages until they are consumed. To use the
+         queue, comment out the topic bean above and uncomment the queue bean below. -->
+    <!--
+    <bean class="org.fcrepo.jms.JMSQueuePublisher">
+      <constructor-arg value="fedora"/>
+    </bean>
+    -->
+
+    <!-- ActiveMQ connection -->  
+    <bean id="connectionFactory"
+        class="org.apache.activemq.ActiveMQConnectionFactory" depends-on="jmsBroker"
+        p:brokerURL="vm://${fcrepo.jms.host:localhost}:${fcrepo.dynamic.jms.port:61616}?create=false"/>
+
+    <!-- JMS Broker configuration -->
+    <bean name="jmsBroker" class="org.apache.activemq.xbean.BrokerFactoryBean"
+      p:config="${fcrepo.activemq.configuration:classpath:/config/activemq.xml}" p:start="true"/>
+
+
+    <!-- translates events into JMS header-only format-->
+    <bean class="org.fcrepo.jms.DefaultMessageFactory"/>
+
+    <!-- listener that moves JCR Events to the Fedora internal event bus -->
+    <bean class="org.fcrepo.kernel.modeshape.observer.SimpleObserver"/>
+
+    <!-- used by bean above to filter which events get put on the bus -->
+    <bean name="fedoraEventFilter" class="org.fcrepo.kernel.modeshape.observer.DefaultFilter"/>
+
+    <!-- used by observer bean to map JCR events into Fedora events -->
+    <bean name="fedoraEventMapper" class="org.fcrepo.kernel.modeshape.observer.eventmappings.AllNodeEventsOneEvent"/>
+
+    <!-- Fedora's lightweight internal event bus. Currently memory-resident.-->
+    <bean name="fedoraInternalEventBus" class="com.google.common.eventbus.EventBus"/>
+
+    <!-- Configuration of namespace prefixes -->
+    <bean name="rdfNamespaceRegistry" class="org.fcrepo.kernel.api.rdf.RdfNamespaceRegistry"
+        init-method="init" destroy-method="shutdown">
+      <property name="configPath" value="${fcrepo.namespace.registry:classpath:/namespaces.yml}" />
+      <property name="monitorForChanges" value="true" />
+    </bean>
+
+    <!-- External content configuration -->
+    <bean name="externalContentPathValidator" class="org.fcrepo.http.api.ExternalContentPathValidator"
+        init-method="init" destroy-method="shutdown">
+        <property name="configPath" value="${fcrepo.external.content.allowed:#{null}}" />
+        <property name="monitorForChanges" value="true" />
+    </bean>
+
+    <bean name="externalContentHandlerFactory" class="org.fcrepo.http.api.ExternalContentHandlerFactory">
+        <property name="validator" ref="externalContentPathValidator" />
+    </bean>
+
+    <!-- ***********************************
+            Internal system configuration
+         *********************************** -->
+    <task:scheduler id="taskScheduler" />
+    <task:executor id="taskExecutor" pool-size="1" />
+    <task:annotation-driven executor="taskExecutor" scheduler="taskScheduler" />
+
+
+    <!-- Start the Modeshape JCR -->
+    <bean class="org.modeshape.jcr.ModeShapeEngine" init-method="start"/>
+
+    <bean id="connectionManager" class="org.apache.http.impl.conn.PoolingHttpClientConnectionManager" />
+
+    <!-- Generates HTTP Sessions -->
+    <bean class="org.fcrepo.http.commons.session.SessionFactory"/>
+
+</beans>