This repository has been archived by the owner on Sep 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 180
Authorisation ignored when using dynamic datasets #1166
Comments
Could you show what is in the |
@cofinoa please find our
|
Unfortunately, the only way to fully add new catalogs in TDS 4.6.x is to restart the server. There is an experimental feature in 5.0 (called |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We've currently got TDS 4.6.11 deployed with a custom
Authorizer
plugin installed. In addition to the custom authoriser, we've got a server-side process that allows upload of NetCDF files and automatically modifies the TDS catalog to include the uploaded file. We've disabled catalog caching in thethreddsConfig.xml
, to ensure that changes made by our custom upload process are picked up automatically by the TDS.Unfortunately, using this setup we're observing some unusual behaviour regarding the authorisation of restricted datasets.
Upon a new file being uploaded, we can observe the file being written to disk and the catalog XML file being updated accordingly (including a
restrictAccess
property on thedataset
element). Accessing the catalog via the TDS web service also shows the updated catalog with the new dataset, as expected.However, when attempting to access the newly uploaded dataset, we find that we are able to access it fully without authorization, even though the catalog confirms
restrictAccess
is applied. Looking at the logs, we've determined that our custom authoriser is being ignored in such cases (theauthorize
method is never called). This behaviour continues until the TDS is manually restarted, at which point authorization works as expected.Our best guess is that this is likely due to the TDS' internal caching of catalogs. Is this a known issue, or are we perhaps mis-understanding something?
The text was updated successfully, but these errors were encountered: