DSpace 7 file download error during submission and workflow #8378
Comments
|
@pilasou : I'm not able to reproduce this issue on my local machine, running 7.3 (I tried both downloading from the submission page itself, as well as downloading as a reviewer in the "Editor" step -- both worked for me without any error). Have you tried testing this with the new 7.3 release? Maybe this has been fixed in 7.3? |
tdonohue
added
the
cannot reproduce
|
@tdonohue : Thanks, I have not tested it with 7.3, our environnements are on 7.2. However, I reproduced the error using DSpace Demo site (https://demo7.dspace.org/) this morning. I connect as a submiter, clic on Create Item, upload a file using drag and drop sections. Then, in the File section when I try to download the file I just uploaded, I obtain the following error: |
|
@atarix83 or @abollini : Could you check the Demo site backend for why this error is occurring? It appears to be the backend throwing a 401 inappropriately. I'm not able to reproduce this error on a localhost installation of DSpace 7.3. So, I'm trying to track down if this is an actual bug or if there's something wrong with the setup of the demo site. In any case, I'm hopeful this isn't impacting all DSpace 7.3 sites, as it's not happening for me. But, we do need to figure out the exact scenario that could be causing this issue. |
|
@tdonohue @abollini and @atarix83 We found something. the parameter "proxies.trusted.ipranges" in DSpace.cfg has as default value localhost and another param add the UI IP. If we add our own IP address in the proxies.trusted.ipranges, problem is solved. It's good for test environnement but does not seem quite right for production. Any idea on how to bypass this? |
tdonohue
added
high priority
and removed
cannot reproduce
|
This is reproducible on demo7.dspace.org and appears (based on the comments from @pilasou above) like it might be related to trusted proxies when a file is downloaded. It cannot be reproduced on localhost as, in that scenario, the localhost is already a trusted proxy. It seems like it's only reproducible on a public site (not on a localhost instance). Flagging as @abollini or @benbosman, if either of your teams are interested, please let me know! |
tdonohue
added
Estimate TBD
|
Hi, I can confirm that we are also experiencing this issue in our test instance (7.3, non-localhost, available via our VPN). Like Tim, I don't experience this issue in my local dev environment. |
|
After further testing actually, I'm also experiencing the 401 errors when downloading any bitstreams that are either embargoed (start-date on anonymous READ) or restricted (no READ policy), even when logged in as a full administrator. The setup I have is backend and front-end in separate VMs. The proxies.trusted.ipranges property has the IP of my front-end server and rest.cors.allowed-origins has the default value dspace.ui.url. org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Authentication is required (status:401 exception: Access is denied at: org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73)) |
|
After some more testing, I wanted to mention that I experience the 401 errors when trying to access embargoed content from the edit bitstream pages only. If I am logged in as an administrator and click to download the bitstreams from the item's view page that is fine. |
|
I've done some more testing here today & found out the root cause. The primary issue appears to be that access restricted files cannot be downloaded in a new browser tab. In other words, access restricted downloads will only work if the download triggers in the same browser tab that the UI is already running in. Currently, the download link that appears when you are editing a submission/workflow item attempts to open the download in a new tab by setting So, a "quick fix" / workaround is to remove The larger bug here impacts more than just this submission & workflow, and I now see it's also mentioned in #1743 regarding PDF download issues as well (which is caused by the same problem). While I'm going to leave this ticket open, I'm going to also open a new ticket that describes the root issue & link it up to all other tickets which are impacted by it. UPDATE: New ticket at DSpace/dspace-angular#1809 |
|
@tdonohue this is an issue that we are also experiencing when downloading restricted bitstreams in the same tab, e.g. https://demo7.dspace.org/entities/publication/6160810f-1e53-40db-81ef-f6621a727398/edit/bitstreams. I did add an embargo to "Mortality Salience in Personal Financial...pdf" and when you try to download also get the 401 error when performing the API call https://api7.dspace.org/server/api/core/bitstreams/0d41c751-6f41-4b1e-a0d1-fc366dd75f88/content |
tdonohue
added this to To Do
in DSpace 7.5 release (OLD - Migrated, see note above)
via automation
tdonohue
added
claimed: Atmire
Describe the bug
In DSpace 7, during worflow steps (editor or final editor), when trying to download a file, the system respond with an error (see below).
Error message:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Thu Jun 16 14:33:19 EDT 2022
There was an unexpected error (type=Unauthorized, status=401).
org.springframework.security.access.AccessDeniedException: Accès refusé at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:73) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attempt
[....]
This situation has been experienced both during a submission and during workflow.
To Reproduce
Expected behavior
When clicing on dowload icone, the file should display in browser or downloaded.
The text was updated successfully, but these errors were encountered: