Sword Auth: use Dataverse 4 permission model #1070 #2495 #784

[pdurbin]

RFI Checklist

We are switching away from the old "admin only" permission checks we were forced to used in the DVN 3.x days when the permission system was less flexible. Now the rule is that if the permission system doesn't prevent you from performing an operation (create dataset, upload file, etc.) SWORD won't prevent you either.

Two SWORD operations had to be rewritten in this pull request to support Dataverse 4 permissions.

First, retrieval of the Service Document with permissionService.getDataversesUserHasPermissionOn has been changed to pay attention to a user's groups. It's very common for the ":authenticated-users" group to be given a role that should allow SWORD operations, for example. I'm a bit concerned about the performance impact of this change, especially with production data, which I haven't tested with. I'm putting #784 thought QA and I'd like to remind us that we the reason we lost support for groups in our performance-related fix for #2012. I basically iterated on that fix, bringing group support back in what I hope is a performant way.

Second, the "list datasets in a dataverse" operation (listCollectionContents) was rewritten to allow anyone with AddDataset permission to be able to execute the command to they can see if a dataverse has been published or not but the only datasets that are returned are those for which the user can issue UpdateDatasetCommand. In the root dataverse, for example, the user should only see their datasets. This is potentially a n expensive operation in a dataverse with many datasets, such as the root.

The other SWORD operations received no change to their business logic but Dataverse 4 style permission checks were added and the old "admin only" check was removed.

I updated the SWORD API Guide to explain the necessary permissions for each operation. You can see the diff at the top of 94f57b0

I also noted in the Shibboleth section of the Installation Guide that Shib groups are not supported via SWORD: 94f57b0.

1. Related Issues

• SWORD: More granular permission checks #1070 SWORD: More granular permission checks
• SWORD: not authorized when dataset is in root dataverse #2495 SWORD: not authorized when dataset is in root dataverse
• Go from (User, Permission) to a list of DvObjects #784 Go from (User, Permission) to a list of DvObjects
• [hold] Add UVA DV to list of possible hosts CenterForOpenScience/osf.io#5344 Add UVA DV to list of possible hosts

---

2. Pull Request Checklist

• Functionality completed as described in FRD (no FRD but see https://groups.google.com/d/msg/dataverse-community/G9TMVnhab5A/lUfuGwsmBgAJ with @shlake and [hold] Add UVA DV to list of possible hosts CenterForOpenScience/osf.io#5344 with @mfraezz for a very concrete use case)
• Dependencies, risks, assumptions in FRD addressed (no FRD. @posixeleni asked, "is this fix backwards compatible with OJS?" and it shoud be but I'd love to test with @axfelix)
• Unit tests completed (and API tests with REST Assured)
• Deployment requirements identified (e.g., SQL scripts, indexing)
• Documentation completed (See 94f57b0 for how SWORD permissions have now been documented)
• All code checkins completed

---

3. Review Checklist

After the pull request has been submitted, fill out this section.

• Code review completed or waived
• Testing requirements completed
• Usability testing completed or waived
• Support testing completed or waived
• Merged with develop branch and resolved conflicts

We are switching away from the old "admin only" permission checks we
were forced to used in the DVN 3.x days when the permission system was
less flexible. Now the rule is that if the permission system doesn't
prevent you from performing an operation (create dataset, upload file)
SWORD won't prevent you either.

Two SWORD operations had to be rewritten to support Dataverse 4
permissions.

First, retrieval of the Service Document with
permissionService.getDataversesUserHasPermissionOn has been changed to
pay attention to a user's groups. It's very common for the
":authenticated-users" group to be given a role that should allow SWORD
operations, for example.

Second, the "list datasets in a dataverse" operation
(listCollectionContents) was rewritten to allow anyone with AddDataset
permission to be able to execute the command to they can see if a
dataverse has been published or not but the only datasets that are
returned are those for which the user can issue UpdateDatasetCommand.
In the root dataverse, for example, the user should only see their
datasets.

[coveralls]

Coverage increased (+0.05%) to 5.188% when pulling 94f57b0 on 1070-sword-auth into 313317a on develop.

[pdurbin]

I just wanted to mention that @axfelix and I chatted a bit about OJS testing at http://irclog.iq.harvard.edu/dataverse/2016-05-24#i_35578

For OSF, conversation continues at CenterForOpenScience/osf.io#5344

[axfelix]

Got this in Apache logs from a stock OJS 2.4.8 instance hooked into dev1.dataverse.org when trying to deposit. Will drill down a little later unless you have any immediate ideas:

[Wed May 25 10:43:24 2016] [error] [client 69.172.147.189] PHP Fatal error: Uncaught exception 'Exception' with message 'Error parsing error document (String could not be parsed as XML)' in /var/www/xmldemo/lib/pkp/lib/swordappv2/swordappclient.php:666\nStack trace:\n#0 /var/www/xmldemo/lib/pkp/lib/swordappv2/swordappclient.php(147): SWORDAPPClient->depositAtomEntryByMethod('https://dev1.da...', 'd473ecf4-fccb-4...', '********', '', 'POST', '/tmp/dataverseP...', false)\n#1 /var/www/xmldemo/plugins/generic/dataverse/DataversePlugin.inc.php(1307): SWORDAPPClient->depositAtomEntry('https://dev1.da...', 'd473ecf4-fccb-4...', '********', '', '/tmp/dataverseP...')\n#2 /var/www/xmldemo/plugins/generic/dataverse/DataversePlugin.inc.php(1018): DataversePlugin->createStudy(Object(Article))\n#3 [internal function]: DataversePlugin->handleAuthorSubmission('Author::SubmitH...', Array)\n#4 /var/www/xmldemo/lib/pkp/classes/plugins/HookRegistry.inc.php(89): call_user_func(Array, 'Author::SubmitH...', Array)\n#5 /var/www/xmldemo/pages/author/SubmitHandler.inc.php(156): HookRegistry->call('Author::SubmitH... in /var/www/xmldemo/lib/pkp/lib/swordappv2/swordappclient.php on line 666, referer: http://lib-hf1.lib.sfu.ca/xmldemo/index.php/xmldemo/author/submit/5?articleId=3

[pdurbin]

@axfelix uh oh, line 666 even. I'm assuming you got a 500 response? I'll past below the stack trace I'm seeing (line numbers for 94f57b0). The ArrayIndexOutOfBoundsException is for retString = ezidService.createIdentifier(identifier, metadata) in DOIEZIdServiceBean which is a class I haven't touched and hasn't been touched since bebf135 (Dataverse 4.3) from what I can tell: https://github.com/IQSS/dataverse/commits/develop/src/main/java/edu/harvard/iq/dataverse/DOIEZIdServiceBean.java

Let me knock on some doors around here and see what may be going on. @axfelix meanwhile if you could repeat your test for https://demo.dataverse.org (which is running v. 4.3.1 build 94-be5b26e) I'd appreciate it. I'm also sort of wondering if it's a transient error since my test suite since just completed without error though it did seem to hang for many seconds when creating datasets. So if you could run your test against https://dev1.dataverse.org a second time I'm appreciate it. If you ping me at http://chat.dataverse.org I can be tailing the logs while you're running your tests.

[2016-05-25T13:15:26.112-0400] [glassfish 4.1] [WARNING] [jsf.externalcontext.no.mime.type.found] [javax.enterprise.resource.webcontainer.jsf.context] [tid: _ThreadID=54 _ThreadName=jk-connector(4)] [timeMillis: 1464196526112] [levelValue: 900] [[
  JSF1091: No mime type could be found for file bs/fonts/glyphicons-halflings-regular.eot?#iefix.  To resolve this, add a mime-type mapping to the applications web.xml.]]

[2016-05-25T13:15:26.116-0400] [glassfish 4.1] [WARNING] [jsf.externalcontext.no.mime.type.found] [javax.enterprise.resource.webcontainer.jsf.context] [tid: _ThreadID=54 _ThreadName=jk-connector(4)] [timeMillis: 1464196526116] [levelValue: 900] [[
  JSF1091: No mime type could be found for file bs/fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular.  To resolve this, add a mime-type mapping to the applications web.xml.]]

[2016-05-25T13:15:46.229-0400] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.authorization.providers.builtin.BuiltinUserPage] [tid: _ThreadID=52 _ThreadName=jk-connector(2)] [timeMillis: 1464196546229] [levelValue: 800] [[
  new paswword is not blank]]

[2016-05-25T13:15:46.232-0400] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean] [tid: _ThreadID=52 _ThreadName=jk-connector(2)] [timeMillis: 1464196546232] [levelValue: 800] [[
  no user found using axfelix@gmail.com]]

[2016-05-25T13:15:51.944-0400] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean] [tid: _ThreadID=53 _ThreadName=jk-connector(3)] [timeMillis: 1464196551944] [levelValue: 800] [[
  When looking up API token for edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser@2c caught javax.persistence.NoResultException: getSingleResult() did not retrieve any entities.]]

[2016-05-25T13:15:51.945-0400] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean] [tid: _ThreadID=53 _ThreadName=jk-connector(3)] [timeMillis: 1464196551945] [levelValue: 800] [[
  When looking up API token for edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser@2c caught javax.persistence.NoResultException: getSingleResult() did not retrieve any entities.]]

[2016-05-25T13:15:54.966-0400] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean] [tid: _ThreadID=51 _ThreadName=jk-connector(1)] [timeMillis: 1464196554966] [levelValue: 800] [[
  When looking up API token for edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser@2c caught javax.persistence.NoResultException: getSingleResult() did not retrieve any entities.]]

[2016-05-25T13:16:09.373-0400] [glassfish 4.1] [SEVERE] [] [edu.harvard.iq.dataverse.mydata.DataRetrieverAPI] [tid: _ThreadID=55 _ThreadName=jk-connector(5)] [timeMillis: 1464196569373] [levelValue: 1000] [[
  Sorry, nothing was found for these roles: Admin, File Downloader, Dataverse + Dataset Creator, Dataverse Creator, Dataset Creator, Contributor, Curator, Member]]

[2016-05-25T13:38:41.569-0400] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.api.datadeposit.UrlManager] [tid: _ThreadID=53 _ThreadName=jk-connector(3)] [timeMillis: 1464197921569] [levelValue: 800] [[
  Deprecated version used for Data Deposit API. The current version expects '/dvn/api/data-deposit/v1.1/swordv2'. URL passed in: https://dev1.dataverse.org/dvn/api/data-deposit/v1/swordv2/service-document]]

[2016-05-25T13:44:13.721-0400] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=52 _ThreadName=Thread-8] [timeMillis: 1464198253721] [levelValue: 800] [[
  Other Error on ezidService.login(USERNAME, PASSWORD) - not EZIDException]]

[2016-05-25T13:49:17.120-0400] [glassfish 4.1] [WARNING] [AS-EJB-00056] [javax.enterprise.ejb.container] [tid: _ThreadID=52 _ThreadName=jk-connector(2)] [timeMillis: 1464198557120] [levelValue: 900] [[
  A system exception occurred during an invocation on EJB DOIEZIdServiceBean, method: public java.lang.String edu.harvard.iq.dataverse.DOIEZIdServiceBean.createIdentifier(edu.harvard.iq.dataverse.Dataset)]]

[2016-05-25T13:49:17.121-0400] [glassfish 4.1] [WARNING] [] [javax.enterprise.ejb.container] [tid: _ThreadID=52 _ThreadName=jk-connector(2)] [timeMillis: 1464198557121] [levelValue: 900] [[

javax.ejb.TransactionRolledbackLocalException: Exception thrown from bean
    at com.sun.ejb.containers.EJBContainerTransactionManager.checkExceptionClientTx(EJBContainerTransactionManager.java:662)
    at com.sun.ejb.containers.EJBContainerTransactionManager.postInvokeTx(EJBContainerTransactionManager.java:507)
    at com.sun.ejb.containers.BaseContainer.postInvokeTx(BaseContainer.java:4566)
    at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2074)
    at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2044)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:220)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
    at com.sun.proxy.$Proxy259.createIdentifier(Unknown Source)
    at edu.harvard.iq.dataverse.__EJB31_Generated__DOIEZIdServiceBean__Intf____Bean__.createIdentifier(Unknown Source)
    at edu.harvard.iq.dataverse.engine.command.impl.CreateDatasetCommand.execute(CreateDatasetCommand.java:147)
    at edu.harvard.iq.dataverse.engine.command.impl.CreateDatasetCommand.execute(CreateDatasetCommand.java:39)
    at edu.harvard.iq.dataverse.EjbDataverseEngine.submit(EjbDataverseEngine.java:184)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1081)
    at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1153)
    at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4786)
    at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:656)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:608)
    at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:46)
    at org.jboss.weld.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
    at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:883)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:608)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
    at sun.reflect.GeneratedMethodAccessor95.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:883)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
    at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:369)
    at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4758)
    at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4746)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
    at com.sun.proxy.$Proxy254.submit(Unknown Source)
    at edu.harvard.iq.dataverse.__EJB31_Generated__EjbDataverseEngine__Intf____Bean__.submit(Unknown Source)
    at edu.harvard.iq.dataverse.api.datadeposit.CollectionDepositManagerImpl.createNew(CollectionDepositManagerImpl.java:128)
    at org.swordapp.server.CollectionAPI.post(CollectionAPI.java:165)
    at edu.harvard.iq.dataverse.api.datadeposit.SWORDv2CollectionServlet.doPost(SWORDv2CollectionServlet.java:45)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:344)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
    at org.glassfish.tyrus.servlet.TyrusServletFilter.doFilter(TyrusServletFilter.java:295)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
    at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:205)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
    at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
    at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:415)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167)
    at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201)
    at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175)
    at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
    at edu.ucsb.nceas.ezid.EZIDService.parseIdentifierResponse(EZIDService.java:422)
    at edu.ucsb.nceas.ezid.EZIDService.createIdentifier(EZIDService.java:224)
    at edu.harvard.iq.dataverse.DOIEZIdServiceBean.createIdentifier(DOIEZIdServiceBean.java:67)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1081)
    at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1153)
    at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4786)
    at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:656)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:608)
    at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:46)
    at org.jboss.weld.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
    at sun.reflect.GeneratedMethodAccessor94.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:883)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
    at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:608)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
    at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
    at sun.reflect.GeneratedMethodAccessor95.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:883)
    at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
    at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:369)
    at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4758)
    at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4746)
    at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
    ... 79 more
]]

[2016-05-25T13:49:17.170-0400] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.api.datadeposit.CollectionDepositManagerImpl] [tid: _ThreadID=52 _ThreadName=jk-connector(2)] [timeMillis: 1464198557170] [levelValue: 800] [[
  Command [DatasetCreate dataset:null] failed: null]]

[axfelix]

Indeed, I couldn't duplicate!

https://dev1.dataverse.org/dataset.xhtml?persistentId=doi:10.5072/FK2/UZAIBX&version=DRAFT

Worked fine the second time (with an .md file rather than .py, if it matters, though I'd expect not).

[pdurbin]

@axfelix thanks for re-testing. At https://ezidstatus.wordpress.com/feed/ I'm seeing the following...

• Technical difficulties May 25, 2016 at 1:27 PM EZID is having some technical difficulties. We’re investigating the problem now.
• EZID back up May 25, 2016 at 1:32 PM EZID is back up. Honestly, we’re not sure what the problem was. A machine reboot and the problem vanished. We’ll continue to investigate, though.

... so I'm guessing that's why you got that error. That feed and https://ezidstatus.wordpress.com are linked to from http://ezid.cdlib.org/home/documentation (thank you @sekmiller for the pro tip).

[coveralls]

Coverage increased (+0.05%) to 5.182% when pulling b0adedd on 1070-sword-auth into 2935cde on develop.

[coveralls]

Coverage increased (+0.05%) to 5.184% when pulling 96d9ac4 on 1070-sword-auth into 47b04ed on develop.

[pdurbin]

@scolapasta talked about the code as of 96d9ac4 and decided:

• remove fixForIssue1070Enabled boolean (this was to ease code review) - 453d7b1
• whenever possible, only instantiate commands once - 556b309
• consider making use of ListDataverseContentCommand after adding "datasetsOnly" boolean or non-boolean equivalent - 658d381

[coveralls]

Coverage increased (+0.05%) to 5.183% when pulling 556b309 on 1070-sword-auth into dcea42d on develop.

[pdurbin]

@scolapasta I'm passing this back to you because I made the two changes you definitely wanted and played around with the third that we talked about.

Changed in this pull request:

• whenever possible, only instantiate commands once - 556b309
• remove fixForIssue1070Enabled boolean - 453d7b1 (as predicted the diff at is https://github.com/IQSS/dataverse/pull/3137/files now much larger and harder to code review)

Played around with this in a new branch (not in this pull request):

• attempt to use ListDataverseContentCommand - 658d381 (I don't like how this command returns DvObjects which I have to cast to Dataset.)

[coveralls]

Coverage increased (+0.05%) to 5.187% when pulling 453d7b1 on 1070-sword-auth into dcea42d on develop.

[pdurbin]

@kcondon has been testing this pull request and noticed that groups within groups are not honored by the SWORD Service Document. This is a known issue with MyData as well (#3056) so we agreed to list this as a known issue with SWORD, which I did in af47f90.

While I was on this branch I went ahead and merged the latest from develop (bd50ab7) but then the app no longer compiled! I fixed this (got the app compiling again) in aa2d7ce. This was just in a test class (UtilIT.java) so no big deal.

[coveralls]

Coverage increased (+0.05%) to 5.711% when pulling af47f90 on 1070-sword-auth into 52170ba on develop.

[kcondon]

@scolapasta @pdurbin Ready for merge.