We're Hiring!

Public access to a specified project/dataset in webclient?

Having a problem deploying OMERO? Please ask new questions at https://forum.image.sc/tags/omero
Please note:
Historical discussions about OMERO. Please look for and ask new questions at https://forum.image.sc/tags/omero

The OMERO.server installation documentation begins here and you can find OMERO.web deployment documentation here.

Public access to a specified project/dataset in webclient?

Postby Kouichi_C_Nakamura » Thu Mar 14, 2019 11:15 am

In our CHAMBER web site, currently access to webclient page, eg. http://chamber.mrc.ox.ac.uk/webclient/?show=dataset-51, requires log in.

We have set a user named Public Public for public access to iviewer. How can we configure the permission of OMERO, so that a user Public Public can access to specified projects/datasets without password?
Kouichi_C_Nakamura
 
Posts: 165
Joined: Thu Oct 19, 2017 1:35 pm

Re: Public access to a specified project/dataset in webclien

Postby bmicklem » Thu Mar 14, 2019 12:12 pm

Our filter is set as:

Code: Select all
omero.web.public.url_filter '^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))|iviewer|api)'

I believe it may be due to the Project (51 in this case) needing to be owned by the public user, not just in a public group. Is this a requirement?

Is ability to change ownerships via cli only?

I've tried to list users, as the first stage to changing ownership, as that needs the user's ID (which isn't even displayed in the administration view of OMERO.insight). I get the following error:

Code: Select all
bash-4.2$ bin/omero user list --sudo ben
Server: [localhost:4064]
Username: [omero-web]
Password for ben:
InternalException: Failed to connect: exception ::omero::AuthenticationException
{
    reason = Error creating session.
}


I'm using --sudo as I don't have the omero-web password. We are trying to set up LDAP at the moment, could that be causing this issue? When I tried with a username that is not an omero user (using the OS user by mistake!), I got an LDAP- related error

Code: Select all
"Internal error. Please contact your administrator:
Wrapped Exception: (org.springframework.ldap.PartialResultException):
Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''


I don't want to resolve the LDAP issue at this stage, but just letting you know that it another variable in the mix.
bmicklem
 
Posts: 13
Joined: Mon Jun 04, 2018 10:56 am

Re: Public access to a specified project/dataset in webclien

Postby jmoore » Fri Mar 15, 2019 3:41 pm

Kouichi_C_Nakamura wrote:How can we configure the permission of OMERO, so that a user Public Public can access to specified projects/datasets without password?


Once the public user is setup the only requirement should be that the projects and/or datasets are in a group where the public user is a member.

bmicklem wrote:Our filter is set as:
Code: Select all
omero.web.public.url_filter '^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))|iviewer|api)'



We generate the filter for IDR from https://github.com/IDR/deployment/blob/0f45c6f97da53751f9ed3166008327bad0b6addb/ansible/group_vars/omero-hosts.yml#L95

Code: Select all
omero.web.public.url_filter=^/(api/|webadmin/myphoto/|mapr/|iviewer/|webclient/(?!(action|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as)))


There are enough differences there that you might try it wholesale. I assume it will work, since `?show=` works on IDR. If you'd like to then pair it back down, we can help with that.

bmicklem wrote:I believe it may be due to the Project (51 in this case) needing to be owned by the public user, not just in a public group. Is this a requirement?


Definitely not. Ideally, the public user should not own any data.

bmicklem wrote:Is ability to change ownerships via cli only?


Yes.

bmicklem wrote:
InternalException: Failed to connect: exception ::omero::AuthenticationException
{
reason = Error creating session.
}[/code]

I'm using --sudo as I don't have the omero-web password. We are trying to set up LDAP at the moment, could that be causing this issue?


Yes. My guess would be that you would have the same error trying to login as `ben`. Is that true? Is `ben` an LDAP user? Is `omero-web`?

bmicklem wrote:When I tried with a username that is not an omero user (using the OS user by mistake!), I got an LDAP- related error

Code: Select all
"Internal error. Please contact your administrator:
Wrapped Exception: (org.springframework.ldap.PartialResultException):
Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''

I don't want to resolve the LDAP issue at this stage, but just letting you know that it another variable in the mix.


Understood. You can temporarily set an account to non-LDAP and use a password if that's useful.

~Josh.
User avatar
jmoore
Site Admin
 
Posts: 1591
Joined: Fri May 22, 2009 1:29 pm
Location: Germany


Return to Installation and Deployment

Who is online

Users browsing this forum: Google [Bot] and 1 guest