Authentication error with external login in JSPUI
-------------------------------------------------
Key: DS-1064
URL: https://jira.duraspace.org/browse/DS-1064
Project: DSpace
Issue Type: Bug
Components: JSPUI
Reporter: Kevin Van de Velde
Assignee: Kevin Van de Velde
Priority: Major
Attachments: authentication_error.patch
To reproduce this bug do the following:
* The repository has to have a login mechanism that requires users to login on
a different web site then where the DSpace is located.
* A non logged in user clicks on a bitstream url (to which only certain users
have access) & is sent to the login mechanism.
* The login is completed successfully so the user is sent back to the bitstream
url (he is logged in as a proper user so should have access).
* The user will see an authorize exception
* When the user refreshes the page the bitstream will be accessible.
Now why does to happen ?
The first time the user attempt to retrieve the file an authorize exception is
thrown which is caught in the DSpaceServlet.java & the startAuthentication
method will be called upon.
If the first "if" fails (due to for example bad arguments) the user will be
redirected to the authentication website.
When the authentication website is done the user is sent back to the bitstream
page which results in another authorize exception (since even though he might
have the proper argument no login has occurred).
In this case the exception will again be caught by the DSpaceServlet.java & the
startAuthentication will be called again, only this time it is successfull
resulting in the method returning true & so the DSpaceServlet.java sends us to
an "not authenticated" page. (Even though we are authenticated & might have
access)
I am not 100% sure this is a bug (or even if it is if my fix is the correct
one), but I have attached a patch that will solve the issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
