On 21 Apr 2008, at 16:53, Michael White wrote:
> Hi,
>
> Unfortunately I've been sidetracked with other tasks, so only just
> coming back to look at my implicit authentication problems first
> raised
> a couple of weeks ago . . .
>
> Using DSpace v1.4.2. This DSpace is being used as a Learning Object
> repository and all the items in the repository are protected (only
> accessible to Stirling staff and students).
>
> Summary of main problem, when accessing a protected bitstream with the
> token required for implicit authentication in place (a cookie from our
> portal in this case), instead of being authenticated/authorised and
> routed to the requested bitstream, the user is authenticated but then
> routed to "Authorisation Required" page (even though they are now
> authenticated!) ....
[...]
> I've tried a couple of (fairly random) hacks in various places to try
> and get the request re-routed back to the original URL, but I've had
> no
> joy :-(.
>
> The academic that I've implemented this repository for is doing a demo
> to the University community on May 8th, so I'm obviously very keen to
> try and fix this before then! If there is anyone out there who may be
> able to help, it would be very much appreciated!!
It might be worthwhile, at least as a workaround, to change the code
to attempt an implicit auth at the beginning of the request rather
than waiting for it to fail at the end. Something like this:
In DSpaceServlet.processRequest(), after the lines:
// Obtain a context - either create one, or get the one
created by
// an authentication filter
context = UIUtil.obtainContext(request);
insert (copied from Authenticate.java):
if (AuthenticationManager.authenticateImplicit(context, null,
null,
null, request) == AuthenticationMethod.SUCCESS)
{
Authenticate.loggedIn(context, request,
context.getCurrentUser());
log.info(LogManager.getHeader(context, "login",
"type=implicit"));
}
Which should, if my thinking is correct, set up the implicitly
authenticated user in the context before any of the actual request is
processed.
I should stress that I have not tested this and so it may not work,
but it's a problem we're about to hit here because we're currently
implementing an auth filter for the university's SSO system. So I
almost certainly *will* be testing this before the week is out.
--
Simon Brown <[EMAIL PROTECTED]> - Cambridge University Computing Service
+44 1223 3 34714 - New Museums Site, Pembroke Street, Cambridge CB2 3QH
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
