Hi Gary,
I'm working on something similar at moment, but for Cosign
(http://www.umich.edu/~umweb/software/cosign/).
I've looked at the code from several other people who have done this,
and in our case there is a Java implementation of the Cosign filter, so
we can use that in a custom authentication class.
Assuming there isn't a Java implementation of Unikey, a possible
solution could be:
- Create a custom authentication class for the stackable authentication
system
- In the loginPageURL method set the login URL to a URL that is
configured to be protected by Unikey:
e.g. return response.encodeRedirectURL(request.getContextPath()
+ "/webiso-login");
- Unikey then kicks in and authenticates the author
- Create another class that has a servlet-mapping (in web.xml) to
/webiso-login which then does the DSpace end of things (creates the user
if they don't exist, set them as the current user in the context etc),
and then redirect them back into DSpace via
Authenticate.resumeInterruptedRequest(request, response);
Hope that helps,
Stuart
Digital Services Programmer
Te Tumu Herenga The University of Auckland Library
Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
Ph: 64 9 373-7599 x88251
http://www.library.auckland.ac.nz/
-----Original Message-----
From: Gary Browne [mailto:g.bro...@library.usyd.edu.au]
Sent: Thursday, 26 March 2009 11:35 a.m.
To: DSpace-tech@lists.sourceforge.net
Subject: [Dspace-tech] Custom authentication
Hi all,
This question has been floating around for quite a while here, and I'm
not sure how to approach it.
We require certain collections to be locked down to only university
staff. There is a university wide centrally administered authentication
system (Unikey) which we normally use for such cases but I've never
tried it with DSpace. Correction - I HAVE tried it, but I think it's a
bit dodgy. The reason being, this Unikey system is deployed and
configured as an Apache (HTTP) module, and its configuration is based
solely on file system directories. So the only way I could see to effect
a forced logon at the collection level was to use the collection's
handle as the authentication "directory". But of course there's no
obvious mapping in Apache's mind between handle and file system
hierarchies.
Anyone have any ideas about alternative approaches to this sort of
thing?
Cheers
Gary
Gary Browne
Development Programmer
Library IT Services
University of Sydney
ph: 9351-5946
------------------------------------------------------------------------
------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
------------------------------------------------------------------------------
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
