Hi Kristian, The part of the code to look at would probably be the 'special groups' functionality. See:
- http://scm.dspace.org/trac/dspace/browser/dspace/trunk/dspace-api/src/main/java/org/dspace/authenticate In each authentication method class there is a function called 'getSpecialGroups()'. You can use these to lookup attributes of a user (e.g. from LDAP or Shibboleth) to decide whether what groups they should be a member of. The nice thing about 'special groups' is that a user is only in that group for the session that they are logged in for. If in the future their attributes changes so that they are not now in that group, then this is updated as they won't be in that 'special group' any more. Thanks, Stuart Lewis IT Innovations Analyst and Developer Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 On 21/11/2010, at 1:26 AM, Kristian Salcedo wrote: > Hi Bram, > Thanks a lot for your swift and thorough answer. > This looks promising :) > regards, > Kristian > > On 19. nov. 2010, at 17.07, Bram Luyten <b...@mire.be> wrote: > >> Hi Kristian, >> >> section 2.7 and 2.8 cover authentication and authorization. >> http://www.dspace.org/1_6_2Documentation/ch02.html#N102B8 >> >> more detail: 5.2.11 on authentication >> http://www.dspace.org/1_6_2Documentation/ch05.html#N12A26 >> >> and 3.7 on authorization >> http://www.dspace.org/1_6_2Documentation/ch13.html#N17F3C >> >> In context of some of our projects it was definitely worth the time and the >> effort to leverage authorization information in other sources, to be >> "mapped" to authorizations in DSpace. >> For example, given that the structure of your DSpace corresponds with the >> hierarchy of your institution you can: >> >> when someone logs in for the first time: >> >> 1. The user logs in with his existing institution credentials (for example, >> the login that he/she uses for an email box or internal ERP system). This >> can be achieved by linking the authentication with your institutional LDAP >> or shibboleth. In this way, you avoid the necessity to (self) register new >> users. >> 2. Once authenticated, you make DSpace ping the staff directory for >> information, to determine to which department the person belongs >> 3. Once DSpace learns which department/unit someone belongs to, it can >> create a corresponding e-person object for the person who logs in, with >> submission & read rights, determined from the retrieved information from the >> staff directory. >> >> If you have a lot of users, it would really take you a long time to set >> authorizatin manually through the groups & policy webinterface in DSpace. >> But you can customize it this way, that it is highly automated, given that >> your repository structure matches the structure of your institution, and >> that there is some kind of API available. >> You can really do a lot of neat stuff. Let's say that you have a community >> for the computer science department, with collections for working papers, >> theses, ... these kind of methods can grant submission rights for all of the >> collections under a community to which someone belongs. >> >> good luck, >> >> Bram Luyten >> >> @mire - http://www.atmire.com >> >> Technologielaan 9 - 3001 Heverlee - Belgium >> 533 2nd Street - Encinitas, CA 92024 - USA >> >> http://www.togather.eu - Before getting together, get t...@ther >> >> >> On Fri, Nov 19, 2010 at 4:07 PM, Kristian Roberto Salcedo >> <k.r.salc...@ub.uio.no> wrote: >> Hi, >> >> Does anyone know if any work has been done >> on using external authorization systems for >> controlling user permissions in DSpace? >> >> Is it possible (or worth the time) to map external authorization >> information to the internal authorization mechanisms in >> DSpace for example...? >> >> I've been looking in the various list archives for some >> info on this, but I havent been able to find anything. >> >> regards, >> Kristian >> >> >> ------------------------------------------------------------------------------ >> Beautiful is writing same markup. Internet Explorer 9 supports >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> Spend less time writing and rewriting code and more time creating great >> experiences on the web. Be a part of the beta today >> http://p.sf.net/sfu/msIE9-sfdev2dev >> _______________________________________________ >> DSpace-tech mailing list >> DSpace-tech@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> > <ATT00001..txt><ATT00002..txt> ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
