If Fedora returns a 401 and the browser did not send a WWW-Authenticate
header, the user should be prompted to log in by the browser (if you're
using BASIC). If you're using another authN strategy, then the filters
probably need to be able to evaluate the necessity of authentication for
the request, which they might be able to do after the fact (ie, you'd need
to intercept 401s, inspect the request for a user session, and send a 302
to your authN service if absent).
On Thu, Mar 14, 2013 at 3:47 PM, Rich d'Rich <[email protected]> wrote:
> I also found this and never discovered a good workround.
>
> It would be nice if Fedora would ask for credentials and retry rather than
> issuing a 401, but I couldn't see a way to make Spring Security (on which
> it's built) do that?
>
> My solution was to have the front-end UI authenticate with "anon" for anon
> users and a username otherwise.
>
> On 15 March 2013 02:42, Grotevant, Paul F <[email protected]> wrote:
>
>> Good morning,
>>
>> We are exploring the use of XACML policies to require authentication on
>> the disseminations of particular datastreams, to fulfill a project
>> requirement that some kinds of content will require that the viewer be
>> authenticated via our campus LDAP directory.
>>
>> To get started, I have created some sample XACML policies that
>> successfully enforce the requirement of a particular "fedoraRole" in order
>> to view a data stream with a particular ID, but I've found that if the
>> user is not already authenticated when they request the datastream content
>> URL, they don't get prompted to authenticate, but rather just get an empty
>> page with a 401 HTTP status. If the user is already authenticated from a
>> different request in the Fedora web UI, then the content gets served up
>> correctly.
>>
>> I've seen how to require authentication for ALL API-A requests, but that's
>> not what we want either, because ultimately I think the vast majority of
>> objects in our repository will be public, and should not require any
>> authentication.
>>
>> If anyone has advice on this, it would be much appreciated.
>>
>> Thanks,
>> Paul
>>
>> --
>> Paul Grotevant, Senior Software Developer/Analyst
>> University of Texas Libraries / IT Architecture and Strategy
>> [email protected]
>> 512-495-4374
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_mar
>> _______________________________________________
>> Fedora-commons-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Fedora-commons-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>
>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Fedora-commons-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
