date:20140904

Re: [Dspace-tech] Fwd: Discovery + Restricted Content + IPAuthentication

2014-09-04 Thread Peter Dietz

Thanks for confirming my suspicion. Yeah, never a security/exposure issue.
Just unlogged in people wouldn't have seen all content that they should
have (if you had IPAuth and they matched a group).

I've filed a JIRA, and made the relevant patch. Testing welcome.
https://github.com/DSpace/DSpace/pull/632
https://jira.duraspace.org/browse/DS-2138

Basically, I just grab the context's special groups no matter what. (i.e.
not just if(currentUser != null){)


Peter Dietz
Longsight
www.longsight.com
pe...@longsight.com
p: 740-599-5005 x809


On Thu, Sep 4, 2014 at 4:35 PM, Mark Diggory  wrote:

> Hey Peter,
>
> I believe you are correct, the following method needs to have special
> groups added into listing
>
>
> https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/discovery/SolrServiceResourceRestrictionPlugin.java#L61
>
> I will note this is an error does not introduce any security flaw because
> its only excluding results that the user IP should have been able to see.
> The correction is to get the special groups off the Context and add them to
> the query in the above method.
>
> Cheers,
> Mark
>
>
> On Thu, Sep 4, 2014 at 1:30 PM, Kim Shepherd 
> wrote:
>
>> Hi Peter, we use IPAUTH (in addition to Shibboleth special groups) so
>> that our on-campus users can access restricted resources without logging
>> in, too..
>> I haven't noticed this particular issue -- Discovery has appeared to be
>> working from what I've seen but I've mostly been testing access to the
>> items/bitstreams themselves, so I'll take a look at our logs, too.
>> From my quick testing so far it's looking like I can reproduce the issue
>> you're talking about -- as an Anonymous user with only IPAUTH granting me
>> an extra special group, I can access all the resources I need to, but
>> Discovery is ignoring my special group and hiding recent submissions /
>> search results from me.
>>
>> The assumption that (currentUser == null) always means "Anonymous only"
>> is definitely an assumption that's going to break special groups like
>> IPAUTH.. so I think you're onto something there. Which classes are you
>> looking at?
>>
>> Cheers
>>
>> Kim
>>
>> On 5 September 2014 07:04, Peter Dietz  wrote:
>>
>>> Hi All,
>>>
>>> I was wondering if anyone is using the IPAuthentication mechanism, where
>>> you can have anonymous users who happen to be on a certain IP address range
>>> (i.e. campus / regional campus), and should be able to view that restricted
>>> content without having to log in.
>>>
>>> However, I'm having some issues, as I don't think that Discovery is
>>> actually checking the current user (anonymous user that could have "special
>>> groups"). I've noticed some difference in behavior when I'm visiting the
>>> site as anonymous user (not logged in), and also while logged in as a user
>>> who has no credentials (member of anonymous group though).
>>> i.e. some of the authentication / context logic goes
>>> if(currentUser != null) {...
>>>
>>> I've checked that Discovery has indexed the content correctly, which
>>> appears to be correct. i.e. ?q=handle:123456789/3456
>>> And that item has read:"g7"
>>>
>>> My config/modules/authentication-ip.cfg has something like:
>>> (Production it is different values).
>>>
>>> ip.CAMPUS = 127.0.0.1
>>>
>>> And group CAMPUS, groupID: 7.
>>>
>>>
>>> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPMatcher @ ipIn:
>>> 127.0.0.1
>>>
>>> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPAuthentication @
>>> anonymous:session_id=23AB7F7C2C8DA06BE556148B855E1D01:authenticated:special_groups=7
>>>
>>> 2014-09-04 14:50:17,146 DEBUG org.dspace.app.xmlui.utils.ContextUtil @
>>> Adding Special Group id=7
>>>
>>>
>>> When Discovery makes the check, I appears to have discarded the special
>>> group, and the query (I've added some debug)
>>>
>>> 2014-09-04 14:50:17,282 DEBUG
>>> org.dspace.discovery.SolrServiceResourceRestrictionPlugin @ ResourceQuery:
>>> read:(g0)
>>>
>>> Where g0 is anonymous group. It should have been "g0 OR g7".
>>>
>>>
>>> So, if anyone has run across this issue, or would like to look into it,
>>> please let me know.
>>>
>>> 
>>> Peter Dietz
>>> Longsight
>>> www.longsight.com
>>> pe...@longsight.com
>>> p: 740-599-5005 x809
>>>
>>>
>>> --
>>> Slashdot TV.
>>> Video for Nerds.  Stuff that matters.
>>> http://tv.slashdot.org/
>>> ___
>>> DSpace-tech mailing list
>>> DSpace-tech@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>>> List Etiquette:
>>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>>>
>>
>>
>>
>>
>> --
>> Slashdot TV.
>> Video for Nerds.  Stuff that matters.
>> http://tv.slashdot.org/
>> ___
>> DSpace-tech mailing list

Re: [Dspace-tech] Fwd: Discovery + Restricted Content + IPAuthentication

2014-09-04 Thread Mark Diggory

Hey Peter,

I believe you are correct, the following method needs to have special
groups added into listing

https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/discovery/SolrServiceResourceRestrictionPlugin.java#L61

I will note this is an error does not introduce any security flaw because
its only excluding results that the user IP should have been able to see.
The correction is to get the special groups off the Context and add them to
the query in the above method.

Cheers,
Mark


On Thu, Sep 4, 2014 at 1:30 PM, Kim Shepherd  wrote:

> Hi Peter, we use IPAUTH (in addition to Shibboleth special groups) so that
> our on-campus users can access restricted resources without logging in,
> too..
> I haven't noticed this particular issue -- Discovery has appeared to be
> working from what I've seen but I've mostly been testing access to the
> items/bitstreams themselves, so I'll take a look at our logs, too.
> From my quick testing so far it's looking like I can reproduce the issue
> you're talking about -- as an Anonymous user with only IPAUTH granting me
> an extra special group, I can access all the resources I need to, but
> Discovery is ignoring my special group and hiding recent submissions /
> search results from me.
>
> The assumption that (currentUser == null) always means "Anonymous only" is
> definitely an assumption that's going to break special groups like IPAUTH..
> so I think you're onto something there. Which classes are you looking at?
>
> Cheers
>
> Kim
>
> On 5 September 2014 07:04, Peter Dietz  wrote:
>
>> Hi All,
>>
>> I was wondering if anyone is using the IPAuthentication mechanism, where
>> you can have anonymous users who happen to be on a certain IP address range
>> (i.e. campus / regional campus), and should be able to view that restricted
>> content without having to log in.
>>
>> However, I'm having some issues, as I don't think that Discovery is
>> actually checking the current user (anonymous user that could have "special
>> groups"). I've noticed some difference in behavior when I'm visiting the
>> site as anonymous user (not logged in), and also while logged in as a user
>> who has no credentials (member of anonymous group though).
>> i.e. some of the authentication / context logic goes
>> if(currentUser != null) {...
>>
>> I've checked that Discovery has indexed the content correctly, which
>> appears to be correct. i.e. ?q=handle:123456789/3456
>> And that item has read:"g7"
>>
>> My config/modules/authentication-ip.cfg has something like:
>> (Production it is different values).
>>
>> ip.CAMPUS = 127.0.0.1
>>
>> And group CAMPUS, groupID: 7.
>>
>>
>> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPMatcher @ ipIn:
>> 127.0.0.1
>>
>> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPAuthentication @
>> anonymous:session_id=23AB7F7C2C8DA06BE556148B855E1D01:authenticated:special_groups=7
>>
>> 2014-09-04 14:50:17,146 DEBUG org.dspace.app.xmlui.utils.ContextUtil @
>> Adding Special Group id=7
>>
>>
>> When Discovery makes the check, I appears to have discarded the special
>> group, and the query (I've added some debug)
>>
>> 2014-09-04 14:50:17,282 DEBUG
>> org.dspace.discovery.SolrServiceResourceRestrictionPlugin @ ResourceQuery:
>> read:(g0)
>>
>> Where g0 is anonymous group. It should have been "g0 OR g7".
>>
>>
>> So, if anyone has run across this issue, or would like to look into it,
>> please let me know.
>>
>> 
>> Peter Dietz
>> Longsight
>> www.longsight.com
>> pe...@longsight.com
>> p: 740-599-5005 x809
>>
>>
>> --
>> Slashdot TV.
>> Video for Nerds.  Stuff that matters.
>> http://tv.slashdot.org/
>> ___
>> DSpace-tech mailing list
>> DSpace-tech@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>> List Etiquette:
>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>>
>
>
>
>
> --
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>



-- 
[image: @mire Inc.]
*Mark Diggory*
*2888 Loker Avenue East, Suite 315, Carlsbad, CA. 92010*
*Esperantolaan 4, Heverlee 3001, Belgium*
http://www.atmire.com
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] Fwd: Discovery + Restricted Content + IPAuthentication

2014-09-04 Thread Kim Shepherd

Hi Peter, we use IPAUTH (in addition to Shibboleth special groups) so that
our on-campus users can access restricted resources without logging in,
too..
I haven't noticed this particular issue -- Discovery has appeared to be
working from what I've seen but I've mostly been testing access to the
items/bitstreams themselves, so I'll take a look at our logs, too.
>From my quick testing so far it's looking like I can reproduce the issue
you're talking about -- as an Anonymous user with only IPAUTH granting me
an extra special group, I can access all the resources I need to, but
Discovery is ignoring my special group and hiding recent submissions /
search results from me.

The assumption that (currentUser == null) always means "Anonymous only" is
definitely an assumption that's going to break special groups like IPAUTH..
so I think you're onto something there. Which classes are you looking at?

Cheers

Kim

On 5 September 2014 07:04, Peter Dietz  wrote:

> Hi All,
>
> I was wondering if anyone is using the IPAuthentication mechanism, where
> you can have anonymous users who happen to be on a certain IP address range
> (i.e. campus / regional campus), and should be able to view that restricted
> content without having to log in.
>
> However, I'm having some issues, as I don't think that Discovery is
> actually checking the current user (anonymous user that could have "special
> groups"). I've noticed some difference in behavior when I'm visiting the
> site as anonymous user (not logged in), and also while logged in as a user
> who has no credentials (member of anonymous group though).
> i.e. some of the authentication / context logic goes
> if(currentUser != null) {...
>
> I've checked that Discovery has indexed the content correctly, which
> appears to be correct. i.e. ?q=handle:123456789/3456
> And that item has read:"g7"
>
> My config/modules/authentication-ip.cfg has something like:
> (Production it is different values).
>
> ip.CAMPUS = 127.0.0.1
>
> And group CAMPUS, groupID: 7.
>
>
> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPMatcher @ ipIn:
> 127.0.0.1
>
> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPAuthentication @
> anonymous:session_id=23AB7F7C2C8DA06BE556148B855E1D01:authenticated:special_groups=7
>
> 2014-09-04 14:50:17,146 DEBUG org.dspace.app.xmlui.utils.ContextUtil @
> Adding Special Group id=7
>
>
> When Discovery makes the check, I appears to have discarded the special
> group, and the query (I've added some debug)
>
> 2014-09-04 14:50:17,282 DEBUG
> org.dspace.discovery.SolrServiceResourceRestrictionPlugin @ ResourceQuery:
> read:(g0)
>
> Where g0 is anonymous group. It should have been "g0 OR g7".
>
>
> So, if anyone has run across this issue, or would like to look into it,
> please let me know.
>
> 
> Peter Dietz
> Longsight
> www.longsight.com
> pe...@longsight.com
> p: 740-599-5005 x809
>
>
> --
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> ___
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] Discovery + Restricted Content + IPAuthentication

2014-09-04 Thread Peter Dietz

Hi All,

I was wondering if anyone is using the IPAuthentication mechanism, where
you can have anonymous users who happen to be on a certain IP address range
(i.e. campus / regional campus), and should be able to view that restricted
content without having to log in.

However, I'm having some issues, as I don't think that Discovery is
actually checking the current user (anonymous user that could have "special
groups"). I've noticed some difference in behavior when I'm visiting the
site as anonymous user (not logged in), and also while logged in as a user
who has no credentials (member of anonymous group though).
i.e. some of the authentication / context logic goes
if(currentUser != null) {...

I've checked that Discovery has indexed the content correctly, which
appears to be correct. i.e. ?q=handle:123456789/3456
And that item has read:"g7"

My config/modules/authentication-ip.cfg has something like:
(Production it is different values).

ip.CAMPUS = 127.0.0.1

And group CAMPUS, groupID: 7.


2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPMatcher @ ipIn:
127.0.0.1

2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPAuthentication @
anonymous:session_id=23AB7F7C2C8DA06BE556148B855E1D01:authenticated:special_groups=7

2014-09-04 14:50:17,146 DEBUG org.dspace.app.xmlui.utils.ContextUtil @
Adding Special Group id=7


When Discovery makes the check, I appears to have discarded the special
group, and the query (I've added some debug)

2014-09-04 14:50:17,282 DEBUG
org.dspace.discovery.SolrServiceResourceRestrictionPlugin @ ResourceQuery:
read:(g0)

Where g0 is anonymous group. It should have been "g0 OR g7".


So, if anyone has run across this issue, or would like to look into it,
please let me know.


Peter Dietz
Longsight
www.longsight.com
pe...@longsight.com
p: 740-599-5005 x809
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] What do repository managers and administrators need most? Let's discuss Sept. 9th and 10th

2014-09-04 Thread Maureen P. Walsh

Which DSpace use cases are the most vital ones for repository managers and
administrators?

Join other repository managers and developers during the monthly DCAT
teleconference meetings on *September 9 (15:00 UTC/GMT - 11:00 ET)*
and *September
10 (20:00 UTC/GMT - 16:00 ET)*.

Find out more and join the discussion today:
https://wiki.duraspace.org/display/cmtygp/DCAT+Meeting+September+2014

Looking forward to a great discussion,

Maureen Walsh & Bram Luyten
DCAT co-chairs
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] DSpace SWORD and Drupal

2014-09-04 Thread Joseph Greene

Hi,
Does anyone know of a SWORD client module for Drupal? We have a research
group adding publication metadata and PDFs to Drupal, and would love for
them to be able to add a 'send to DSpace' button into their Drupal.

I've read through the code of https://www.drupal.org/project/sword, but
unless I'm missing something, this implements a SWORD server, I'm looking
for a Drupal SWORD Client...

Any pointers?

Joseph

Joseph Greene
Research Repository Librarian
James Joyce Library
University College Dublin
(353 0)1 716 7398
joseph.gre...@ucd.ie
http://researchrepository.ucd.ie




--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

[Dspace-tech] Unable to view Withdrawn items after upgrading

2014-09-04 Thread zabeeulla

Hi, 

I have upgraded dspace from version 1.5.1 to version 4.2, after the
upgrading I am unable to view "Withdrawn Items". I am getting the following
error when trying to view "Withdrawn Items". 

Regards, 
Mohammed



--
View this message in context: 
http://dspace.2283337.n4.nabble.com/Unable-to-view-Withdrawn-items-after-upgrading-tp4674737.html
Sent from the DSpace - Tech mailing list archive at Nabble.com.

--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace Request Copy Add-on

2014-09-04 Thread Lewatle Phaladi

Dear Adan,

Please grant me direct access to 3.1 version of the addon in git, I would like 
to run it on test server, the dspace version running on it is 3.2
Once again thanks to you Emilio.

Regards,
Lewatle

From: emilio lorenzo [mailto:elore...@arvo.es]
Sent: 04 September 2014 10:07 AM
To: Lewatle Phaladi; dspace-tech@lists.sourceforge.net
Cc: Adán Román
Subject: Re: [Dspace-tech] DSpace Request Copy Add-on

Hi, Lewatle,  yes  (the page 
https://wiki.duraspace.org/display/DSPACE/RequestCopy perhaps it´s a bit 
outdated but has the following last paragraph:
XMLUI version
There is a  "translation" to XMLUI of this request copy add-on tested in 3.1 
(must work in 1.8 changing installation directories). Documented and available 
to download in JIRA issue DS-1585)

We developed the code (adapted from University of Minho-JSPUI code) for 3.*. 
And the code was later  included in 4.* core
see https://jira.duraspace.org/browse/DS-824.  We have a couple of 
installations running 3.x with that code.
Contact Adan Roman (aro...@arvo.es) for a direct access 
to 3.1 version of the add-on  in git

best regards
Emilio

El 04/09/2014 9:50, Lewatle Phaladi escribió:
Hi Emilio,

I am using dspace version 3.2 the theme I am using is Mirage XMLUI are you 
saying the addon works on dspace 3.* ?

Regards,
Lewatle

From: emilio lorenzo [mailto:elore...@arvo.es]
Sent: 04 September 2014 09:41 AM
To: 
dspace-tech@lists.sourceforge.net; 
Lewatle Phaladi
Subject: Re: [Dspace-tech] DSpace Request Copy Add-on

Hi Lewatle
JSPUI or XMLUI ?  (XMLUI runs on dspace 1.8, 3 & 4)

Emilio

El 04/09/2014 8:33, Lewatle Phaladi escribió:
Dear Team,

I would like to run DSpace Request Copy Add-on module on DSpace 3.2 version, I 
have read on DSpace Request Copy Add-on online 
page(https://wiki.duraspace.org/display/DSPACE/RequestCopy) that the module is 
currently running on the following dspace versions : dspace 1.6.2,  1.7.2 & 
1.8.2
If there is anyone on who has configured the module to run on dspace 3.2 or 
dspace 4.2 please share with me possible steps.

Regards,
Lewatle
This communication is intended for the addressee only. It is confidential. If 
you have received this communication in error, please notify us immediately and 
destroy the original message. You may not copy or disseminate this 
communication without the permission of the University. Only authorised 
signatories are competent to enter into agreements on behalf of the University 
and recipients are thus advised that the content of this message may not be 
legally binding on the University and may contain the personal views and 
opinions of the author, which are not necessarily the views and opinions of The 
University of the Witwatersrand, Johannesburg. All agreements between the 
University and outsiders are subject to South African Law unless the University 
agrees in writing to the contrary.





--

Slashdot TV.

Video for Nerds.  Stuff that matters.

http://tv.slashdot.org/



___

DSpace-tech mailing list

DSpace-tech@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/dspace-tech

List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

This communication is intended for the addressee only. It is confidential. If 
you have received this communication in error, please notify us immediately and 
destroy the original message. You may not copy or disseminate this 
communication without the permission of the University. Only authorised 
signatories are competent to enter into agreements on behalf of the University 
and recipients are thus advised that the content of this message may not be 
legally binding on the University and may contain the personal views and 
opinions of the author, which are not necessarily the views and opinions of The 
University of the Witwatersrand, Johannesburg. All agreements between the 
University and outsiders are subject to South African Law unless the University 
agrees in writing to the contrary.






This communication is 
intended for the addressee only. It is confidential. If you have received this 
communication in error, please notify us immediately and destroy the original 
message. You may not copy or disseminate this communication without the 
permission of the University. Only authorised signatories are competent to 
enter into agreements on behalf of the University and recipients are thus 
advised that the content of this message may not be legally binding on the 
University and may contain the personal views and opinions of the author, which 
are not necessarily the views and opinions of The University of the 
Witwatersrand, Johannesburg. All agreements between the University and 
outsiders are subject to South African Law unless the University agrees in 
writing

Re: [Dspace-tech] JSPUI reverse proxy authentication

2014-09-04 Thread Becker, Pascal-Nicolas

Hi,

you ran in the following bug: https://jira.duraspace.org/browse/DS-2030
DSpace’s session hijacking prevention currently doesn’t support 
IPv4/IPv6-Dual-Stack setups.

But this just reveal another problem in your setup: DSpace recognize the remote 
IP as either 127.0.0.1 or ::1. This is security relevant as e.g. solr is only 
reachable from local loopback IPs and shouldn’t be reachable directly from 
other IPs. You should make sure that your nginx sets the appropriate http 
headers like X-Forwarded-For and that your container servlet recognizes these 
headers. If you use Tomcat as container Servlet you can find information about 
proxy setups here: 
http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Support.

Regards,
  Pascal

From: Fitzpatrick, Christopher [mailto:c...@wmu.se]
Sent: Thursday, September 04, 2014 9:49 AM
To: Becker, Pascal-Nicolas; dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] JSPUI reverse proxy authentication

Hi,

Ah, I think I just fixed it.
Needed to put nginx upstream at the domain name and not localhost, since there 
seems to be some IPv4 / IPv6 mismatching going on.
Changed nginx config:

http {
  upstream dspace {
server dlib.wmu.se:8080;
}

...
location /jspui/ {

  proxy_pass http://dspace/jspui/;
proxy_redirect  http://dspace/jspui/ http://dlib.wmu.se/jspui/;
 ...

restarted nginx and now everything is sticking.

Thanks!
b,chris.




On 4 September 2014 09:43, Fitzpatrick, Christopher 
mailto:c...@wmu.se>> wrote:

Hi,
Thanks for the response...

Yup, seeing this in the log:

2014-09-04 03:37:59,373 WARN  org.dspace.app.webui.util.UIUtil @ POSSIBLE 
HIJACKED SESSION: request from 127.0.0.1 does not match original session 
address: 0:0:0:0:0:0:0:1. Authentication rejected.

The baseURl is set to dspace.baseUrl = http://dlib.wmu.se ( i've tried with the 
port and without the port, same results...) and the url is set to dspace.url = 
http://dlib.wmu.se/jspui
thanks again..b,chris.




On 3 September 2014 16:19, Becker, Pascal-Nicolas 
mailto:p.bec...@tu-berlin.de>> wrote:
Hi,

does the dspace.log log file contains any entries like the following one?

2014-MM-DD HH:MM:SS,YYY WARN org.dspace.app.webui.util.UIUtil @ POSSIBLE 
HIJACKED SESSION: request from XXX.XXX.XXX.XXX does not match original session 
address: XXX.XXX.XXX.XXX. Authentication rejected.

How are the configuration properties dspace.baseUrl and dspace.url set?

Regards,
  Pascal Becker

From: Fitzpatrick, Christopher [mailto:c...@wmu.se]
Sent: Wednesday, September 03, 2014 9:37 AM
To: dspace-tech@lists.sourceforge.net
Subject: [Dspace-tech] JSPUI reverse proxy authentication

Hi All,
I just setup dspace for the first time. We're wanting to use the jspui 
interface. I setup nginx as a reverse proxy in front of tomcat, but it seems 
that the authentication is not sticking. What I mean by that is I can 
authenticate a user, and the page does show that I am logged in ( and I have 
access to certain restricted pages). But the user will lose its session after a 
couple of minutes or on certain pages.
This is not happening if I access tomcat directly at port 8080, so I think 
there's something I'm missing on my nginx conf. ( included below ).
Any ideas? Thanks for the help...b,chris,

 location / {
proxy_pass  http://dspace;
proxy_next_upstream error timeout invalid_header http_500 http_502 
http_503 http_504;
proxy_redirect http://dspace http://dlib.wmu.se;

proxy_buffering off;
proxy_store off;

proxy_connect_timeout 120;
proxy_send_timeout120;
proxy_read_timeout120;

proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace Request Copy Add-on

2014-09-04 Thread emilio lorenzo

Hi, Lewatle,  yes  (the page 
https://wiki.duraspace.org/display/DSPACE/RequestCopy perhaps it´s a bit 
outdated but has the following last paragraph:

XMLUI version
There is a  "translation" to XMLUI of this request copy add-on tested in 
3.1 (must work in 1.8 changing installation directories). Documented and 
available to download in JIRA issue DS-1585)


We developed the code (adapted from University of Minho-JSPUI code) for 
3.*. And the code was later  included in 4.* core
see https://jira.duraspace.org/browse/DS-824.  We have a couple of 
installations running 3.x with that code.
Contact Adan Roman (aro...@arvo.es) for a direct access to 3.1 version 
of the add-on  in git


best regards
Emilio



El 04/09/2014 9:50, Lewatle Phaladi escribió:


Hi Emilio,

I am using dspace version 3.2 the theme I am using is Mirage XMLUI are 
you saying the addon works on dspace 3.* ?


Regards,

Lewatle

*From:*emilio lorenzo [mailto:elore...@arvo.es]
*Sent:* 04 September 2014 09:41 AM
*To:* dspace-tech@lists.sourceforge.net; Lewatle Phaladi
*Subject:* Re: [Dspace-tech] DSpace Request Copy Add-on

Hi Lewatle
JSPUI or XMLUI ?  (XMLUI runs on dspace 1.8, 3 & 4)

Emilio

El 04/09/2014 8:33, Lewatle Phaladi escribió:

Dear Team,

I would like to run DSpace Request Copy Add-on module on DSpace
3.2 version, I have read on DSpace Request Copy Add-on online
page(https://wiki.duraspace.org/display/DSPACE/RequestCopy) that
the module is currently running on the following dspace versions :
dspace 1.6.2,  1.7.2 & 1.8.2

If there is anyone on who has configured the module to run on
dspace 3.2 or dspace 4.2 please share with me possible steps.

Regards,

Lewatle

This communication is intended for the addressee only. It is
confidential. If you have received this communication in error,
please notify us immediately and destroy the original message. You
may not copy or disseminate this communication without the
permission of the University. Only authorised signatories are
competent to enter into agreements on behalf of the University and
recipients are thus advised that the content of this message may
not be legally binding on the University and may contain the
personal views and opinions of the author, which are not
necessarily the views and opinions of The University of the
Witwatersrand, Johannesburg. All agreements between the University
and outsiders are subject to South African Law unless the
University agrees in writing to the contrary.





--

Slashdot TV.

Video for Nerds.  Stuff that matters.

http://tv.slashdot.org/




___

DSpace-tech mailing list

DSpace-tech@lists.sourceforge.net  


https://lists.sourceforge.net/lists/listinfo/dspace-tech

List 
Etiquette:https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

This communication is intended for the addressee only. It is 
confidential. If you have received this communication in error, please 
notify us immediately and destroy the original message. You may not 
copy or disseminate this communication without the permission of the 
University. Only authorised signatories are competent to enter into 
agreements on behalf of the University and recipients are thus advised 
that the content of this message may not be legally binding on the 
University and may contain the personal views and opinions of the 
author, which are not necessarily the views and opinions of The 
University of the Witwatersrand, Johannesburg. All agreements between 
the University and outsiders are subject to South African Law unless 
the University agrees in writing to the contrary.




--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace Request Copy Add-on

2014-09-04 Thread Lewatle Phaladi

Hi Emilio,

I am using dspace version 3.2 the theme I am using is Mirage XMLUI are you 
saying the addon works on dspace 3.* ?

Regards,
Lewatle

From: emilio lorenzo [mailto:elore...@arvo.es]
Sent: 04 September 2014 09:41 AM
To: dspace-tech@lists.sourceforge.net; Lewatle Phaladi
Subject: Re: [Dspace-tech] DSpace Request Copy Add-on

Hi Lewatle
JSPUI or XMLUI ?  (XMLUI runs on dspace 1.8, 3 & 4)

Emilio

El 04/09/2014 8:33, Lewatle Phaladi escribió:
Dear Team,

I would like to run DSpace Request Copy Add-on module on DSpace 3.2 version, I 
have read on DSpace Request Copy Add-on online 
page(https://wiki.duraspace.org/display/DSPACE/RequestCopy) that the module is 
currently running on the following dspace versions : dspace 1.6.2,  1.7.2 & 
1.8.2
If there is anyone on who has configured the module to run on dspace 3.2 or 
dspace 4.2 please share with me possible steps.

Regards,
Lewatle
This communication is intended for the addressee only. It is confidential. If 
you have received this communication in error, please notify us immediately and 
destroy the original message. You may not copy or disseminate this 
communication without the permission of the University. Only authorised 
signatories are competent to enter into agreements on behalf of the University 
and recipients are thus advised that the content of this message may not be 
legally binding on the University and may contain the personal views and 
opinions of the author, which are not necessarily the views and opinions of The 
University of the Witwatersrand, Johannesburg. All agreements between the 
University and outsiders are subject to South African Law unless the University 
agrees in writing to the contrary.






--

Slashdot TV.

Video for Nerds.  Stuff that matters.

http://tv.slashdot.org/




___

DSpace-tech mailing list

DSpace-tech@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/dspace-tech

List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette




This communication is 
intended for the addressee only. It is confidential. If you have received this 
communication in error, please notify us immediately and destroy the original 
message. You may not copy or disseminate this communication without the 
permission of the University. Only authorised signatories are competent to 
enter into agreements on behalf of the University and recipients are thus 
advised that the content of this message may not be legally binding on the 
University and may contain the personal views and opinions of the author, which 
are not necessarily the views and opinions of The University of the 
Witwatersrand, Johannesburg. All agreements between the University and 
outsiders are subject to South African Law unless the University agrees in 
writing to the contrary. 


--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] JSPUI reverse proxy authentication

2014-09-04 Thread Fitzpatrick, Christopher

Hi,

Ah, I think I just fixed it.

Needed to put nginx upstream at the domain name and not localhost, since
there seems to be some IPv4 / IPv6 mismatching going on.

Changed nginx config:

http {
  upstream dspace {
server dlib.wmu.se:8080;
}

...
location /jspui/ {

  proxy_pass http://dspace/jspui/;
proxy_redirect  http://dspace/jspui/ http://dlib.wmu.se/jspui/;
 ...


restarted nginx and now everything is sticking.

Thanks!
b,chris.







On 4 September 2014 09:43, Fitzpatrick, Christopher  wrote:

>
> Hi,
>
> Thanks for the response...
>
> Yup, seeing this in the log:
>
> 2014-09-04 03:37:59,373 WARN  org.dspace.app.webui.util.UIUtil @ POSSIBLE
> HIJACKED SESSION: request from 127.0.0.1 does not match original session
> address: 0:0:0:0:0:0:0:1. Authentication rejected.
>
>
> The baseURl is set to dspace.baseUrl = http://dlib.wmu.se ( i've tried
> with the port and without the port, same results...) and the url is set to
> dspace.url = http://dlib.wmu.se/jspui
>
> thanks again..b,chris.
>
>
>
>
>
> On 3 September 2014 16:19, Becker, Pascal-Nicolas 
> wrote:
>
>>  Hi,
>>
>>
>>
>> does the dspace.log log file contains any entries like the following one?
>>
>>
>>
>> 2014-MM-DD HH:MM:SS,YYY WARN org.dspace.app.webui.util.UIUtil @ POSSIBLE
>> HIJACKED SESSION: request from XXX.XXX.XXX.XXX does not match original
>> session address: XXX.XXX.XXX.XXX. Authentication rejected.
>>
>>
>>
>> How are the configuration properties dspace.baseUrl and dspace.url set?
>>
>>
>>
>> Regards,
>>
>>   Pascal Becker
>>
>>
>>
>> *From:* Fitzpatrick, Christopher [mailto:c...@wmu.se]
>> *Sent:* Wednesday, September 03, 2014 9:37 AM
>> *To:* dspace-tech@lists.sourceforge.net
>> *Subject:* [Dspace-tech] JSPUI reverse proxy authentication
>>
>>
>>
>> Hi All,
>>
>> I just setup dspace for the first time. We're wanting to use the jspui
>> interface. I setup nginx as a reverse proxy in front of tomcat, but it
>> seems that the authentication is not sticking. What I mean by that is I can
>> authenticate a user, and the page does show that I am logged in ( and I
>> have access to certain restricted pages). But the user will lose its
>> session after a couple of minutes or on certain pages.
>>
>> This is not happening if I access tomcat directly at port 8080, so I
>> think there's something I'm missing on my nginx conf. ( included below ).
>>
>> Any ideas? Thanks for the help...b,chris,
>>
>>  location / {
>> proxy_pass  http://dspace;
>> proxy_next_upstream error timeout invalid_header http_500
>> http_502 http_503 http_504;
>> proxy_redirect http://dspace http://dlib.wmu.se;
>>
>> proxy_buffering off;
>> proxy_store off;
>>
>> proxy_connect_timeout 120;
>> proxy_send_timeout120;
>> proxy_read_timeout120;
>>
>> proxy_set_header X-Forwarded-Host $host;
>> proxy_set_header X-Forwarded-Server $host;
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>>
>
>
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] DSpace Request Copy Add-on

2014-09-04 Thread emilio lorenzo


Hi Lewatle
JSPUI or XMLUI ?  (XMLUI runs on dspace 1.8, 3 & 4)

Emilio


El 04/09/2014 8:33, Lewatle Phaladi escribió:


Dear Team,

I would like to run DSpace Request Copy Add-on module on DSpace 3.2 
version, I have read on DSpace Request Copy Add-on online 
page(https://wiki.duraspace.org/display/DSPACE/RequestCopy) that the 
module is currently running on the following dspace versions : dspace 
1.6.2,  1.7.2 & 1.8.2


If there is anyone on who has configured the module to run on dspace 
3.2 or dspace 4.2 please share with me possible steps.


Regards,

Lewatle

This communication is intended for the addressee only. It is 
confidential. If you have received this communication in error, please 
notify us immediately and destroy the original message. You may not 
copy or disseminate this communication without the permission of the 
University. Only authorised signatories are competent to enter into 
agreements on behalf of the University and recipients are thus advised 
that the content of this message may not be legally binding on the 
University and may contain the personal views and opinions of the 
author, which are not necessarily the views and opinions of The 
University of the Witwatersrand, Johannesburg. All agreements between 
the University and outsiders are subject to South African Law unless 
the University agrees in writing to the contrary.




--
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/


___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette


--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette

Re: [Dspace-tech] Fwd: Discovery + Restricted Content + IPAuthentication

Re: [Dspace-tech] Fwd: Discovery + Restricted Content + IPAuthentication

[Dspace-tech] Fwd: Discovery + Restricted Content + IPAuthentication

[Dspace-tech] Discovery + Restricted Content + IPAuthentication

[Dspace-tech] What do repository managers and administrators need most? Let's discuss Sept. 9th and 10th

[Dspace-tech] DSpace SWORD and Drupal

[Dspace-tech] Unable to view Withdrawn items after upgrading

Re: [Dspace-tech] DSpace Request Copy Add-on

Re: [Dspace-tech] JSPUI reverse proxy authentication

Re: [Dspace-tech] DSpace Request Copy Add-on

Re: [Dspace-tech] DSpace Request Copy Add-on

Re: [Dspace-tech] JSPUI reverse proxy authentication

Re: [Dspace-tech] DSpace Request Copy Add-on

13 matches

Site Navigation

Mail list logo

Footer information