On Mon, Sep 10, 2012 at 10:13 PM, Lohit Valleru lohi...@gmail.com wrote:
Hi Helix,
Thanks for the quick reply.
I understand the below approach and its a good one. However , may i know, if
IP Authentication class is called, as soon as the Home page loads? or is it
called once i click the login link on the home page?
I assume, IP authentication should not necessitate the need for username,
but i just wanted to confirm.
If IP authentication is done before the Home page is loaded. I would be
grateful to use the below approach.
( forgot to mention: I want to authenticate the remote_user with LDAP server
and was therefore looking for a way to call LDAP hierarchal authentication
before the home page loads)
Also, though the authentication done in java class files is not xmlui or
jspui specific, I realize , that the method used to call these methods from
client is different when it comes to XMLUI and JSPUI. JSPUI used servlets
and its easy to understand, what is called when, however it was not the same
case with XMLUI.
The main use case is, i want the user to be automatically authenticated
before the Dspace homepage loads.
Thank you helix. I hope i understood your approach in the right manner.
I would be happy to take your help.
Regards,
Lohit
Please, always CC dspace-tech when replying.
Honestly, it's been a long time since I tried IPAuthentication, so I
don't remember.
I just did a very quick test and from watching the log (tail -f
dspace.log) it seems this is suitable for your use case. I didn't
check whether you have the group set at the home page (but I checked
you have it in /profile after logging in using a different login
method), but going directly from the the home page without logging in,
I was able to access a resource restricted to my IP group.
Your configuration sounds intriguing. However, there's something wrong
with trying to authenticate based on username you receive from
REMOTE_USER. You get that header from Apache, which gets it from an
authn module, so you should implicitly trust it already, no need to
re-authenticate.
Of course, what makes sense to do is to a) look up the user's
attributes b) look up his full DN so you may put him into DSpace
groups. But this could also be done by the Apache authn module and
passed to DSpace in headers, it's just a matter of preference.
Can you please elaborate on your use-case? How exactly is the
REMOTE_USER header filled? Why do you think you need to do
LDAPHierarchical in DSpace again?
Concerning the details of calling AuthenticationManager from JSPUI and
XMLUI, I don't have such deep knowledge of this yet.
Regards,
~~helix84
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
