Re: [Dspace-tech] IP Authentication in dspace 3.1
Ribin and Ivan, Thank you for the update. I am using the 3.1 distribution. The IP addresses are being matched correctly. If I authenticate with my own NetId, I see that I am corrected added to the group specified in authentication-ip.cfg (group X). (I am verifying this by looking at my profile.) If I am the anonymous user coming from the designated IP range, I am seeing inconsistent behavior for group permissions. I can access items that group X has direct permission to access. But, I am unable to access items that X should have access to via a parent DSpace group. My Shibboleth based groups behave as expected when added to a parent DSpace group. I suspect that the difference in this scenario is that isAuthenticated() == false for the anonymous user with IP-based access. I plan to do more testing today to see if I can define the problem more precisely. Have you encountered any issues like this? Terry On Tue, Oct 22, 2013 at 11:25 PM, ribin.jo...@niist.res.in wrote: Terry, I got ip authentication working in our Dspace. I just have the below in my authentication-ip.cfg: ip.grpname = ip, \ In authentication.cfg, I have the below: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication, org.dspace.authenticate.PasswordAuthentication Pls note that there is no unnecessary white space in the above configuration line. Thanks, Ribin Jones S.B - Original Message - From: Terry Brady tw...@georgetown.edu To: ribin jones ribin.jo...@niist.res.in Cc: Ivan Masár heli...@centrum.sk, dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 23 October, 2013 3:09:40 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Ribin, Did you find a solution to this issue? I seem to be encountering something similar with IP authentication. I have my ip authentication mapping to a group named X. I have added group: X to a larger DSpace group Y. Group Y can access collections/items/bitstreams. If I connect from my designated IP, I am unable to access the items that Group Y can access. But, if I give group X explicit access to an item/collection/bitstream, then I am able to access the objects. Terry On Tue, Aug 13, 2013 at 12:23 AM, ribin.jo...@niist.res.in wrote: Hi Helix, I tested it and it doesn't seem to work. Pls see the below dspace log; 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201: browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201: browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor Access comes as anonymous:session even if I try to access from 10.10.50.0 network (this subnet was given a special group name in authentication-ip.cfg) - Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 13 August, 2013 3:20:34 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Thu, Aug 8, 2013 at 12:56 PM, ribin.jo...@niist.res.in wrote: So, does IP authentication work only if there is some other authentication mechanism (ldap/passwd) above it? My understanding was that even if we don't login, if access comes from a particular network, collection/community can be be given appropriate access permission. I'm not sure. Did you test it? It should be easy to test. Anyway, I can't imagine why you'd want to remove PasswordAuthentication - you need that one to log in as DSpace administrator. If you don't have any other accounts defined for PasswordAuthentication, it doesn't hurt in any way. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Terry Brady Applications Programmer Analyst Lauinger
Re: [Dspace-tech] IP Authentication in dspace 3.1
I resolved this issue in a surprising way. I currently build my deployment using the dspace-3.1-release code base (not dspace-3.1-src-release). I wanted to add some diagnostics to org.dspace.eperson.Group to ensure that all parent groups of my IP-based special group are getting set. I copied org.dspace.eperson.Group.java to dspace/modules/additions/src/main/java/org/dspace/eperson/Group.java and rebuilt my code. After deployment, this issue was resolved. I deleted my local Group.java file, rebuilt the code, and the problem recurred. Terry On Wed, Oct 23, 2013 at 10:23 AM, Terry Brady tw...@georgetown.edu wrote: Ribin and Ivan, Thank you for the update. I am using the 3.1 distribution. The IP addresses are being matched correctly. If I authenticate with my own NetId, I see that I am corrected added to the group specified in authentication-ip.cfg (group X). (I am verifying this by looking at my profile.) If I am the anonymous user coming from the designated IP range, I am seeing inconsistent behavior for group permissions. I can access items that group X has direct permission to access. But, I am unable to access items that X should have access to via a parent DSpace group. My Shibboleth based groups behave as expected when added to a parent DSpace group. I suspect that the difference in this scenario is that isAuthenticated() == false for the anonymous user with IP-based access. I plan to do more testing today to see if I can define the problem more precisely. Have you encountered any issues like this? Terry On Tue, Oct 22, 2013 at 11:25 PM, ribin.jo...@niist.res.in wrote: Terry, I got ip authentication working in our Dspace. I just have the below in my authentication-ip.cfg: ip.grpname = ip, \ In authentication.cfg, I have the below: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication, org.dspace.authenticate.PasswordAuthentication Pls note that there is no unnecessary white space in the above configuration line. Thanks, Ribin Jones S.B - Original Message - From: Terry Brady tw...@georgetown.edu To: ribin jones ribin.jo...@niist.res.in Cc: Ivan Masár heli...@centrum.sk, dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 23 October, 2013 3:09:40 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Ribin, Did you find a solution to this issue? I seem to be encountering something similar with IP authentication. I have my ip authentication mapping to a group named X. I have added group: X to a larger DSpace group Y. Group Y can access collections/items/bitstreams. If I connect from my designated IP, I am unable to access the items that Group Y can access. But, if I give group X explicit access to an item/collection/bitstream, then I am able to access the objects. Terry On Tue, Aug 13, 2013 at 12:23 AM, ribin.jo...@niist.res.in wrote: Hi Helix, I tested it and it doesn't seem to work. Pls see the below dspace log; 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201: browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201: browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor Access comes as anonymous:session even if I try to access from 10.10.50.0 network (this subnet was given a special group name in authentication-ip.cfg) - Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 13 August, 2013 3:20:34 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Thu, Aug 8, 2013 at 12:56 PM, ribin.jo...@niist.res.in wrote: So, does IP authentication work only if there is some other authentication mechanism (ldap/passwd) above it? My understanding was that even if we don't login, if access comes from a particular network, collection/community can be be given appropriate access permission. I'm not sure. Did you test it? It should be easy to test. Anyway, I can't imagine why you'd want to remove PasswordAuthentication - you need that one to log in as DSpace administrator. If you don't have any other accounts defined for PasswordAuthentication, it doesn't hurt in any way. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Hi Terry, can you try rebuilding with mvn -U clean package? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Ivan, I removed my override of Group.java and performed the mvn build as you advised. The problem recurred. Looking at my jar files, I see that I now have 3 jar files containing this class. - additions.jar - atmire-datamodel-api-1.14.0-3.1-0.jar - dspace-api-3.1.jar I suspect that by recompiling this class, I might be overriding a version of the class that I am pulling in from the @mire jar file. I have an outstanding ticket with atmire to help us resolve a build-related issue. I suspect that might be the source of the behavior that I am seeing. Thank you for the suggestion. Terry On Wed, Oct 23, 2013 at 4:08 PM, helix84 heli...@centrum.sk wrote: Hi Terry, can you try rebuilding with mvn -U clean package? Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Terry Brady Applications Programmer Analyst Lauinger Information Technology 202-687-7053 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Ribin, Did you find a solution to this issue? I seem to be encountering something similar with IP authentication. I have my ip authentication mapping to a group named X. I have added group: X to a larger DSpace group Y. Group Y can access collections/items/bitstreams. If I connect from my designated IP, I am unable to access the items that Group Y can access. But, if I give group X explicit access to an item/collection/bitstream, then I am able to access the objects. Terry On Tue, Aug 13, 2013 at 12:23 AM, ribin.jo...@niist.res.in wrote: Hi Helix, I tested it and it doesn't seem to work. Pls see the below dspace log; 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201: browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201: browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor Access comes as anonymous:session even if I try to access from 10.10.50.0 network (this subnet was given a special group name in authentication-ip.cfg) - Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 13 August, 2013 3:20:34 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Thu, Aug 8, 2013 at 12:56 PM, ribin.jo...@niist.res.in wrote: So, does IP authentication work only if there is some other authentication mechanism (ldap/passwd) above it? My understanding was that even if we don't login, if access comes from a particular network, collection/community can be be given appropriate access permission. I'm not sure. Did you test it? It should be easy to test. Anyway, I can't imagine why you'd want to remove PasswordAuthentication - you need that one to log in as DSpace administrator. If you don't have any other accounts defined for PasswordAuthentication, it doesn't hurt in any way. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Terry Brady Applications Programmer Analyst Lauinger Information Technology 202-687-7053 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Hi Terry, were you testing with this bugfix patch (not included in 3.x)? https://github.com/DSpace/DSpace/pull/255 Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Terry, I got ip authentication working in our Dspace. I just have the below in my authentication-ip.cfg: ip.grpname = ip, \ In authentication.cfg, I have the below: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.IPAuthentication, org.dspace.authenticate.PasswordAuthentication Pls note that there is no unnecessary white space in the above configuration line. Thanks, Ribin Jones S.B - Original Message - From: Terry Brady tw...@georgetown.edu To: ribin jones ribin.jo...@niist.res.in Cc: Ivan Masár heli...@centrum.sk, dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 23 October, 2013 3:09:40 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Ribin, Did you find a solution to this issue? I seem to be encountering something similar with IP authentication. I have my ip authentication mapping to a group named X. I have added group: X to a larger DSpace group Y. Group Y can access collections/items/bitstreams. If I connect from my designated IP, I am unable to access the items that Group Y can access. But, if I give group X explicit access to an item/collection/bitstream, then I am able to access the objects. Terry On Tue, Aug 13, 2013 at 12:23 AM, ribin.jo...@niist.res.in wrote: Hi Helix, I tested it and it doesn't seem to work. Pls see the below dspace log; 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor Access comes as anonymous:session even if I try to access from 10.10.50.0 network (this subnet was given a special group name in authentication-ip.cfg) - Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 13 August, 2013 3:20:34 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Thu, Aug 8, 2013 at 12:56 PM, ribin.jo...@niist.res.in wrote: So, does IP authentication work only if there is some other authentication mechanism (ldap/passwd) above it? My understanding was that even if we don't login, if access comes from a particular network, collection/community can be be given appropriate access permission. I'm not sure. Did you test it? It should be easy to test. Anyway, I can't imagine why you'd want to remove PasswordAuthentication - you need that one to log in as DSpace administrator. If you don't have any other accounts defined for PasswordAuthentication, it doesn't hurt in any way. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Terry Brady Applications Programmer Analyst Lauinger Information Technology 202-687-7053 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Hi Helix, I tested it and it doesn't seem to work. Pls see the below dspace log; 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor Access comes as anonymous:session even if I try to access from 10.10.50.0 network (this subnet was given a special group name in authentication-ip.cfg) - Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 13 August, 2013 3:20:34 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Thu, Aug 8, 2013 at 12:56 PM, ribin.jo...@niist.res.in wrote: So, does IP authentication work only if there is some other authentication mechanism (ldap/passwd) above it? My understanding was that even if we don't login, if access comes from a particular network, collection/community can be be given appropriate access permission. I'm not sure. Did you test it? It should be easy to test. Anyway, I can't imagine why you'd want to remove PasswordAuthentication - you need that one to log in as DSpace administrator. If you don't have any other accounts defined for PasswordAuthentication, it doesn't hurt in any way. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
On Thu, Aug 8, 2013 at 6:03 AM, ribin.jo...@niist.res.in wrote: Any help on this? Sorry, no idea. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Hi, Sorry to bother oncemore. I was seeing the below link: http://www.mail-archive.com/dspace-tech@lists.sourceforge.net/msg17093.html In step 5 it says Log in as any user using some other authentocation method (Password, LDAP, ...) So, does IP authentication work only if there is some other authentication mechanism (ldap/passwd) above it? My understanding was that even if we don't login, if access comes from a particular network, collection/community can be be given appropriate access permission. Pls correct me if I am wrong. - Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Thursday, 8 August, 2013 12:58:46 PM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Thu, Aug 8, 2013 at 6:03 AM, ribin.jo...@niist.res.in wrote: Any help on this? Sorry, no idea. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
What is strange is that even after I did the configurations, when I check the logs, the access comes as anonymous. Is it something usual when we use IP authentication? - Ribin - Original Message - From: ribin jones ribin.jo...@niist.res.in To: heli...@centrum.sk Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 7 August, 2013 9:50:13 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Pls see my answers below: - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 7 August, 2013 3:27:49 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Tue, Aug 6, 2013 at 10:50 AM, ribin.jo...@niist.res.in wrote: I even tried with a single IP...still I see in the dspace log as access coming from anonymous. I had created a group by name SplGrp from dspace web interface and it is mentioned as ip.SplGrp = 10.10.50.201, \ in authentication-ip.cfg It looks correct. 1) Does the specific _item_ you're trying to access the READ right for the SplGrp group? I gave READ access permission for group SplGrp for one particular item I was trying to access and now it asks for a username/pwd when I try to access it from any network. 2) Is there any address translation (NAT) between the client (10.10.50.201) and DSpace? NO 2a) Check dspace.log to see what DSpace sees as your address. Please see the dspace logs below when I try to access an item. There is no NAT happenening in-between and access comes from 10.10.50.201 which is a local PC in the LAN: 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor 2b) Also look for any errors and messages there. If there are no messages, raise the log level to DEBUG and try again: https://wiki.duraspace.org/display/DSPACE/Troubleshoot+an+error Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Any help on this? Ribin - Original Message - From: ribin jones ribin.jo...@niist.res.in To: heli...@centrum.sk Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 7 August, 2013 11:46:43 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 What is strange is that even after I did the configurations, when I check the logs, the access comes as anonymous. Is it something usual when we use IP authentication? - Ribin - Original Message - From: ribin jones ribin.jo...@niist.res.in To: heli...@centrum.sk Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 7 August, 2013 9:50:13 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Pls see my answers below: - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 7 August, 2013 3:27:49 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Tue, Aug 6, 2013 at 10:50 AM, ribin.jo...@niist.res.in wrote: I even tried with a single IP...still I see in the dspace log as access coming from anonymous. I had created a group by name SplGrp from dspace web interface and it is mentioned as ip.SplGrp = 10.10.50.201, \ in authentication-ip.cfg It looks correct. 1) Does the specific _item_ you're trying to access the READ right for the SplGrp group? I gave READ access permission for group SplGrp for one particular item I was trying to access and now it asks for a username/pwd when I try to access it from any network. 2) Is there any address translation (NAT) between the client (10.10.50.201) and DSpace? NO 2a) Check dspace.log to see what DSpace sees as your address. Please see the dspace logs below when I try to access an item. There is no NAT happenening in-between and access comes from 10.10.50.201 which is a local PC in the LAN: 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor 2b) Also look for any errors and messages there. If there are no messages, raise the log level to DEBUG and try again: https://wiki.duraspace.org/display/DSPACE/Troubleshoot+an+error Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Correction: I added in the below file: [dspace]/config/modules/authentication.cfg plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.IPAuthentication Right now, when I access from any of my network, it asks for username/passwd. I had given only one particular subnet of my network in authentication-ip.cfg Thanks for any help. - Ribin - Original Message - From: ribin jones ribin.jo...@niist.res.in To: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 6 August, 2013 10:19:01 AM Subject: IP Authentication in dspace 3.1 Hi, I need to provide full access to all my collections in dspace within my institute network - The pdf files associated with each item should be downloadable if accessed from within my network. If access comes from outside our institute network, it should ask for a Request Copy or a username/passwd page. How can we achieve this? I am running dspace 3.1. I was following the below url: https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication I entered the below line in my dspace.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.IPAuthentication and also a line in /home/dspace/dspace-3.1-src-release/dspace/config/modules/authentication-ip.cfg ip.Anonymous = our subnet Thanks for any help Ribin Jones -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Hi Ribin, what notation did you use for the subnet? There has been a bug that causes it to work incorrectly for CIDR ranges: https://jira.duraspace.org/browse/DS-1235 There's a patch there, too. Could you please test it and comment there with your results? Thanks. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Still not working...Is there anything specific that need to be done while creating community or collection for this to take effect? Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 6 August, 2013 12:24:48 PM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Hi Ribin, what notation did you use for the subnet? There has been a bug that causes it to work incorrectly for CIDR ranges: https://jira.duraspace.org/browse/DS-1235 There's a patch there, too. Could you please test it and comment there with your results? Thanks. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
On Tue, Aug 6, 2013 at 10:14 AM, ribin.jo...@niist.res.in wrote: Still not working... Did you use the patch from here? https://github.com/DSpace/DSpace/pull/255 Is there anything specific that need to be done while creating community or collection for this to take effect? Yes, the item you're testing with has to have READ access for the MY_UNIVERSITY group if you use this: ip.MY_UNIVERSITY = 10.1.2.3 In DSpace, permissions are not hierarchical, they're only on items. An item inherits collection's permissions only when it's created. If you want to modify them afterwards, you have to change them on specific items. If you want to change them on a whole group of items, Wildcard Policy Admin can help with that. See: https://wiki.duraspace.org/display/DSPACE/TechnicalFaq#TechnicalFaq-Ichangedaccessrestrictionsonacollection,butrestrictionsdidn'tchangeonitsitems Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
I even tried with a single IP...still I see in the dspace log as access coming from anonymous. I had created a group by name SplGrp from dspace web interface and it is mentioned as ip.SplGrp = 10.10.50.201, \ in authentication-ip.cfg Ribin - Original Message - From: ribin jones ribin.jo...@niist.res.in To: heli...@centrum.sk Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 6 August, 2013 1:44:17 PM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Still not working...Is there anything specific that need to be done while creating community or collection for this to take effect? Ribin - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Tuesday, 6 August, 2013 12:24:48 PM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 Hi Ribin, what notation did you use for the subnet? There has been a bug that causes it to work incorrectly for CIDR ranges: https://jira.duraspace.org/browse/DS-1235 There's a patch there, too. Could you please test it and comment there with your results? Thanks. Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
On Tue, Aug 6, 2013 at 10:50 AM, ribin.jo...@niist.res.in wrote: I even tried with a single IP...still I see in the dspace log as access coming from anonymous. I had created a group by name SplGrp from dspace web interface and it is mentioned as ip.SplGrp = 10.10.50.201, \ in authentication-ip.cfg It looks correct. 1) Does the specific _item_ you're trying to access the READ right for the SplGrp group? 2) Is there any address translation (NAT) between the client (10.10.50.201) and DSpace? 2a) Check dspace.log to see what DSpace sees as your address. 2b) Also look for any errors and messages there. If there are no messages, raise the log level to DEBUG and try again: https://wiki.duraspace.org/display/DSPACE/Troubleshoot+an+error Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] IP Authentication in dspace 3.1
Pls see my answers below: - Original Message - From: helix84 heli...@centrum.sk To: ribin jones ribin.jo...@niist.res.in Cc: dspace-tech dspace-tech@lists.sourceforge.net Sent: Wednesday, 7 August, 2013 3:27:49 AM Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1 On Tue, Aug 6, 2013 at 10:50 AM, ribin.jo...@niist.res.in wrote: I even tried with a single IP...still I see in the dspace log as access coming from anonymous. I had created a group by name SplGrp from dspace web interface and it is mentioned as ip.SplGrp = 10.10.50.201, \ in authentication-ip.cfg It looks correct. 1) Does the specific _item_ you're trying to access the READ right for the SplGrp group? I gave READ access permission for group SplGrp for one particular item I was trying to access and now it asks for a username/pwd when I try to access it from any network. 2) Is there any address translation (NAT) between the client (10.10.50.201) and DSpace? NO 2a) Check dspace.log to see what DSpace sees as your address. Please see the dspace logs below when I try to access an item. There is no NAT happenening in-between and access comes from 10.10.50.201 which is a local PC in the LAN: 2013-08-07 15:12:50,616 INFO org.dspace.app.webui.servlet.AbstractBrowserServlet @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @ anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:browse_by_item: 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No Configuration entry found for Sequence Plugin interface=org.dspace.plugin.ItemHomeProcessor 2b) Also look for any errors and messages there. If there are no messages, raise the log level to DEBUG and try again: https://wiki.duraspace.org/display/DSPACE/Troubleshoot+an+error Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with 2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] IP Authentication in dspace 3.1
Hi, I need to provide full access to all my collections in dspace within my institute network - The pdf files associated with each item should be downloadable if accessed from within my network. If access comes from outside our institute network, it should ask for a Request Copy or a username/passwd page. How can we achieve this? I am running dspace 3.1. I was following the below url: https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins#AuthenticationPlugins-IPAuthentication I entered the below line in my dspace.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.IPAuthentication and also a line in /home/dspace/dspace-3.1-src-release/dspace/config/modules/authentication-ip.cfg ip.Anonymous = our subnet Thanks for any help Ribin Jones -- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=48897031iu=/4140/ostg.clktrk ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
