I've a need to completely disable DSpace authenticated access and use
instead iptables(8) for restricting access based on ip-address.
Does anybody know the easiest way to achieve this?
Thanks in advance.
-- Van Ly
On 23/09/2009, at 10:02 AM, Van Ly wrote:
> Thanks Larry.
> The desired behavior I'm wanting is for the web browser to ask for
> credentials under `basic authentication' in rfc2617. The installed
> settings handles a http `GET' request with credentials as expected.
> Without credentials, rather than doing [x] it does [y].
> Originally, had I needed, I had in mind to strip DSpace naked (ie.
> without authentication) and as a temporary fix use `iptables(8)' to
> control access based on IP.
> But really, whether the browser or the page prompts for credentials
> is a cosmetic issue as long as the link is trusted.
> Best wishes,
> Van Ly
> vly at usyd dot edu dot au
> -- # [x] `401' points to the web browser's sign-on, expected
> behaviour by end-user
> 0.000478 num.num.num.103 -> num.num.num.56 HTTP GET /
> basicAuthTest/ HTTP/1.1
> 0.000523 num.num.num.56 -> num.num.num.103 TCP http > 54837 [ACK]
> Seq=1 Ack=576 Win=7040 Len=0 TSV=1837843610 TSER=1974179631
> 0.002128 num.num.num.56 -> num.num.num.103 HTTP HTTP/1.1 401
> Authorization Required (text/html)
> -- # [y] unexpected behaviour
> 0.000550 num.num.num.103 -> num.num.num.4 HTTP GET /bitstream/
> num/num/1/External.pdf HTTP/1.1
> 0.000634 num.num.num.4 -> num.num.num.103 TCP http > 54862 [ACK]
> Seq=1 Ack=601 Win=7040 Len=0 TSV=2843474683 TSER=1974184374
> 0.047864 num.num.num.4 -> num.num.num.103 HTTP HTTP/1.1 302
> Moved Temporarily
> -- #[y'] `302' points to the DSpace sign-on
> num.num.num.103 - - [22/Sep/2009:17:04:12 +1000] "GET /bitstream/
> num/num/1/External.pdf HTTP/1.1" 302 -
> num.num.num.103 - - [22/Sep/2009:17:04:12 +1000] "GET /password-
> login HTTP/1.1" 200 4743
> On 11/09/2009, at 12:36 PM, Larry Stone wrote:
>> If you just want to deny all access based on the requestor's IP
>> address, that is best done in the web server or servlet
>> container. If you're using "naked" Tomcat, see the doc for
>> org.apache.catalina.valves.RemoteAddrValve. If you're using
>> Apache httpd it's very easy to configure, just see the server docs.
>> -- Larry
>> On Sep 10, 2009, at 9:50 PM, Van Ly wrote:
>>> I may have a situation where one of the items in the list for
>>> `plugin.sequence.org.dspace.eperson.AuthenticationMethod' isn't
>>> behaving as expected.
>>> To work around, if I need to put up a firewall to restrict access
>>> based on ip-address and bypass the authentication mechanism
>>> what would be a way?
>>> Thanks in advance.
>>> Van Ly
>>> vly at usyd dot edu dot au
>>> Let Crystal Reports handle the reporting - Free Crystal Reports
>>> 2008 30-Day
>>> trial. Simplify your report design, integration and deployment -
>>> and focus on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>>> DSpace-tech mailing list
vly at usyd dot edu dot au