I have integrated
(one of) our DSpace instances (running v1.4.2) with our (home grown) portal
authentication by creating an implicit authentication class that checks for our
portal authentication cookies, and if they are there (and valid), it creates a
DSpace authentication context for the user (creating an ePerson record on the
fly if necessary) - it works pretty well, but I have 2 problems I can't get to
the bottom of and wondered if anyone had any pointers etc.
If a user logs in to our portal and then accesses DSpace and
clicks "My DSpace", the authentication class kicks in and they end up at their
My DSpace page . . . Fine.
The bitstreams in DSpace are protected by a READ
policy that only allows members of the group STIR_USERS to get access (and all
new portal authenticated ePersons are automatically added to this group) - if a
user has a DSpace authentication context in place (i.e. it says "Logged in as"
at the top left), the user can access
protected bitstreams no problem. Fine.
However, if a user
logs on to our portal, and then accesses DSpace (so not actually logged on to
DSpace at this point but portal auth cookies in place), the first time they try
to access a bitstream they get the page "Authorisation Required" -
however, when presented with the "Authorisation Required"
page, it appears that they have been authenticated because the "logged in
as" message has appeared, and hitting refresh brings up the required bitstream
(and subsequent access to bitstreams works fine). So it looks like the
authentication class is being correctly called when they try to access the
bitstream, and the authentication context is being set up, but for some reason I
can't fathom, they don't get access to the bitstream but instead get redirected
to the Authorisation Required screen . . .
The logs give me
16:09:12,594 INFO org.dspace.eperson.StirPortalAuthentication @
16:09:12,594 INFO org.dspace.app.webui.util.Authenticate @
16:09:12,594 INFO org.dspace.app.webui.servlet.DSpaceServlet @
Authorization denied for action READ on BITSTREAM:232 by user 0
- which seems to
suggest some kind of problem - it recognises me as email@example.com but describes
me as "user 0". If I hit refresh, the item appears and the log shows the next
16:09:16,605 INFO org.dspace.app.webui.servlet.BitstreamServlet @
Has anyone else
ever seen this kind of behaviour with an implicit authentication class? Anyone
have any idea why this may be happening? Am I doing something stupid with
permissions? Any ideas where in the code I can dig about to learn more about
what is happening, or any code hack suggestions to make this work the way I
think it should?
authentication is part of an authentication stack with "normal" authentication
below (so external users can create accounts if needs be) - if a user who has
NOT logged on to our portal attempts to access a bitstream the implicit
authentication fails (correctly), and they are routed to the normal DSpace logon
page - I've added a link to this page for our local users which goes to our
portal logon page with a redirect back to the DSpace homepage - I would like,
however, for this redirect to take the user back to whatever page/bitstream they
were trying to access.
So, is there
anyway to pick up the URL of the page they were trying to access (where the
authentication was required) from within the logon JSP page so that I can embed
this in the link to our portal logon page?
possibility is to remove the "normal" authentication class altogether
(understanding that this means no external users can use this instance of
DSpace) and have the portal authentication class automatically route them to our
portal logon (along with an appropriate redirection URL back
to DSpace) if the implicit authentication fails - is this doable? If
so, anyone got any pointers on how best to achieve it?
Thanks in advance
for any suggestions/pointers anyone may have (and to anyone else who bothered to
read to the end of this rather wordy request for help!).
for eLearning Development (CeLD)
(0) 1786 466877
(0) 1786 466880
The University of Stirling (a charity registered in Scotland, number
SCO11159) is a university established in Scotland by charter at Stirling,
FK9 4LA. Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this message (or
responsible for delivery of the message to such person), you may not
disclose, copy or deliver this message to anyone and any action taken or
omitted to be taken in reliance on it, is prohibited and may be unlawful.
In such case, you should destroy this message and kindly notify the sender
by reply email. Please advise immediately if you or your employer do not
consent to Internet email for messages of this kind.