[Archive-access-discuss] Wayback 1.6 Authentication

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,
Here at the Library of Congress, we use the Wayback authentication property to limit access based on IP range for our QR Wayback, and for our public Wayback, in combination with exclusionFactory, to distinquish between sites that can only be viewed onsite (IP range) and those that can be viewed both on- and off-site. 

We have been testing authentication with 1.6. and it's not working as expected.

When it is setup as stated in the documentation, the user gets a Secure Login popup, regardless of IP range. If we combine with IP filter with the exclusionFactory, the excluded URL are always blocked, no matter what the client's IP range. 

Here is an example of our authentication property:

Authentication Property without exclusionFactory:
<property name="authentication">
      <bean name="ndiippAccess" class="org.archive.wayback.authenticationcontrol.AccessControlSettingOperation">
        <property name="operator">
          <bean class="org.archive.wayback.util.operator.NotBooleanOperator">
            <property name="operand">
              <bean class="org.archive.wayback.authenticationcontrol.IPMatchesBooleanOperator">
                <property name="allowedRanges">
                  <list>
                    <value>140.147.236.194/16</value>
                  </list>
                </property>
              </bean>
            </property>
          </bean>
        </property>
        <property name="factory" ref="ndiipp-exclusion-list" />
      </bean>
    </property>

Thanks,
Laura Graham
Library of Congress