[Dspace-devel] [DSpace-JIRA] Work started: (DS-309) Shiboleth default roles are applied also to anonymous user and user logged-in with other methods

Sat, 19 Sep 2009 08:07:40 -0700 

     [ 
http://jira.dspace.org/jira/browse/DS-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Work on DS-309 started by Andrea Bollini.

> Shiboleth default roles are applied also to anonymous user and user logged-in 
> with other methods
> ------------------------------------------------------------------------------------------------
>
>                 Key: DS-309
>                 URL: http://jira.dspace.org/jira/browse/DS-309
>             Project: DSpace 1.x
>          Issue Type: Bug
>          Components: DSpace API
>    Affects Versions: 1.5.2
>            Reporter: Andrea Bollini
>            Assignee: Andrea Bollini
>             Fix For: 1.6.0
>
>         Attachments: ds-309-shib-default-roles.patch
>
>
> The getSpecialGroup method doesn't check if there is any user logged in and 
> go ahead to process any default roles or affiliation/group mapping included 
> in the configuration this allow anonymous user to take advantage of the 
> default shib roles.
> In addition if wehave more then one authentication method configured, as for 
> example the x509 method, we are not able to know from which method an user 
> come from, this mean that also adding a check in the getSpecialGroup to see 
> if an user is logged in we will continue to give default shib roles also to 
> user that are logged in from another authentication method.
> I'm going to fix this bug storing in the user session the auth method used 
> for the login. A patch will be posted soon.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel

Reply via email to