Hi Stuart,
I was able to confirm that IP authentication is working by setting the log
level to DEBUG. Users coming from configured IPs are getting the special
group ID added, as expected. However, I am still unable to give such users
READ access to bitstreams that (only) have a READ authorization for the
above group.
To rephrase the above, the bitstreams of certain items contain a READ
authorization for the group CAMPUS, and no other READ authorizations. In
dspace.cfg, there exists an IP authentication property for the group CAMPUS
(ip.authenticate.CAMPUS = ...). Anonymous users coming from the configured
IP ranges for the group CAMPUS are still unable to read bitstreams.
At this point, I am wondering if there is something I am missing. Again, I
appreciate all of your assistance thus far.
Thanks,
Dave Falke
On Tue, Mar 16, 2010 at 6:39 PM, Stuart Lewis <[email protected]>wrote:
> Hi Dave,
>
> To check IP Authentication is working OK:
>
> - Use the DEBUG level for your logs to see some extra messages:
> http://wiki.dspace.org/index.php/TechnicalFaq#Setting_logging_level_up_to_DEBUG
> - When the IP Authenticator first starts up, you should see some messages
> about it reading dspace.cfg and setting up 'matchers' to link IP addresses
> to group names:
> - log messages should read something like: log.debug("Configured " +
> entry + " for special group " + groupName);
> - When a user is authenticated using the IP authentication, you should see
> more messages in dspace.log:
> - log messages should read something like:
> log.debug(LogManager.getHeader(context, "authenticated", "special_groups=" +
> gsb.toString()));
>
> Hopefully this will help you work out if IP authentication is working or
> not.
>
> Hope that helps,
>
>
> Stuart Lewis
> IT Innovations Analyst and Developer
> Te Tumu Herenga The University of Auckland Library
> Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand
> Ph: 64 9 373-7599 x81928
> http://www.library.auckland.ac.nz/
>
>
> On 17/03/2010, at 10:23 AM, Dave Falke wrote:
>
> > Simon,
> >
> > Thank you for the advice. I guess I was generalizing a bit too much based
> on administrator behaviors.
> >
> > Regarding Stuart's recommendation of extending EmbargoSetter to meet our
> needs, I created a local subclass of EmbargoSetter to set the READ
> permission for the bundle and the bitstreams, for the group that is defined
> in the IP authentication section. This is done after all READ permissions
> are removed from the bitstream. Inspecting the authorizations on embargoed
> items, the permissions are being applied as expected.
> >
> > I am still unable to read the bitstreams for the embargoed items when I
> am accessing the collection from an IP address listed in dspace.config. To
> be sure that the read permission was being recognized for the group, I
> created a new user and added that user to the group. When I logged in as
> that user, I was able to read the bistreams for embargoed items.
> >
> > This leads me to believe that there must be a problem with how I
> configured IP authentication. The following snippets are from
> [dspace]/config/dspace.cfg (group name and IP address have been obfuscated):
> >
> > 377 plugin.sequence.org.dspace.
> > authenticate.AuthenticationMethod = \
> > 378 org.dspace.authenticate.IPAuthentication, \
> > 379 org.dspace.authenticate.PasswordAuthentication
> >
> > 506 authentication.ip.GROUP = xxx.xxx.xxx.xxx/18
> >
> >
> > I hope I am not being too forward, but I feel like there might be
> something fundamental that I am not understanding. Any pointers are greatly
> appreciated.
> >
> > Thank you,
> > Dave Falke
> >
> >
> > On Fri, Mar 12, 2010 at 11:20 AM, Simon Brown <[email protected]> wrote:
> >
> > On 11 Mar 2010, at 20:41, Dave Falke wrote:
> >
> > > Thanks for the response, Stuart. That is what I was thinking. I had
> > > also added a DEFAULT_BITSTREAM_READ policy on the collection for
> > > administrators, and I was still able to view embargoed items when
> > > logged in as an administrator. This led me to believe that not all
> > > READ permissions were not being removed from the bitstreams.
> >
> > You probably shouldn't be basing any conclusions on what being logged
> > in as an admin lets you do. Admins are special in many ways, because
> > it's hard to admin a repository you don't have access to bits of. You
> > should do all your testing of access-related stuff with a non-admin
> > account.
> >
> > --
> > Simon Brown <[email protected]> - Cambridge University Computing Service
> > +44 1223 3 34714 - New Museums Site, Pembroke Street, Cambridge CB2 3QH
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Download Intel® Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > _______________________________________________
> > Dspace-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/dspace-devel
> >
> >
> ------------------------------------------------------------------------------
> > Download Intel® Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> >
> http://p.sf.net/sfu/intel-sw-dev_______________________________________________
> > Dspace-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/dspace-devel
>
>
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
