[
https://jira.duraspace.org/browse/DS-1064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Van de Velde updated DS-1064:
-----------------------------------
Fix Version/s: 1.8.1
> Authentication error with external login in JSPUI
> -------------------------------------------------
>
> Key: DS-1064
> URL: https://jira.duraspace.org/browse/DS-1064
> Project: DSpace
> Issue Type: Bug
> Components: JSPUI
> Reporter: Kevin Van de Velde
> Assignee: Kevin Van de Velde
> Priority: Major
> Fix For: 1.8.1
>
> Attachments: authentication_error.patch
>
>
> To reproduce this bug do the following:
> * The repository has to have a login mechanism that requires users to login
> on a different web site then where the DSpace is located.
> * A non logged in user clicks on a bitstream url (to which only certain users
> have access) & is sent to the login mechanism.
> * The login is completed successfully so the user is sent back to the
> bitstream url (he is logged in as a proper user so should have access).
> * The user will see an authorize exception
> * When the user refreshes the page the bitstream will be accessible.
> Now why does to happen ?
> The first time the user attempt to retrieve the file an authorize exception
> is thrown which is caught in the DSpaceServlet.java & the startAuthentication
> method will be called upon.
> If the first "if" fails (due to for example bad arguments) the user will be
> redirected to the authentication website.
> When the authentication website is done the user is sent back to the
> bitstream page which results in another authorize exception (since even
> though he might have the proper argument no login has occurred).
> In this case the exception will again be caught by the DSpaceServlet.java &
> the startAuthentication will be called again, only this time it is
> successfull resulting in the method returning true & so the
> DSpaceServlet.java sends us to an "not authenticated" page. (Even though we
> are authenticated & might have access)
> I am not 100% sure this is a bug (or even if it is if my fix is the correct
> one), but I have attached a patch that will solve the issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
