[
https://jira.duraspace.org/browse/DS-1064?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robin Taylor updated DS-1064:
-----------------------------
Fix Version/s: post-1.8.0
Added post-1.8.0 as a 'fix version' since the change is also committed to trunk.
Cheers.
> Authentication error with external login in JSPUI
> -------------------------------------------------
>
> Key: DS-1064
> URL: https://jira.duraspace.org/browse/DS-1064
> Project: DSpace
> Issue Type: Bug
> Components: JSPUI
> Reporter: Kevin Van de Velde
> Assignee: Kevin Van de Velde
> Priority: Major
> Fix For: 1.8.1, post-1.8.0
>
> Attachments: authentication_error.patch
>
>
> To reproduce this bug do the following:
> * The repository has to have a login mechanism that requires users to login
> on a different web site then where the DSpace is located.
> * A non logged in user clicks on a bitstream url (to which only certain users
> have access) & is sent to the login mechanism.
> * The login is completed successfully so the user is sent back to the
> bitstream url (he is logged in as a proper user so should have access).
> * The user will see an authorize exception
> * When the user refreshes the page the bitstream will be accessible.
> Now why does to happen ?
> The first time the user attempt to retrieve the file an authorize exception
> is thrown which is caught in the DSpaceServlet.java & the startAuthentication
> method will be called upon.
> If the first "if" fails (due to for example bad arguments) the user will be
> redirected to the authentication website.
> When the authentication website is done the user is sent back to the
> bitstream page which results in another authorize exception (since even
> though he might have the proper argument no login has occurred).
> In this case the exception will again be caught by the DSpaceServlet.java &
> the startAuthentication will be called again, only this time it is
> successfull resulting in the method returning true & so the
> DSpaceServlet.java sends us to an "not authenticated" page. (Even though we
> are authenticated & might have access)
> I am not 100% sure this is a bug (or even if it is if my fix is the correct
> one), but I have attached a patch that will solve the issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.duraspace.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
