This is a follow up on to my previous post titled 'CC_LICENSE , IP
Authentication / javascript or custom code ?'
In the meantime I developed code that does what we need and may be useful to
others. But before I go through the effort of pushing code to my github and
documenting and all that I want toknow first whether you are interested:
This is working with dspace 1.8. and JSPUI - the logic of accepting an
agreement and handling timeouts is implemented in its own class:
org/dspace/app/webui/util/ViewAgreement.java. Thus integration in XMLUI should
be straight forward.
Now here how it works:
in dspace.cfg you configure which items/collections/communities need to show
an agreement, before they hand the bitstream out to a requester. The configs
look like this:
88435/1098.bitstream_view_agreement_file = theses
88435/1098.bitstream_view_timeout = 15
88435/1098 is the handle: may be the handle of any item collection community
theses is the name of a file found in $(dspace.dir}/agreements -
html format
15 means 15 minutes until agreement times out
The effect is that DSPACE hands bitstreams inside '88435/1098’ to the user, if
s/he has previously agreed within the last 15 minutes. If that is not the case,
DSPACE shows an agreement page using the html from the theses file, where the
user gets to decide whether to click
1) ‘I Agree’ which leads on to the bitstream
2) ‘I disagree’ which closes the window and does nothing else
To achieve this, I implemented the ViewAgreement class which does all the
handling of setting status in and retrieving status from the session. The
BitStreamServlet in doDSGet uses the following code to handle showing the
agreement page where necessary:
// check whether we need to make user sign agreement before proceeding
if (ViewAgreement.mustAgree(request.getSession(), ref.item)) {
log.info(LogManager.getHeader(context, "view_bitstream",
"handle=" + ref.item.getHandle() + ",mustAgree=true"));
request.setAttribute("item", ref.item);
JSPManager.showJSP(request, response, "/bitstream-agreement.jsp");
return;
}
bitstream-agreement.jsp is very simple. It uses
ViewAgreement.getText(request.getSession(), item);
to get the correct agreement text and posts to the BitstreamServlet when ‘I
Agree’ is clicked.
I factored the code from doDSGet, that analyzes the request path, out into a
helper class: ReferredObjects, so I could reuse it in the new implementation of
the new doDSPost method to map the path to item and bitstream.
protected void doDSPost(Context context, HttpServletRequest request,
HttpServletResponse response) throws
ServletException, IOException,
SQLException, AuthorizeException
{
ReferredObjects ref = new ReferredObjects(context, request);
if (ref.item != null && ref.bitstream != null &&
!ref.item.isWithdrawn()) {
String buttonPressed;
buttonPressed = UIUtil.getSubmitButton(request, "submit_noagree");
if (buttonPressed.equals("submit_agree")) {
ViewAgreement.doAgree(request.getSession(), ref.item);
response.sendRedirect(request.getRequestURI());
return;
}
}
super.doDSPost(context, request, response);
}
And that is pretty much it.
Please let me know whether you think it is worth my time to push the code out
and yours to review it
Monika
________________
Monika Mevenkamp
phone: 609-258-4161
Lewis Library,Washington Road and Ivy Lane, Princeton University, Princeton, NJ
08544
On Jan 10, 2014, at 4:28 PM, Monika C. Mevenkamp
<moni...@exchange.princeton.edu<mailto:moni...@exchange.princeton.edu>> wrote:
I recently started to work at Princeton University as Digital Repository
Programmer where I am working with their DataSpace/DSPACE instance, version
1.8.2 using jspui. A couple years ago I was at Georgia tech working with
SMARTech. Lots has changed and I am trying to get up to speed again.
>From reading DSpace 1.8 documentation I understand that CC_LICENSEs are part
>of a items. They are meant to describe what a user can do with bitstreams. As
>I understand the CC_LICENSE is defined when submitting an item. It is either
>set to the default or to the license of the containing collection. Setting
webui.licence_bundle.show = true
changes the ItemTag display a bit. It appears that only admin users can then
download bistreams.
Stepping back: Our DSPACE instances has a community with collections which
contain senior theses documents. Access to these is supposed to be restricted
to University members and site visitors should be made very aware of what they
can and can not do with these files: aka read, print, but do not share with
outsiders.
For access restriction I am envisioning using IPAuthentication. I understand
that I need to enter our specific values in
dspace/config/modules/authentication-ip.cfg file. I am envisioning a stack,
where first our custom authentication code is tried, then IP Authentication,
and then the Anonymous user is ‘authorized’. How do I tie a pseudo user
account to IP authentication ?
We would like to make site users explicitly agree to our custom license when
they download a bitstream from a senior theses collection. Ideally DSPACE
should remember that agreement acceptance for a specified duration. Looking at
the code I came up with the following plan:
* use collection’s CC_LICENSE to define the license agreement to be shown
* change BitstreamServlet:DSGet method such that
* if item’s collection is not listed in in webui.confirm-license.
collections setting do as before
* else:
* if session contains a time stamp for the given collection that is
within webui.confirm-license-aftermin do as before
* else redirect to /agreement with bitstream parameter
* add AgreemntServlet (is that what it would be - I am not much of JSP
developer)
* DSGet: display a custom jsp page that shows the agreement and a
‘Cancel’, ‘Accept’ button, ‘Cancel’ just navigates back and Accept triggers
POST /agreement with bitstream param
* DSPost: sets agreement time stamp for community and redirects to
/bistream/….
So now - in theory this seems not a huge project. In practice, as I said I am
not much of JSP/Servlet developer. How are redirects done for example - I have
no idea. Maybe instead, I should go ahead and try to hack something up based in
Javascript and cookies - which would involve exposing the bitstream url in the
html page. Since there would be no changes server side a skilled user could
peel that bitstream out of the HTML and just go ahead and download. So not
quite as good a solution.
I’d appreciate some feedback in terms whether my general approach is sound and
the effort that might be involved. At the moment: I still do not actually have
a satisfactory development environment setup.
Thanks
Monika
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
