Community,
I've been reviewing the changes to BitstreamReader. Specifically the
behavior for the Restricted Resource / Request a Copy.
*mdiggory$ curl -I
http://localhost:8080/bitstream/handle/123456789/3/foo.pdf?sequence=1&isAllowed=y
<http://localhost:8080/bitstream/handle/123456789/3/foo.pdf?sequence=1&isAllowed=y>*
*HTTP/1.1 302 FoundServer: Apache-Coyote/1.1X-Cocoon-Version:
2.2.0Location:
http://localhost:8080/handle/123456789/3/restricted-resource?bitstreamId=1
<http://localhost:8080/handle/123456789/3/restricted-resource?bitstreamId=1>Date:
Sun, 14 Dec 2014 08:53:12 GMT...*
My concern is that this issues a 302 for a protected resource, where
instead *it would be more appropriate that a 403 or a 401* *should be
issued*.
My opinion is that DSpace's behavior has lead to a situation where much
work needs to go into clearing search engine caches. this is caused because
the resource is not properly cleared from the search engine cache because
they heavily rely on 403/401 as a cue that the content needs to be taken
off line.
I would recommend that restricted access / request a copy should be
presented as an exception error page and properly return a 403/401
response. This would still assure the correct response while still showing
something user friendly.
I see some work was done to create "themed error page". But, I note that it
is not really themed in the same way as the rest of the xmlui pages. I
believe we have a better way to do this, and that both these issues can be
alleviated by properly using the Cocoon exception framework.
The solution is that exceptions should be managed in the theming pipeline
sitemap instead of the default sitemap. This approach has been employed in
Dryad and provides properly themed error responses. This can be seen by
creating some incorrect url responses in http://datadryad.org
The solution can be gleaned from the following alterations:
1.) Remove the exceptions from the default sitemap.xmap
<https://github.com/datadryad/dryad-repo/blob/dryad-master/dspace/modules/xmlui/src/main/webapp/sitemap.xmap#L607>
2.) Place exception handling into the theme sitemap
<https://github.com/datadryad/dryad-repo/blob/dryad-master/dspace/modules/xmlui/src/main/webapp/themes/Mirage/sitemap.xmap#L194>,
where exceptions will be converted to DRI and Themed, This can includes
presenting request a copy forms and/or redirecting to login.
Using this strategy it is possible to:
a.) configure alternative responses for error pages
b.) properly theme the error response with the same branding as the rest of
the site
c.) assure the correct error code.
I would highly recommend this approach over issuing a 302 redirect. It
would provide a more correct response that will assure when bitstreams
restricted after mistaken exposure, that they are not left floating around
in the caches of search engines.
Regards,
Mark
--
[image: @mire Inc.]
*Mark Diggory*
*2888 Loker Avenue East, Suite 315, Carlsbad, CA. 92010*
*Esperantolaan 4, Heverlee 3001, Belgium*
http://www.atmire.com
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel
