Hi Peter, we use IPAUTH (in addition to Shibboleth special groups) so that
our on-campus users can access restricted resources without logging in,
too..
I haven't noticed this particular issue -- Discovery has appeared to be
working from what I've seen but I've mostly been testing access to the
items/bitstreams themselves, so I'll take a look at our logs, too.
>From my quick testing so far it's looking like I can reproduce the issue
you're talking about -- as an Anonymous user with only IPAUTH granting me
an extra special group, I can access all the resources I need to, but
Discovery is ignoring my special group and hiding recent submissions /
search results from me.
The assumption that (currentUser == null) always means "Anonymous only" is
definitely an assumption that's going to break special groups like IPAUTH..
so I think you're onto something there. Which classes are you looking at?
Cheers
Kim
On 5 September 2014 07:04, Peter Dietz <[email protected]> wrote:
> Hi All,
>
> I was wondering if anyone is using the IPAuthentication mechanism, where
> you can have anonymous users who happen to be on a certain IP address range
> (i.e. campus / regional campus), and should be able to view that restricted
> content without having to log in.
>
> However, I'm having some issues, as I don't think that Discovery is
> actually checking the current user (anonymous user that could have "special
> groups"). I've noticed some difference in behavior when I'm visiting the
> site as anonymous user (not logged in), and also while logged in as a user
> who has no credentials (member of anonymous group though).
> i.e. some of the authentication / context logic goes
> if(currentUser != null) {...
>
> I've checked that Discovery has indexed the content correctly, which
> appears to be correct. i.e. ?q=handle:123456789/3456
> And that item has read:"g7"
>
> My config/modules/authentication-ip.cfg has something like:
> (Production it is different values).
>
> ip.CAMPUS = 127.0.0.1
>
> And group CAMPUS, groupID: 7.
>
>
> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPMatcher @ ipIn:
> 127.0.0.1
>
> 2014-09-04 14:50:17,145 DEBUG org.dspace.authenticate.IPAuthentication @
> anonymous:session_id=23AB7F7C2C8DA06BE556148B855E1D01:authenticated:special_groups=7
>
> 2014-09-04 14:50:17,146 DEBUG org.dspace.app.xmlui.utils.ContextUtil @
> Adding Special Group id=7
>
>
> When Discovery makes the check, I appears to have discarded the special
> group, and the query (I've added some debug)
>
> 2014-09-04 14:50:17,282 DEBUG
> org.dspace.discovery.SolrServiceResourceRestrictionPlugin @ ResourceQuery:
> read:(g0)
>
> Where g0 is anonymous group. It should have been "g0 OR g7".
>
>
> So, if anyone has run across this issue, or would like to look into it,
> please let me know.
>
> ________________
> Peter Dietz
> Longsight
> www.longsight.com
> [email protected]
> p: 740-599-5005 x809
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> DSpace-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
