Thanks, Its an interesting proposal, however, this is very much a
configuration decision made by the system administrator of the system
that DSpace is running on and I don't think it possible to "add-on"
to dspace 1.5.
Generally speaking, configuring https is done either at the Apache
level (if using mod_jk) or at the tomcat server configuration level,
the DSpace UI is a webapplication installed in a servlet container
and as such the individual installing it may not be a system
administrator. Controlling what portions of the site are protected
and which are not is done at that higher level. Not only do we not
have any current "build time" configuration of such services, but
they are very diverse and it is difficult to predict let alone code
for such configurations across OS and variants of servlet containers.
I think the best we can do is to enhance the documentation so that
there are examples of such configuration on various platforms.
To answer your question concerning how to control access to tomcat
over https, look into using mod_rewrite in your Apache configuration
to map specific paths to be forward to https and others to http.
Heres an example of what we do for dspace.mit.edu
## SSL Virtual Host Context
<VirtualHost 18.51.3.32:443>
ServerAdmin [EMAIL PROTECTED]
ServerName dspace.mit.edu
DocumentRoot /home/dspace/dspace.mit.edu/html
...
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/certificate-login.*
RewriteCond %{REQUEST_URI} !^/password-login.*
RewriteRule ^/(.*) http://%{HTTP_HOST}/$1 [L,R]
# Set SSL variables to work with dspace stackable
authentication methods
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT
JkOptions +ForwardKeySize +ForwardURIEscaped
+ForwardURICompat
# SSL Engine Switch:
SSLEngine on
# Server Certificate:
SSLCertificateFile /etc/apache2/ssl/...
# Server Private Key:
SSLCertificateKeyFile /etc/apache2/ssl/...
# Certificate Authority (CA):
SSLCACertificateFile /etc/apache2/ssl/...
# Force X.509 certificates to be used for this location
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate
# SSL Protocol Adjustments:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-
shutdown downgrade-1.0 force-response-1.0
JkMount / ajp13
JkMount /* ajp13
</VirtualHost>
<VirtualHost 18.51.3.32:80>
ServerAdmin [EMAIL PROTECTED]
ServerName dspace.mit.edu
DocumentRoot /var/www/dspace.mit.edu/htdocs
ErrorLog /var/log/apache2/dspace_error_log
CustomLog /var/log/apache2/dspace_access_log combined
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/certificate-login.* [OR]
RewriteCond %{REQUEST_URI} ^/password-login.*
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
SSLEngine off
JkMount / ajp13
JkMount /* ajp13
</VirtualHost>
thank you,
Mark Diggory
On May 23, 2007, at 8:27 AM, Tellier, Stephane wrote:
Hi all,
should that be an official add-on to the DSpace 1.5? I mean for
some parts, because we still need to get a certificate, which
cannot be generic for all of course. But I think that the next
official version should at least gets the minimum changes and
parameters so that we can easily put the login in https and not the
other pages. Some configurations for that feature are surely the
same for any kind of DSpace site and I'm pretty sure that it is a
popular request : it's quite logical to have an authentication in
https, almost a necessity.
Any thoughs about that?
thanks
De: [EMAIL PROTECTED] de la part de Jayan
Chirayath Kurian
Date: mar. 2007-05-22 22:18
À: Jimmy
Cc: [email protected]
Objet : Re: [Dspace-tech] @hi, about problem with search
Hi! Jimmy,
I need to access DSpace login page using HTTPS and all other pages
using HTTP. I could do HTTPS access for all pages. Please suggest.
Thanks,
Jayan
From: [EMAIL PROTECTED] [mailto:dspace-tech-
[EMAIL PROTECTED] On Behalf Of Jimmy
Sent: Wednesday, May 23, 2007 10:14 AM
To: Myroslav Rys
Cc: [email protected]
Subject: Re: [Dspace-tech] @hi, about problem with search
Hi,
You need to alter the [CATALINA_HOME]/conf/server.xml file as belows:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" redirectPort="8443"
acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
URIEncoding="UTF-8"/>
Hope it helps.
Regards,
Jimmy.
On 5/23/07, Myroslav Rys <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
postgresql 8.1.9
apache 2.2.4 with mod_jk 1.2.22
tomcat 5.5
dspace 1.4.2
have problem with search in cyrillic (Ukraine)
no problem search with English,
but strong problem search with Ukraine.
put in search field "з"
and getting "з"
put in Advanced Search field "з"
and getting "÷"...
what problem?
p.s. dspace url: http://www.dspace.humanities.org.ua/
- -------------------
Myroslav Rys
[EMAIL PROTECTED]
http://www.stone.org.ua
http://www.fabula.org.ua
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFGU5kEj+/LkYrmSjERAkQWAKCXh+Zb2+K5bhex8QkShStRY/yQxgCdFFSq
jhK1wThlBK4YS189FssHxGA=
=VzhA
-----END PGP SIGNATURE-----
----------------------------------------------------------------------
---
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
----------------------------------------------------------------------
---
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
~~~~~~~~~~~~~
Mark R. Diggory - DSpace Systems Manager
MIT Libraries, Systems and Technology Services
Massachusetts Institute of Technology
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
