Hi All, I have a stackable authentication class which obtains credentials from a request. When I access a protected bitstream, the auth class works (credentials are parsed and all ok) however the context user is still null although setCurrentUser() is called before returning the SUCCESS status. The flow is:
- attempt to access protected bitstream - AuhorizeAction happens, fails, throws AuthorizeException - Authenticate.startAuthentication occurs and my class in invoked with success - After return from startAuthentication the currentUser is still null (even though explicitly being set in the authenticate method), so the request fails with access denied to user 0 (default value when getCurrentUser() is null). As my class is implicit authentication there is no redirection either. I don't understand why this is null, the log message shows: 2007-06-18 14:31:47,032 INFO org.dspace.app.webui.servlet.DSpaceServlet @ myuser:session_id=AB51545186B04E419B63AD9FF140C7BF:ip_addr=150.203.2.97:authorize_error:org.dspace.authorize.AuthorizeException: Authorization denied for action READ on BITSTREAM:32978 by user 0 showing that the "myuser" user is the current user (at least in the logHeader!) but not in the context object. Anyone done this before? My code is almost identical to the X509 auth, the only real difference being where the credentials are taken from. There are no problems with the credentials or request itself, just something I'm missing with the auth flow I suspect. Scott. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
