OK, it's not null, the authentication succeeds, but since the code drops down into the AuthorizationException handling of the DSpaceServlet.java, there is no redirection (implicit authentication) so it bombs out. Is this a bug?
Scott. Scott Yeadon wrote: > Hi All, > > I have a stackable authentication class which obtains credentials from > a request. When I access a protected bitstream, the auth class works > (credentials are parsed and all ok) however the context user is still > null although setCurrentUser() is called before returning the SUCCESS > status. The flow is: > > - attempt to access protected bitstream > - AuhorizeAction happens, fails, throws AuthorizeException > - Authenticate.startAuthentication occurs and my class in invoked with > success > - After return from startAuthentication the currentUser is still null > (even though explicitly being set in the authenticate method), so the > request fails with access denied to user 0 (default value when > getCurrentUser() is null). As my class is implicit authentication > there is no redirection either. > > I don't understand why this is null, the log message shows: > 2007-06-18 14:31:47,032 INFO > org.dspace.app.webui.servlet.DSpaceServlet @ > myuser:session_id=AB51545186B04E419B63AD9FF140C7BF:ip_addr=150.203.2.97:authorize_error:org.dspace.authorize.AuthorizeException: > > Authorization denied for action READ on BITSTREAM:32978 by user 0 > > showing that the "myuser" user is the current user (at least in the > logHeader!) but not in the context object. > > Anyone done this before? My code is almost identical to the X509 auth, > the only real difference being where the credentials are taken from. > There are no problems with the credentials or request itself, just > something I'm missing with the auth flow I suspect. > > Scott. > > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
