-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Scott if this is not a bug it is a problem ;-) ... A simple solution, as you remark, can be add redirection also at implicit authentication i.e. in org.dspace.app.webui.util.Authenticate, line 195 add response.sendRedirect(UIUtil.getOriginalURL(request)); Andrea
Scott Yeadon wrote: > OK, it's not null, the authentication succeeds, but since the code drops > down into the AuthorizationException handling of the DSpaceServlet.java, > there is no redirection (implicit authentication) so it bombs out. Is > this a bug? > > Scott. > > Scott Yeadon wrote: >> Hi All, >> >> I have a stackable authentication class which obtains credentials from >> a request. When I access a protected bitstream, the auth class works >> (credentials are parsed and all ok) however the context user is still >> null although setCurrentUser() is called before returning the SUCCESS >> status. The flow is: >> >> - attempt to access protected bitstream >> - AuhorizeAction happens, fails, throws AuthorizeException >> - Authenticate.startAuthentication occurs and my class in invoked with >> success >> - After return from startAuthentication the currentUser is still null >> (even though explicitly being set in the authenticate method), so the >> request fails with access denied to user 0 (default value when >> getCurrentUser() is null). As my class is implicit authentication >> there is no redirection either. >> >> I don't understand why this is null, the log message shows: >> 2007-06-18 14:31:47,032 INFO >> org.dspace.app.webui.servlet.DSpaceServlet @ >> myuser:session_id=AB51545186B04E419B63AD9FF140C7BF:ip_addr=150.203.2.97:authorize_error:org.dspace.authorize.AuthorizeException: >> Authorization denied for action READ on BITSTREAM:32978 by user 0 >> >> showing that the "myuser" user is the current user (at least in the >> logHeader!) but not in the context object. >> >> Anyone done this before? My code is almost identical to the X509 auth, >> the only real difference being where the credentials are taken from. >> There are no problems with the credentials or request itself, just >> something I'm missing with the auth flow I suspect. >> >> Scott. >> >> > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > DSpace-tech mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > - -- Dott. Andrea Bollini Responsabile tecnico sviluppo e formazione applicativi JAVA Sezione Servizi per le Biblioteche e l'Editoria Elettronica CILEA, http://www.cilea.it tel. +39 06-59292831 cel. +39 348-8277525 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGd3sc3atKrZgxpVcRAvZdAJ0T3XF8amIjGv7+daQEp2sI31pmjgCdG003 gS+l7sDzK8mnEMdrTG+dq5g= =otDH -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
