Hello all,
I am running dspace 1.4.1 on linux v3 update 6 with Apache Tomcat 6.0.1
and Postgres 8.2-506.
While experimenting with groups and restricting user access to various
collections I noted that it is possible to log out the system then
attempt to access an item in a collection which is not normally publicly
accessible. The system will indicated that the user that created the
item is logged in one instance and in another similar experiment a user
who was made part of a group with the required access rights will then
appear as logged on thus allowing the unprivileged user access to the
item.
Has anyone encountered this before??
Printed below is my dspace log of what transpires... it is not clear to
me what the "anonymous session ID" is referring to as the system
displays a privileged user as logged being logged in at the point when
you select a normally inaccessible item.....
2008-05-21 16:10:11,958 INFO org.dspace.core.ConfigurationManager @
DSpace logging installed using log4j.properties
2008-05-21 16:10:13,625 INFO org.dspace.core.ConfigurationManager @
DSpace logging installed using log4j.properties
2008-05-21 16:10:43,372 INFO
org.dspace.app.webui.servlet.CommunityListServlet @
anonymous:session_id=67BE8B1F32E86A078726E6D8BE8D13FD:ip_addr=192.168.25
4.3:view_community_list:
2008-05-21 16:10:45,783 INFO org.dspace.content.MetadataField @ Loading
MetadataField elements into cache.
2008-05-21 16:10:45,904 INFO org.dspace.content.MetadataSchema @
Loading schema cache for fast finds
2008-05-21 16:10:48,416 INFO org.dspace.app.webui.servlet.DSpaceServlet
@
anonymous:session_id=67BE8B1F32E86A078726E6D8BE8D13FD:ip_addr=192.168.25
4.3:view_collection:collection_id=23
2008-05-21 16:12:09,321 INFO
org.dspace.app.webui.servlet.BitstreamServlet @
anonymous:session_id=67BE8B1F32E86A078726E6D8BE8D13FD:ip_addr=192.168.25
4.3:view_bitstream:bitstream_id=156
2008-05-21 16:14:06,680 INFO org.dspace.app.webui.servlet.DSpaceServlet
@
anonymous:session_id=67BE8B1F32E86A078726E6D8BE8D13FD:ip_addr=192.168.25
4.3:view_collection:collection_id=23
2008-05-21 16:14:12,111 INFO
org.dspace.app.webui.servlet.CommunityListServlet @
anonymous:session_id=67BE8B1F32E86A078726E6D8BE8D13FD:ip_addr=192.168.25
4.3:view_community_list:
2008-05-21 16:15:00,807 INFO org.dspace.app.webui.servlet.DSpaceServlet
@
anonymous:session_id=67BE8B1F32E86A078726E6D8BE8D13FD:ip_addr=192.168.25
4.3:view_collection:collection_id=23
Any input appreciated...
Thanks,
Nigel Pegus
Systems Unit
The Main Library
The University of the West Indies
6622002x2241
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
