Hi, I've a need to completely disable DSpace authenticated access and use instead iptables(8) for restricting access based on ip-address. Does anybody know the easiest way to achieve this?
Thanks in advance. -- Van Ly On 23/09/2009, at 10:02 AM, Van Ly wrote: > Thanks Larry. > > The desired behavior I'm wanting is for the web browser to ask for > credentials under `basic authentication' in rfc2617. The installed > settings handles a http `GET' request with credentials as expected. > Without credentials, rather than doing [x] it does [y]. > > Originally, had I needed, I had in mind to strip DSpace naked (ie. > without authentication) and as a temporary fix use `iptables(8)' to > control access based on IP. > > But really, whether the browser or the page prompts for credentials > is a cosmetic issue as long as the link is trusted. > > Best wishes, > > Van Ly > vly at usyd dot edu dot au > > -- # [x] `401' points to the web browser's sign-on, expected > behaviour by end-user > 0.000478 num.num.num.103 -> num.num.num.56 HTTP GET / > basicAuthTest/ HTTP/1.1 > 0.000523 num.num.num.56 -> num.num.num.103 TCP http > 54837 [ACK] > Seq=1 Ack=576 Win=7040 Len=0 TSV=1837843610 TSER=1974179631 > 0.002128 num.num.num.56 -> num.num.num.103 HTTP HTTP/1.1 401 > Authorization Required (text/html) > > -- # [y] unexpected behaviour > 0.000550 num.num.num.103 -> num.num.num.4 HTTP GET /bitstream/ > num/num/1/External.pdf HTTP/1.1 > 0.000634 num.num.num.4 -> num.num.num.103 TCP http > 54862 [ACK] > Seq=1 Ack=601 Win=7040 Len=0 TSV=2843474683 TSER=1974184374 > 0.047864 num.num.num.4 -> num.num.num.103 HTTP HTTP/1.1 302 > Moved Temporarily > > -- #[y'] `302' points to the DSpace sign-on > num.num.num.103 - - [22/Sep/2009:17:04:12 +1000] "GET /bitstream/ > num/num/1/External.pdf HTTP/1.1" 302 - > num.num.num.103 - - [22/Sep/2009:17:04:12 +1000] "GET /password- > login HTTP/1.1" 200 4743 > > On 11/09/2009, at 12:36 PM, Larry Stone wrote: > >> If you just want to deny all access based on the requestor's IP >> address, that is best done in the web server or servlet >> container. If you're using "naked" Tomcat, see the doc for >> org.apache.catalina.valves.RemoteAddrValve. If you're using >> Apache httpd it's very easy to configure, just see the server docs. >> >> -- Larry >> >> On Sep 10, 2009, at 9:50 PM, Van Ly wrote: >> >>> >>> Hi, >>> >>> I may have a situation where one of the items in the list for >>> `plugin.sequence.org.dspace.eperson.AuthenticationMethod' isn't >>> behaving as expected. >>> >>> To work around, if I need to put up a firewall to restrict access >>> based on ip-address and bypass the authentication mechanism >>> entirely, >>> what would be a way? >>> >>> Thanks in advance. >>> >>> Van Ly >>> vly at usyd dot edu dot au >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------- >>> ---------- >>> Let Crystal Reports handle the reporting - Free Crystal Reports >>> 2008 30-Day >>> trial. Simplify your report design, integration and deployment - >>> and focus on >>> what you do best, core application coding. Discover what's new with >>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>> _______________________________________________ >>> DSpace-tech mailing list >>> DSpace-tech@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> > > > > > > Van Ly vly at usyd dot edu dot au ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
