Hi Stuart, Thanks for the info! This keeps getting better :)
regards, Kristian On Sun, 21 Nov 2010, Stuart Lewis wrote: > Hi Kristian, > > The part of the code to look at would probably be the 'special groups' > functionality. See: > > - > http://scm.dspace.org/trac/dspace/browser/dspace/trunk/dspace-api/src/main/java/org/dspace/authenticate > > In each authentication method class there is a function called > 'getSpecialGroups()'. You can use these to lookup attributes of a user (e.g. > from LDAP or Shibboleth) to decide whether what groups they should be a > member of. > > The nice thing about 'special groups' is that a user is only in that group > for the session that they are logged in for. If in the future their > attributes changes so that they are not now in that group, then this is > updated as they won't be in that 'special group' any more. > > Thanks, > > > Stuart Lewis > IT Innovations Analyst and Developer > Te Tumu Herenga The University of Auckland Library > Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand > Ph: +64 (0)9 373 7599 x81928 > > > > On 21/11/2010, at 1:26 AM, Kristian Salcedo wrote: > >> Hi Bram, >> Thanks a lot for your swift and thorough answer. >> This looks promising :) >> regards, >> Kristian >> >> On 19. nov. 2010, at 17.07, Bram Luyten <[email protected]> wrote: >> >>> Hi Kristian, >>> >>> section 2.7 and 2.8 cover authentication and authorization. >>> http://www.dspace.org/1_6_2Documentation/ch02.html#N102B8 >>> >>> more detail: 5.2.11 on authentication >>> http://www.dspace.org/1_6_2Documentation/ch05.html#N12A26 >>> >>> and 3.7 on authorization >>> http://www.dspace.org/1_6_2Documentation/ch13.html#N17F3C >>> >>> In context of some of our projects it was definitely worth the time and the >>> effort to leverage authorization information in other sources, to be >>> "mapped" to authorizations in DSpace. >>> For example, given that the structure of your DSpace corresponds with the >>> hierarchy of your institution you can: >>> >>> when someone logs in for the first time: >>> >>> 1. The user logs in with his existing institution credentials (for example, >>> the login that he/she uses for an email box or internal ERP system). This >>> can be achieved by linking the authentication with your institutional LDAP >>> or shibboleth. In this way, you avoid the necessity to (self) register new >>> users. >>> 2. Once authenticated, you make DSpace ping the staff directory for >>> information, to determine to which department the person belongs >>> 3. Once DSpace learns which department/unit someone belongs to, it can >>> create a corresponding e-person object for the person who logs in, with >>> submission & read rights, determined from the retrieved information from >>> the staff directory. >>> >>> If you have a lot of users, it would really take you a long time to set >>> authorizatin manually through the groups & policy webinterface in DSpace. >>> But you can customize it this way, that it is highly automated, given that >>> your repository structure matches the structure of your institution, and >>> that there is some kind of API available. >>> You can really do a lot of neat stuff. Let's say that you have a community >>> for the computer science department, with collections for working papers, >>> theses, ... these kind of methods can grant submission rights for all of >>> the collections under a community to which someone belongs. >>> >>> good luck, >>> >>> Bram Luyten >>> >>> @mire - http://www.atmire.com >>> >>> Technologielaan 9 - 3001 Heverlee - Belgium >>> 533 2nd Street - Encinitas, CA 92024 - USA >>> >>> http://www.togather.eu - Before getting together, get t...@ther >>> >>> >>> On Fri, Nov 19, 2010 at 4:07 PM, Kristian Roberto Salcedo >>> <[email protected]> wrote: >>> Hi, >>> >>> Does anyone know if any work has been done >>> on using external authorization systems for >>> controlling user permissions in DSpace? >>> >>> Is it possible (or worth the time) to map external authorization >>> information to the internal authorization mechanisms in >>> DSpace for example...? >>> >>> I've been looking in the various list archives for some >>> info on this, but I havent been able to find anything. >>> >>> regards, >>> Kristian >>> >>> >>> ------------------------------------------------------------------------------ >>> Beautiful is writing same markup. Internet Explorer 9 supports >>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >>> Spend less time writing and rewriting code and more time creating great >>> experiences on the web. Be a part of the beta today >>> http://p.sf.net/sfu/msIE9-sfdev2dev >>> _______________________________________________ >>> DSpace-tech mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/dspace-tech >>> >> <ATT00001..txt><ATT00002..txt> > > > ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
