We here at NASA Langley use OpenSSO authentication to restrict access to only those folks who have requested/been approved access to our secure site. We did have to make some minor code changes to the DSpace JSPUI app to implement this, but it works great. If you don't have preauthorization to the site, you get a "landing page" (responds to server code 404) that instructs the user how to request access. Sue
Sue Walker-Thornton (w): (757) 864-2368 (m): (757) 506-9903 -----Original Message----- From: helix84 [mailto:[email protected]] Sent: Monday, March 12, 2012 11:59 AM To: Anton Angelo Cc: [email protected] Subject: Re: [Dspace-tech] Locking down D-space On Mon, Mar 12, 2012 at 04:26, Anton Angelo <[email protected]> wrote: > Hi y'all, > > I asked this question previously, but it was buried at the bottom of > another query. > > I ahve a new repository being built up, and the owners of it are quite > wary of it becoming publically available before they are comfortable > launching it. Its really cool, and they have good reason to be > concerned. They are not just overthinking it. > > People from Universities internationally are going to want to be > e-people in it while it is being built, so I can't restrict it down > just by IP address, but I want it to look as normal as possible while > still only letting specific people see it. > > How would you recommend doing something like that? I'm loath to set > up policies and groups I'll have to change later, if there is a > simpler, webserver specific (.htaccess?) way. Its running 1.8 on linux. > > Clues gratefully accepted. Hi Anton, if I understand correctly, you don't want anyone else but specific people to see the site at all. DSpace, the application, currently can't do this, because it's not possible to remove access from metadata. It's only possible to restrict access to bitstreams, but it cannot hide the existence of bitstreams, either. To achieve what you want, you have to use some means external to DSpace. You can use .htaccess with e.g. HTTP Basic, but the database of users will be separate from database of e-people in DSpace. If you know a little programming, you can use mod_auth_external and write a glue script that will use the eperson table in the DSpace database to authenticate users in Apache, byspassing DSpace completely. This is what I would do. Note that users wouldn't be logged in DSpace, the application - they would have to log in again if you want further restrictions (to bitstreams) in DSpace. If you go this route, there's a nice new feature in Apache 2.4 - mod_auth_form - so you can have a nice HTML login form. Regards, ~~helix84 ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
