On Tue, May 15, 2012 at 10:10 PM, Shixing Wen <[email protected]> wrote:
> I'd like to restrict access to a particular collection, not the whole site,
> in jspui by IP ranges. How can it be accomplished?
Hi Shixing,
in DSpace you can restrict read access to bitstreams, never to
metadata of items (metadata is always visible to everyone), so I'll
assume this is what you want to do.
1) go to Groups menu and create a group for each collection. Don't
assign any users to it.
2) edit [dspace]/config/modules/authentication-ip.cfg and for each
group add, for example:
ip.GROUPNAME = 10.1.2.0/24
3) add IPAuthentication to the authentication stack. So your
[dspace]/config/modules/authentication.cfg might look something like
this:
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \
org.dspace.authenticate.PasswordAuthentication, \
org.dspace.authenticate.IPAuthentication
4) restart Tomcat
5) test whether group assignment works. Log in as any user using some
other authentocation method (Password, LDAP, ...). Go to your profile.
At the bottom, there are active groups you're member of. If you did
steps 1-4 and your IP is on range you entered in 2), you should be a
member of GROUPNAME.
6) Now you can go to Authorizations menu and for the collections you
want to restrict, remove READ right from Anonymous and add READ right
to GROUPNAME
Regards,
~~helix84
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
