Ribin and Ivan,
Thank you for the update. I am using the 3.1 distribution.
The IP addresses are being matched correctly. If I authenticate with my
own NetId, I see that I am corrected added to the group specified in
authentication-ip.cfg (group X). (I am verifying this by looking at my
profile.)
If I am the anonymous user coming from the designated IP range, I am seeing
inconsistent behavior for group permissions.
I can access items that group X has direct permission to access. But, I am
unable to access items that X should have access to via a parent DSpace
group.
My Shibboleth based groups behave as expected when added to a parent DSpace
group.
I suspect that the difference in this scenario is that isAuthenticated() ==
false for the anonymous user with IP-based access.
I plan to do more testing today to see if I can define the problem more
precisely. Have you encountered any issues like this?
Terry
On Tue, Oct 22, 2013 at 11:25 PM, <[email protected]> wrote:
> Terry,
>
> I got ip authentication working in our Dspace.
>
> I just have the below in my authentication-ip.cfg:
>
> ip.<grpname> = <ip>, \
>
> In authentication.cfg, I have the below:
>
> plugin.sequence.org.dspace.authenticate.AuthenticationMethod =
> org.dspace.authenticate.IPAuthentication,
> org.dspace.authenticate.PasswordAuthentication
>
> Pls note that there is no unnecessary white space in the above
> configuration line.
>
> Thanks,
>
> Ribin Jones S.B
>
>
>
> ----- Original Message -----
> From: "Terry Brady" <[email protected]>
> To: "ribin jones" <[email protected]>
> Cc: "Ivan Masár" <[email protected]>, "dspace-tech" <
> [email protected]>
> Sent: Wednesday, 23 October, 2013 3:09:40 AM
> Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1
>
>
> Ribin,
>
>
> Did you find a solution to this issue? I seem to be encountering something
> similar with IP authentication.
>
>
> I have my ip authentication mapping to a group named X. I have added
> group: X to a larger DSpace group Y. Group Y can access
> collections/items/bitstreams.
>
>
> If I connect from my designated IP, I am unable to access the items that
> Group Y can access.
>
>
> But, if I give group X explicit access to an item/collection/bitstream,
> then I am able to access the objects.
>
>
> Terry
>
>
>
> On Tue, Aug 13, 2013 at 12:23 AM, < [email protected] > wrote:
>
>
> Hi Helix,
>
> I tested it and it doesn't seem to work. Pls see the below dspace log;
>
>
> 2013-08-07 15:12:50,616 INFO
> org.dspace.app.webui.servlet.AbstractBrowserServlet @
> anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:
> browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1
> 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @
> anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:
> browse_by_item:
> 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No
> Configuration entry found for Sequence Plugin
> interface=org.dspace.plugin.ItemHomeProcessor
>
> Access comes as anonymous:session even if I try to access from 10.10.50.0
> network (this subnet was given a special group name in
> authentication-ip.cfg)
>
>
> - Ribin
>
> ----- Original Message -----
> From: "helix84" < [email protected] >
> To: "ribin jones" < [email protected] >
> Cc: "dspace-tech" < [email protected] >
>
> Sent: Tuesday, 13 August, 2013 3:20:34 AM
> Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1
>
>
>
> On Thu, Aug 8, 2013 at 12:56 PM, < [email protected] > wrote:
> > So, does IP authentication work only if there is some other
> authentication mechanism (ldap/passwd) above it? My understanding was that
> even if we don't login, if access comes from a particular network,
> collection/community can be be given appropriate access permission.
>
> I'm not sure. Did you test it? It should be easy to test.
>
> Anyway, I can't imagine why you'd want to remove
> PasswordAuthentication - you need that one to log in as DSpace
> administrator. If you don't have any other accounts defined for
> PasswordAuthentication, it doesn't hurt in any way.
>
>
> Regards,
> ~~helix84
>
> Compulsory reading: DSpace Mailing List Etiquette
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> DSpace-tech mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
>
>
>
> --
> Terry Brady
> Applications Programmer Analyst
> Lauinger Information Technology
> 202-687-7053
>
--
Terry Brady
Applications Programmer Analyst
Lauinger Information Technology
202-687-7053
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
