I resolved this issue in a surprising way.
I currently build my deployment using the dspace-3.1-release code base (not
dspace-3.1-src-release).
I wanted to add some diagnostics to org.dspace.eperson.Group to ensure that
all parent groups of my IP-based special group are getting set.
I copied org.dspace.eperson.Group.java to
dspace/modules/additions/src/main/java/org/dspace/eperson/Group.java and
rebuilt my code. After deployment, this issue was resolved.
I deleted my local Group.java file, rebuilt the code, and the problem
recurred.
Terry
On Wed, Oct 23, 2013 at 10:23 AM, Terry Brady <[email protected]> wrote:
> Ribin and Ivan,
>
> Thank you for the update. I am using the 3.1 distribution.
>
> The IP addresses are being matched correctly. If I authenticate with my
> own NetId, I see that I am corrected added to the group specified in
> authentication-ip.cfg (group X). (I am verifying this by looking at my
> profile.)
>
> If I am the anonymous user coming from the designated IP range, I am
> seeing inconsistent behavior for group permissions.
>
> I can access items that group X has direct permission to access. But, I
> am unable to access items that X should have access to via a parent DSpace
> group.
>
> My Shibboleth based groups behave as expected when added to a parent
> DSpace group.
>
> I suspect that the difference in this scenario is that isAuthenticated()
> == false for the anonymous user with IP-based access.
>
> I plan to do more testing today to see if I can define the problem more
> precisely. Have you encountered any issues like this?
>
> Terry
>
>
> On Tue, Oct 22, 2013 at 11:25 PM, <[email protected]> wrote:
>
>> Terry,
>>
>> I got ip authentication working in our Dspace.
>>
>> I just have the below in my authentication-ip.cfg:
>>
>> ip.<grpname> = <ip>, \
>>
>> In authentication.cfg, I have the below:
>>
>> plugin.sequence.org.dspace.authenticate.AuthenticationMethod =
>> org.dspace.authenticate.IPAuthentication,
>> org.dspace.authenticate.PasswordAuthentication
>>
>> Pls note that there is no unnecessary white space in the above
>> configuration line.
>>
>> Thanks,
>>
>> Ribin Jones S.B
>>
>>
>>
>> ----- Original Message -----
>> From: "Terry Brady" <[email protected]>
>> To: "ribin jones" <[email protected]>
>> Cc: "Ivan Masár" <[email protected]>, "dspace-tech" <
>> [email protected]>
>> Sent: Wednesday, 23 October, 2013 3:09:40 AM
>> Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1
>>
>>
>> Ribin,
>>
>>
>> Did you find a solution to this issue? I seem to be encountering
>> something similar with IP authentication.
>>
>>
>> I have my ip authentication mapping to a group named X. I have added
>> group: X to a larger DSpace group Y. Group Y can access
>> collections/items/bitstreams.
>>
>>
>> If I connect from my designated IP, I am unable to access the items that
>> Group Y can access.
>>
>>
>> But, if I give group X explicit access to an item/collection/bitstream,
>> then I am able to access the objects.
>>
>>
>> Terry
>>
>>
>>
>> On Tue, Aug 13, 2013 at 12:23 AM, < [email protected] > wrote:
>>
>>
>> Hi Helix,
>>
>> I tested it and it doesn't seem to work. Pls see the below dspace log;
>>
>>
>> 2013-08-07 15:12:50,616 INFO
>> org.dspace.app.webui.servlet.AbstractBrowserServlet @
>> anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:
>> browse:type=title,order=ASC,value=null,month=null,year=null,starts_with=null,vfocus=null,focus=-1,rpp=20,sort_by=1,community=123456789/632,collection=n/a,level=0,etal=-1
>> 2013-08-07 15:12:50,617 INFO org.dspace.browse.BrowseEngine @
>> anonymous:session_id=8EA1C12719F4C5C76F7715D4FF217706:ip_addr=10.10.50.201:
>> browse_by_item:
>> 2013-08-07 15:12:51,750 WARN org.dspace.core.PluginManager @ No
>> Configuration entry found for Sequence Plugin
>> interface=org.dspace.plugin.ItemHomeProcessor
>>
>> Access comes as anonymous:session even if I try to access from 10.10.50.0
>> network (this subnet was given a special group name in
>> authentication-ip.cfg)
>>
>>
>> - Ribin
>>
>> ----- Original Message -----
>> From: "helix84" < [email protected] >
>> To: "ribin jones" < [email protected] >
>> Cc: "dspace-tech" < [email protected] >
>>
>> Sent: Tuesday, 13 August, 2013 3:20:34 AM
>> Subject: Re: [Dspace-tech] IP Authentication in dspace 3.1
>>
>>
>>
>> On Thu, Aug 8, 2013 at 12:56 PM, < [email protected] > wrote:
>> > So, does IP authentication work only if there is some other
>> authentication mechanism (ldap/passwd) above it? My understanding was that
>> even if we don't login, if access comes from a particular network,
>> collection/community can be be given appropriate access permission.
>>
>> I'm not sure. Did you test it? It should be easy to test.
>>
>> Anyway, I can't imagine why you'd want to remove
>> PasswordAuthentication - you need that one to log in as DSpace
>> administrator. If you don't have any other accounts defined for
>> PasswordAuthentication, it doesn't hurt in any way.
>>
>>
>> Regards,
>> ~~helix84
>>
>> Compulsory reading: DSpace Mailing List Etiquette
>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>>
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
>> _______________________________________________
>> DSpace-tech mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>> List Etiquette:
>> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>>
>>
>>
>>
>> --
>> Terry Brady
>> Applications Programmer Analyst
>> Lauinger Information Technology
>> 202-687-7053
>>
>
>
>
> --
> Terry Brady
> Applications Programmer Analyst
> Lauinger Information Technology
> 202-687-7053
>
--
Terry Brady
Applications Programmer Analyst
Lauinger Information Technology
202-687-7053
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
