Hi Evgeni,
B: Use the REST API to get the filename from bitstreamID.
There is an endpoint: /rest/bitstream/:id
https://wiki.duraspace.org/display/DSDOC5x/REST+API#RESTAPI-Bitstreams
Example: http://trydspace5.longsight.com/rest/bitstreams/1?expand=all
<bitstream>
<id>1</id>
<name>STAL9781614992707-0023.pdf</name>
<type>bitstream</type>
<bundleName>ORIGINAL</bundleName>
...
A: This one is more complicated. My usage of jsessionID has been handling
load balancing. (We would put the jsessionID and some attribs into
distributed redis, and then the other instances would be on the same page
regardless of which instance served other requests.) You would need a way
to get the eperson of the current visitor. The REST API doesn't give you
the ability to check on some user's authorization. It assumes that you
would log in as a user, and it will let you know if you are authorized to
access a resource.
There is a REST endpoint:
- GET /bitstreams/{bitstream id}/policy - Return bitstream policies.
I suppose you could have an admin account access the REST API, and look at
the policy, and look for a policy that refers to the specific eperson. Or
if you have a simpler use case, look for Anonymous READ.
You could always build a new REST endpoint for DSpace to help perform a
specific authorization check for you. Maybe have a way for you to log in as
an admin to REST API, then a log-in-as method to cloak yourself as the
in-question eperson to do the access check. Or maybe create
/bitstreams/:bitstreamID/authorized?eperson=:epersonID
Anyways, the DSpace method you would want to call, if at all possible is:
AuthorizeManager.authorizeAction(Context c, DSpaceObject o, int action)
You can create a context, and specify which user you are looking for. A
bitstream is a DSpaceObject. Action would be something like Constants.READ.
Another route could be in looking at including the DSpace jar into your
Java project, and then calling the relevant DSpace method. I remember Jacob
Brown had something for JRuby to pull in some DSpace jars:
https://github.com/kardeiz/dscriptor
Hope this helps.
________________
Peter Dietz
Longsight
www.longsight.com
pe...@longsight.com
p: 740-599-5005 x809
On Mon, May 4, 2015 at 10:43 AM, Evgeni Dimitrov <dimitrove....@gmail.com>
wrote:
> If there is a web application (running in the same Tomcat as DSpace),
> which can display a particular kind of items (consisting of several files),
>
> A. is there a way for it to check access rights to the item based on the
> JSESSIONID?
> B. is there a way for it to get the real file name based on the bitstream
> id?
>
> Best regards
> Evgeni
>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> DSpace-tech mailing list
> DSpace-tech@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspace-tech
> List Etiquette:
> https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
