Merge pull request #1991 from Georgetown-University-Libraries/ds3811m2

[DS-3811] port pr 1934 to master

dspace-rest/src/main/java/org/dspace/rest/FilteredCollectionsResource.java

@@ -101,9 +101,6 @@ public class FilteredCollectionsResource extends Resource {
 
         try {
             context = createContext();
-            if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
-                context.turnOffAuthorisationSystem();
-            }
 
             if (!((limit != null) && (limit >= 0) && (offset != null) && (offset >= 0))) {
                 log.warn("Paging was badly set.");
@@ -194,9 +191,6 @@ public class FilteredCollectionsResource extends Resource {
         FilteredCollection retColl = new org.dspace.rest.common.FilteredCollection();
         try {
             context = createContext();
-            if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
-                context.turnOffAuthorisationSystem();
-            }
 
             org.dspace.content.Collection collection = collectionService.findByIdOrLegacyId(context, collection_id);
             if (authorizeService.authorizeActionBoolean(context, collection, org.dspace.core.Constants.READ)) {

dspace-rest/src/main/java/org/dspace/rest/FilteredItemsResource.java

@@ -126,9 +126,6 @@ public class FilteredItemsResource extends Resource {
         ItemFilter result = itemFilterSet.getAllFiltersFilter();
         try {
             context = createContext();
-            if (!configurationService.getBooleanProperty("rest.reporting-authenticate", true)) {
-                context.turnOffAuthorisationSystem();
-            }
 
             int index = Math.min(query_field.size(), Math.min(query_op.size(), query_val.size()));
             List<ItemFilterQuery> itemFilterQueries = new ArrayList<ItemFilterQuery>();

dspace-rest/src/main/java/org/dspace/rest/HierarchyResource.java

@@ -81,9 +81,6 @@ public class HierarchyResource extends Resource {
 
         try {
             context = createContext();
-            if (!configurationService.getBooleanProperty("rest.hierarchy-authenticate", true)) {
-                context.turnOffAuthorisationSystem();
-            }
 
             Site site = siteService.findSite(context);
             repo.setId(site.getID().toString());

dspace-rest/src/main/webapp/static/reports/restCollReport.js

@@ -13,6 +13,11 @@ var CollReport = function() {
       return "[en]";
     }
     
+    //Indicate if Password Authentication is supported
+    //this.makeAuthLink = function(){return true;};
+    //Indicate if Shibboleth Authentication is supported
+    //this.makeShibLink = function(){return true;};
+
     this.COLL_LIMIT = 20;
     this.TOOBIG = 10000;
     this.loadId = 0;

dspace-rest/src/main/webapp/static/reports/restQueryReport.js

@@ -14,6 +14,11 @@ var QueryReport = function() {
       return "[en]";
     }
     
+    //Indicate if Password Authentication is supported
+    //this.makeAuthLink = function(){return true;};
+    //Indicate if Shibboleth Authentication is supported
+    //this.makeShibLink = function(){return true;};
+
     this.getDefaultParameters = function(){
         return {
             "collSel[]"     : [],

dspace-rest/src/main/webapp/static/reports/restReport.js

@@ -16,9 +16,13 @@ var Report = function() {
     //this.ROOTPATH = "/jspui/handle/"
     //this.ROOTPATH = "/handle/"
     
-    //disable this setting if Password Authentication is not supported
+    //Indicate if Password Authentication is supported
     this.makeAuthLink = function(){return false;};
 
+    //Indicate if Shibboleth Authentication is supported
+    this.makeShibLink = function(){return false;};
+    this.shibPath = "/Shibboleth.sso/Login";
+
     //Override this to return obj.id for DSpace 5 versions
     this.getId = function(obj) {
         return obj.uuid;
@@ -240,6 +244,15 @@ var Auth = function(report) {
             }
         });        
     }
+
+    this.verifyShibLogin = function() {
+        var self = this;
+        $.ajax({
+            url: "/rest/shibboleth-login", 
+            success: self.authStat
+        });
+    }
+  
     this.authStat = function() {
         var self = this;
         $.ajax({
@@ -249,20 +262,27 @@ var Auth = function(report) {
                 alert("Error in /rest/status "+ status+ " " + errorThrown);
             },
             success: function(data) {
-              var user = "";
+                var user = "";
-              if (data.email != undefined) {
+                if (data.email != undefined) {
-                user = data.email;                  
+                    user = data.email;                  
-              } else {
+                } else {
-                user = "You are not logged in.  Some items may be excluded from reports.";
+                    user = "You are not logged in.  Some items may be excluded from reports.";
-              }
+                }
-              var anchor = $("<a/>").text(user);
+                var anchor = $("<a/>").text(user);
-              if (self.report.makeAuthLink()) {
+                if (self.report.makeShibLink()) {
-                  anchor.attr("href","javascript:window.open('authenticate.html','Authenticate (Password Auth Only)','height=200,width=500')");
+                  anchor.attr("href", self.report.shibPath + "?target="+document.location);
-              }
+                }
-              $("#currentUser").empty().append("<b>Current User: </b>").append(anchor);
+                if (self.report.makeAuthLink()) {
-            }
+                    anchor.attr("href","javascript:window.open('authenticate.html','Authenticate (Password Auth Only)','height=200,width=500')");
+                }
+                $("#currentUser").empty().append("<b>Current User: </b>").append(anchor);
+                if (data.email == undefined && self.report.makeShibLink()) {
+                    self.verifyShibLogin();
+                }
+            } 
         });     
     }
+  
     this.logout = function() {
         var self = this;
         $.ajax({

dspace/config/modules/rest.cfg

@@ -7,11 +7,6 @@
 # record stats in DSpace statistics module
 rest.stats = true
 
-##### Enable/disable authorization for the hierarchy listing. #####
-# By default, the DSpace REST API will only return communities/collections/items that are accessible to a particular user.
-# Set the rest.hierarchy-authenticate option to false to bypass authorization
-# rest.hierarchy-authenticate = false
-
 #------------------------------------------------------------------#
 # REST API Reporting Tools                                         #
 #------------------------------------------------------------------#
@@ -31,13 +26,6 @@ rest.stats = true
 # tools can be configured to bypass DSpace authorization when 
 # reporting on collections and items. 
 
-##### Enable/disable authorization for the reporting tools. #####
-# By default, the DSpace REST API will only return communities/collections/items that are accessible to a particular user.
-# If the REST API has been deployed in a protected manner, the reporting tools can be configured to bypass authorization checks.
-# This will allow all items/collections/communities to be returned to the report user.
-# Set the rest-reporting-authenticate option to false to bypass authorization
-# rest.reporting-authenticate = false
-
 ##### Configure the report pages that can be requested by name #####
 # Create a map of named reports that are available to a report tool user
 # Each map entry should be prefixed with rest-report-url