diff --git a/dspace/src/edu/mit/dspace/MITAuthenticator.java b/dspace/src/edu/mit/dspace/MITAuthenticator.java index 503b08645c..664694db28 100644 --- a/dspace/src/edu/mit/dspace/MITAuthenticator.java +++ b/dspace/src/edu/mit/dspace/MITAuthenticator.java @@ -44,25 +44,35 @@ package edu.mit.dspace; import java.io.IOException; import java.sql.SQLException; - import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.log4j.Logger; + import org.dspace.app.webui.SiteAuthenticator; import org.dspace.core.Context; +import org.dspace.core.LogManager; +import org.dspace.eperson.EPerson; import org.dspace.eperson.Group; /** * MIT implementation of DSpace Web UI authentication. This version detects * whether the user is an MIT user, and if so, the user is redirected to the - * certificate login page. Otherwise, the email/password page is used + * certificate login page. Otherwise, the email/password page is used. + *

+ * The special group at MIT is an "MIT Users" group. Users who are on an + * MIT IP address, or have an e-mail ending in "mit.edu" are implictly + * members of this group. * * @author Robert Tansley * @version $Revision$ */ public class MITAuthenticator implements SiteAuthenticator { + /** log4j category */ + private static Logger log = Logger.getLogger(SiteAuthenticator.class); + public void startAuthentication(Context context, HttpServletRequest request, HttpServletResponse response) @@ -70,21 +80,6 @@ public class MITAuthenticator implements SiteAuthenticator { if (isMITUser(request)) { - try - { - // add the user to the special group "MIT Users" - Group MITGroup = Group.findByName(context, "MIT Users"); - - if( MITGroup != null ) - { - context.setSpecialGroup( MITGroup.getID() ); - } - } - catch(SQLException e) - { - // FIXME: quietly fail if we caught SQLException - } - // Try and get a certificate by default response.sendRedirect(response.encodeRedirectURL( request.getContextPath() + "/certificate-login")); @@ -98,6 +93,37 @@ public class MITAuthenticator implements SiteAuthenticator } + public int[] getSpecialGroups(Context context, + HttpServletRequest request) + throws SQLException + { + // Add user to "MIT Users" special group if they're an MIT user + + EPerson user = context.getCurrentUser(); + boolean hasMITEmail = (user != null && + user.getEmail().toLowerCase().endsWith("@mit.edu")); + + if (hasMITEmail || isMITUser(request)) + { + // add the user to the special group "MIT Users" + Group mitGroup = Group.findByName(context, "MIT Users"); + + if (mitGroup == null) + { + // Oops - the group isn't there. + log.warn(LogManager.getHeader(context, + "No MIT Group!!", + "")); + return new int[0]; + } + + return new int[] {mitGroup.getID()}; + } + + return new int[0]; + } + + /** * Check to see if the user is an MIT user. At present, it just * checks the source IP address. Note this is independent of user diff --git a/dspace/src/org/dspace/app/webui/SiteAuthenticator.java b/dspace/src/org/dspace/app/webui/SiteAuthenticator.java index 5d0eca880d..e9f02da176 100644 --- a/dspace/src/org/dspace/app/webui/SiteAuthenticator.java +++ b/dspace/src/org/dspace/app/webui/SiteAuthenticator.java @@ -41,6 +41,7 @@ package org.dspace.app.webui; import java.io.IOException; +import java.sql.SQLException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -77,4 +78,18 @@ public interface SiteAuthenticator HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException; + + + /** + * Work out if the current user is implicitly a member of any groups. + * This may include checking an IP address etc. + * + * @param context current DSpace context object + * @param request the request leading up to authentication being required + * + * @return the IDs of groups the user is implicitly in + */ + public int[] getSpecialGroups(Context context, + HttpServletRequest request) + throws SQLException; } diff --git a/dspace/src/org/dspace/app/webui/util/Authenticate.java b/dspace/src/org/dspace/app/webui/util/Authenticate.java index 6df99f6285..951d589984 100644 --- a/dspace/src/org/dspace/app/webui/util/Authenticate.java +++ b/dspace/src/org/dspace/app/webui/util/Authenticate.java @@ -69,6 +69,53 @@ public class Authenticate private static Logger log = Logger.getLogger(Authenticate.class); + /** The site authenticator */ + private static SiteAuthenticator siteAuth = null; + + + /** + * Get the site authenticator. Reads the appropriate configuration + * property. + * + * @return the implementation of the SiteAuthenticator interface to + * use for this DSpace site. + */ + public static SiteAuthenticator getSiteAuth() + { + if (siteAuth != null) + { + return siteAuth; + } + + // Instantiate the site authenticator + String siteAuthClassName = ConfigurationManager.getProperty( + "webui.site.authenticator"); + + try + { + Class siteAuthClass = Class.forName(siteAuthClassName); + siteAuth = (SiteAuthenticator) siteAuthClass.newInstance(); + } + catch(Exception e) + { + // Problem instantiating + if (siteAuthClassName == null) + { + siteAuthClassName = "null"; + } + + log.fatal(LogManager.getHeader(null, + "no_site_authenticator", + "webui.site.authenticator=" + siteAuthClassName), + e); + + throw new IllegalStateException(e.toString()); + } + + return siteAuth; + } + + /** * Return the request that the system should be dealing with, given the * request that the browse just sent. If the incoming request is from @@ -180,34 +227,8 @@ public class Authenticate session.setAttribute("interrupted.request.url", UIUtil.getOriginalURL(request)); - // Instantiate the site authenticator - String siteAuthClassName = ConfigurationManager.getProperty( - "webui.site.authenticator"); - SiteAuthenticator siteAuth; - - try - { - Class siteAuthClass = Class.forName(siteAuthClassName); - siteAuth = (SiteAuthenticator) siteAuthClass.newInstance(); - } - catch(Exception e) - { - // Problem instantiating - if (siteAuthClassName == null) - { - siteAuthClassName = "null"; - } - - log.fatal(LogManager.getHeader(context, - "no_site_authenticator", - "webui.site.authenticator=" + siteAuthClassName), - e); - - throw new ServletException(e); - } - // Start up the site authenticator - siteAuth.startAuthentication(context, request, response); + getSiteAuth().startAuthentication(context, request, response); } diff --git a/dspace/src/org/dspace/app/webui/util/UIUtil.java b/dspace/src/org/dspace/app/webui/util/UIUtil.java index 6d0b5343ee..7ecc65cf26 100644 --- a/dspace/src/org/dspace/app/webui/util/UIUtil.java +++ b/dspace/src/org/dspace/app/webui/util/UIUtil.java @@ -50,6 +50,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import org.dspace.app.webui.SiteAuthenticator; import org.dspace.content.Collection; import org.dspace.content.Community; import org.dspace.content.DCDate; @@ -102,6 +103,15 @@ public class UIUtil Authenticate.loggedIn(c, request, e); } + // Set any special groups - invoke the site authenticator + SiteAuthenticator siteAuth = Authenticate.getSiteAuth(); + int[] groupIDs = siteAuth.getSpecialGroups(c, request); + for (int i = 0; i < groupIDs.length; i++) + { + c.setSpecialGroup(groupIDs[i]); + } + + // Set the session ID c.setExtraLogInfo("session_id=" + request.getSession().getId());