- Fixed special groups code.

- "MIT Users" special group added.


git-svn-id: http://scm.dspace.org/svn/repo/trunk@428 9c30dcfa-912a-0410-8fc2-9e0234be79fd

dspace/src/edu/mit/dspace/MITAuthenticator.java

@@ -44,25 +44,35 @@ package edu.mit.dspace;
 
 import java.io.IOException;
 import java.sql.SQLException;
-
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.log4j.Logger;
+
 import org.dspace.app.webui.SiteAuthenticator;
 import org.dspace.core.Context;
+import org.dspace.core.LogManager;
+import org.dspace.eperson.EPerson;
 import org.dspace.eperson.Group;
 
 /**
  * MIT implementation of DSpace Web UI authentication.  This version detects
  * whether the user is an MIT user, and if so, the user is redirected to the
- * certificate login page.  Otherwise, the email/password page is used
+ * certificate login page.  Otherwise, the email/password page is used.
+ * <P>
+ * The special group at MIT is an "MIT Users" group.  Users who are on an
+ * MIT IP address, or have an e-mail ending in "mit.edu" are implictly
+ * members of this group.
  *
  * @author  Robert Tansley
  * @version $Revision$
  */
 public class MITAuthenticator implements SiteAuthenticator
 {
+    /** log4j category */
+    private static Logger log = Logger.getLogger(SiteAuthenticator.class);
+
     public void startAuthentication(Context context,
         HttpServletRequest request,
         HttpServletResponse response)
@@ -70,21 +80,6 @@ public class MITAuthenticator implements SiteAuthenticator
     {
         if (isMITUser(request))
         {
-            try
-            {
-                // add the user to the special group "MIT Users"
-                Group MITGroup = Group.findByName(context, "MIT Users");
-
-                if( MITGroup != null )
-                {
-                    context.setSpecialGroup( MITGroup.getID() );
-                }
-            }
-            catch(SQLException e)
-            {
-                // FIXME: quietly fail if we caught SQLException 
-            }
-        
             // Try and get a certificate by default
             response.sendRedirect(response.encodeRedirectURL(
                 request.getContextPath() + "/certificate-login"));
@@ -98,6 +93,37 @@ public class MITAuthenticator implements SiteAuthenticator
     }
 
 
+    public int[] getSpecialGroups(Context context,
+        HttpServletRequest request)
+        throws SQLException
+    {        
+        // Add user to "MIT Users" special group if they're an MIT user
+
+        EPerson user = context.getCurrentUser();
+        boolean hasMITEmail = (user != null &&
+            user.getEmail().toLowerCase().endsWith("@mit.edu"));
+
+        if (hasMITEmail || isMITUser(request))
+        {
+            // add the user to the special group "MIT Users"
+            Group mitGroup = Group.findByName(context, "MIT Users");
+
+            if (mitGroup == null)
+            {
+                // Oops - the group isn't there.
+                log.warn(LogManager.getHeader(context,
+                    "No MIT Group!!",
+                    ""));
+                return new int[0];
+            }
+
+            return new int[] {mitGroup.getID()};
+        }
+
+        return new int[0];
+    }
+
+
     /**
      * Check to see if the user is an MIT user.  At present, it just
      * checks the source IP address. Note this is independent of user

dspace/src/org/dspace/app/webui/SiteAuthenticator.java

@@ -41,6 +41,7 @@
 package org.dspace.app.webui;
 
 import java.io.IOException;
+import java.sql.SQLException;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -77,4 +78,18 @@ public interface SiteAuthenticator
         HttpServletRequest request,
         HttpServletResponse response)
         throws ServletException, IOException;
+
+
+    /**
+     * Work out if the current user is implicitly a member of any groups.
+     * This may include checking an IP address etc.
+     *
+     * @param context   current DSpace context object
+     * @param request   the request leading up to authentication being required
+     *
+     * @return  the IDs of groups the user is implicitly in
+     */
+    public int[] getSpecialGroups(Context context,
+        HttpServletRequest request)
+        throws SQLException;
 }

dspace/src/org/dspace/app/webui/util/Authenticate.java

@@ -69,6 +69,53 @@ public class Authenticate
     private static Logger log = Logger.getLogger(Authenticate.class);
 
 
+    /** The site authenticator */
+    private static SiteAuthenticator siteAuth = null;
+
+
+    /**
+     * Get the site authenticator.  Reads the appropriate configuration
+     * property.
+     *
+     * @return   the implementation of the SiteAuthenticator interface to
+     *           use for this DSpace site.
+     */
+    public static SiteAuthenticator getSiteAuth()
+    {
+        if (siteAuth != null)
+        {
+            return siteAuth;
+        }
+
+        // Instantiate the site authenticator
+        String siteAuthClassName = ConfigurationManager.getProperty(
+            "webui.site.authenticator");
+
+        try
+        {
+            Class siteAuthClass = Class.forName(siteAuthClassName);
+            siteAuth = (SiteAuthenticator) siteAuthClass.newInstance();
+        }
+        catch(Exception e)
+        {
+            // Problem instantiating
+            if (siteAuthClassName == null)
+            {
+                siteAuthClassName = "null";
+            }
+
+            log.fatal(LogManager.getHeader(null,
+                    "no_site_authenticator",
+                    "webui.site.authenticator=" + siteAuthClassName),
+                e);
+                
+            throw new IllegalStateException(e.toString());
+        }
+
+        return siteAuth;
+    }
+    
+
     /**
      * Return the request that the system should be dealing with, given the
      * request that the browse just sent.  If the incoming request is from
@@ -180,34 +227,8 @@ public class Authenticate
         session.setAttribute("interrupted.request.url",
             UIUtil.getOriginalURL(request));
         
-        // Instantiate the site authenticator
-        String siteAuthClassName = ConfigurationManager.getProperty(
-            "webui.site.authenticator");
-        SiteAuthenticator siteAuth;
-
-        try
-        {
-            Class siteAuthClass = Class.forName(siteAuthClassName);
-            siteAuth = (SiteAuthenticator) siteAuthClass.newInstance();
-        }
-        catch(Exception e)
-        {
-            // Problem instantiating
-            if (siteAuthClassName == null)
-            {
-                siteAuthClassName = "null";
-            }
-
-            log.fatal(LogManager.getHeader(context,
-                    "no_site_authenticator",
-                    "webui.site.authenticator=" + siteAuthClassName),
-                e);
-                
-            throw new ServletException(e);
-        }
-
         // Start up the site authenticator
-        siteAuth.startAuthentication(context, request, response);
+        getSiteAuth().startAuthentication(context, request, response);
     }
 
 

dspace/src/org/dspace/app/webui/util/UIUtil.java

@@ -50,6 +50,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 
+import org.dspace.app.webui.SiteAuthenticator;
 import org.dspace.content.Collection;
 import org.dspace.content.Community;
 import org.dspace.content.DCDate;
@@ -102,6 +103,15 @@ public class UIUtil
                 Authenticate.loggedIn(c, request, e);
             }
 
+            // Set any special groups - invoke the site authenticator
+            SiteAuthenticator siteAuth = Authenticate.getSiteAuth();
+            int[] groupIDs = siteAuth.getSpecialGroups(c, request);
+            for (int i = 0; i < groupIDs.length; i++)
+            {
+                c.setSpecialGroup(groupIDs[i]);
+            }
+
+
             // Set the session ID
             c.setExtraLogInfo("session_id=" + request.getSession().getId());