mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-18 15:33:09 +00:00
- Fixed special groups code.
- "MIT Users" special group added. git-svn-id: http://scm.dspace.org/svn/repo/trunk@428 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Robert Tansley
@@ -44,25 +44,35 @@ package edu.mit.dspace;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.sql.SQLException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import org.dspace.app.webui.SiteAuthenticator;
|
||||
import org.dspace.core.Context;
|
||||
import org.dspace.core.LogManager;
|
||||
import org.dspace.eperson.EPerson;
|
||||
import org.dspace.eperson.Group;
|
||||
|
||||
/**
|
||||
* MIT implementation of DSpace Web UI authentication. This version detects
|
||||
* whether the user is an MIT user, and if so, the user is redirected to the
|
||||
* certificate login page. Otherwise, the email/password page is used
|
||||
* certificate login page. Otherwise, the email/password page is used.
|
||||
* <P>
|
||||
* The special group at MIT is an "MIT Users" group. Users who are on an
|
||||
* MIT IP address, or have an e-mail ending in "mit.edu" are implictly
|
||||
* members of this group.
|
||||
*
|
||||
* @author Robert Tansley
|
||||
* @version $Revision$
|
||||
*/
|
||||
public class MITAuthenticator implements SiteAuthenticator
|
||||
{
|
||||
/** log4j category */
|
||||
private static Logger log = Logger.getLogger(SiteAuthenticator.class);
|
||||
|
||||
public void startAuthentication(Context context,
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response)
|
||||
@@ -70,21 +80,6 @@ public class MITAuthenticator implements SiteAuthenticator
|
||||
{
|
||||
if (isMITUser(request))
|
||||
{
|
||||
try
|
||||
{
|
||||
// add the user to the special group "MIT Users"
|
||||
Group MITGroup = Group.findByName(context, "MIT Users");
|
||||
|
||||
if( MITGroup != null )
|
||||
{
|
||||
context.setSpecialGroup( MITGroup.getID() );
|
||||
}
|
||||
}
|
||||
catch(SQLException e)
|
||||
{
|
||||
// FIXME: quietly fail if we caught SQLException
|
||||
}
|
||||
|
||||
// Try and get a certificate by default
|
||||
response.sendRedirect(response.encodeRedirectURL(
|
||||
request.getContextPath() + "/certificate-login"));
|
||||
@@ -98,6 +93,37 @@ public class MITAuthenticator implements SiteAuthenticator
|
||||
}
|
||||
|
||||
|
||||
public int[] getSpecialGroups(Context context,
|
||||
HttpServletRequest request)
|
||||
throws SQLException
|
||||
{
|
||||
// Add user to "MIT Users" special group if they're an MIT user
|
||||
|
||||
EPerson user = context.getCurrentUser();
|
||||
boolean hasMITEmail = (user != null &&
|
||||
user.getEmail().toLowerCase().endsWith("@mit.edu"));
|
||||
|
||||
if (hasMITEmail || isMITUser(request))
|
||||
{
|
||||
// add the user to the special group "MIT Users"
|
||||
Group mitGroup = Group.findByName(context, "MIT Users");
|
||||
|
||||
if (mitGroup == null)
|
||||
{
|
||||
// Oops - the group isn't there.
|
||||
log.warn(LogManager.getHeader(context,
|
||||
"No MIT Group!!",
|
||||
""));
|
||||
return new int[0];
|
||||
}
|
||||
|
||||
return new int[] {mitGroup.getID()};
|
||||
}
|
||||
|
||||
return new int[0];
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check to see if the user is an MIT user. At present, it just
|
||||
* checks the source IP address. Note this is independent of user
|
||||
|
||||
@@ -41,6 +41,7 @@
|
||||
package org.dspace.app.webui;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.sql.SQLException;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
@@ -77,4 +78,18 @@ public interface SiteAuthenticator
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response)
|
||||
throws ServletException, IOException;
|
||||
|
||||
|
||||
/**
|
||||
* Work out if the current user is implicitly a member of any groups.
|
||||
* This may include checking an IP address etc.
|
||||
*
|
||||
* @param context current DSpace context object
|
||||
* @param request the request leading up to authentication being required
|
||||
*
|
||||
* @return the IDs of groups the user is implicitly in
|
||||
*/
|
||||
public int[] getSpecialGroups(Context context,
|
||||
HttpServletRequest request)
|
||||
throws SQLException;
|
||||
}
|
||||
|
||||
@@ -69,6 +69,53 @@ public class Authenticate
|
||||
private static Logger log = Logger.getLogger(Authenticate.class);
|
||||
|
||||
|
||||
/** The site authenticator */
|
||||
private static SiteAuthenticator siteAuth = null;
|
||||
|
||||
|
||||
/**
|
||||
* Get the site authenticator. Reads the appropriate configuration
|
||||
* property.
|
||||
*
|
||||
* @return the implementation of the SiteAuthenticator interface to
|
||||
* use for this DSpace site.
|
||||
*/
|
||||
public static SiteAuthenticator getSiteAuth()
|
||||
{
|
||||
if (siteAuth != null)
|
||||
{
|
||||
return siteAuth;
|
||||
}
|
||||
|
||||
// Instantiate the site authenticator
|
||||
String siteAuthClassName = ConfigurationManager.getProperty(
|
||||
"webui.site.authenticator");
|
||||
|
||||
try
|
||||
{
|
||||
Class siteAuthClass = Class.forName(siteAuthClassName);
|
||||
siteAuth = (SiteAuthenticator) siteAuthClass.newInstance();
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
// Problem instantiating
|
||||
if (siteAuthClassName == null)
|
||||
{
|
||||
siteAuthClassName = "null";
|
||||
}
|
||||
|
||||
log.fatal(LogManager.getHeader(null,
|
||||
"no_site_authenticator",
|
||||
"webui.site.authenticator=" + siteAuthClassName),
|
||||
e);
|
||||
|
||||
throw new IllegalStateException(e.toString());
|
||||
}
|
||||
|
||||
return siteAuth;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Return the request that the system should be dealing with, given the
|
||||
* request that the browse just sent. If the incoming request is from
|
||||
@@ -180,34 +227,8 @@ public class Authenticate
|
||||
session.setAttribute("interrupted.request.url",
|
||||
UIUtil.getOriginalURL(request));
|
||||
|
||||
// Instantiate the site authenticator
|
||||
String siteAuthClassName = ConfigurationManager.getProperty(
|
||||
"webui.site.authenticator");
|
||||
SiteAuthenticator siteAuth;
|
||||
|
||||
try
|
||||
{
|
||||
Class siteAuthClass = Class.forName(siteAuthClassName);
|
||||
siteAuth = (SiteAuthenticator) siteAuthClass.newInstance();
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
// Problem instantiating
|
||||
if (siteAuthClassName == null)
|
||||
{
|
||||
siteAuthClassName = "null";
|
||||
}
|
||||
|
||||
log.fatal(LogManager.getHeader(context,
|
||||
"no_site_authenticator",
|
||||
"webui.site.authenticator=" + siteAuthClassName),
|
||||
e);
|
||||
|
||||
throw new ServletException(e);
|
||||
}
|
||||
|
||||
// Start up the site authenticator
|
||||
siteAuth.startAuthentication(context, request, response);
|
||||
getSiteAuth().startAuthentication(context, request, response);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -50,6 +50,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import org.dspace.app.webui.SiteAuthenticator;
|
||||
import org.dspace.content.Collection;
|
||||
import org.dspace.content.Community;
|
||||
import org.dspace.content.DCDate;
|
||||
@@ -102,6 +103,15 @@ public class UIUtil
|
||||
Authenticate.loggedIn(c, request, e);
|
||||
}
|
||||
|
||||
// Set any special groups - invoke the site authenticator
|
||||
SiteAuthenticator siteAuth = Authenticate.getSiteAuth();
|
||||
int[] groupIDs = siteAuth.getSpecialGroups(c, request);
|
||||
for (int i = 0; i < groupIDs.length; i++)
|
||||
{
|
||||
c.setSpecialGroup(groupIDs[i]);
|
||||
}
|
||||
|
||||
|
||||
// Set the session ID
|
||||
c.setExtraLogInfo("session_id=" + request.getSession().getId());
|
||||
|
||||
|
||||
Reference in New Issue
Block a user