authentication methods to use for swordv2 different from xmlui
8 views
Skip to first unread message
Jose Blanco
Apr 15, 2020, 1:32:27 PM4/15/20
to DSpace Technical Support
In config/modules/authentication.cfg I have indicated the auth method I want the system to use from the browser.
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
I want the system to use a different auth method when interacting with SWORDv2. How do I go about doing this in 6.3?
For 5.1, I duplicated some code to get that to work. But I think in this environment that would be more difficult, perhaps not even necessary?
-Jose
plugin.sequence.org.dspace.authenticate.AuthenticationMethod = org.dspace.authenticate.PasswordAuthentication
I want the system to use a different auth method when interacting with SWORDv2. How do I go about doing this in 6.3?
For 5.1, I duplicated some code to get that to work. But I think in this environment that would be more difficult, perhaps not even necessary?
-Jose
Shaun donovan
Apr 15, 2020, 2:31:35 PM4/15/20
to Jose Blanco, DSpace Technical Support
Hi Jose.
To accomplish the same thing in 6.3, I had to add two new methods to dspace-api/src/main/java/org/dspace/authenticate/AuthenticationServiceImpl.java:
Line 74
@Override
public int authenticateSword(Context context, String un, String pw, String realm, HttpServletRequest request) {
PasswordAuthentication AuthenticationMethod = new PasswordAuthentication();
// better is lowest, so start with the highest.
int bestRet = PasswordAuthentication.BAD_ARGS;
// return on first success, otherwise "best" outcome.
int ret = 0;
try {
ret = AuthenticationMethod.authenticate(context, un, pw, realm, request);
} catch (SQLException e) {
ret = PasswordAuthentication.NO_SUCH_USER;
}
if (ret == PasswordAuthentication.SUCCESS) {
EPerson me = context.getCurrentUser();
me.setLastActive(new Date());
try {
ePersonService.update(context, me);
} catch (SQLException ex) {
log.error("Could not update last-active stamp", ex);
} catch (AuthorizeException ex) {
log.error("Could not update last-active stamp", ex);
}
return ret;
}
if (ret < bestRet) {
bestRet = ret;
}
return bestRet;
And line 210:
@Override
public List<Group> getSpecialGroupsSword(Context context, HttpServletRequest request) throws SQLException{
PasswordAuthentication method = new PasswordAuthentication();
List<Group> result = new ArrayList<>();
int totalLen = 0;
List<Group> gl = method.getSpecialGroups(context, request);
if (gl.size() > 0)
{
result.addAll(gl);
totalLen += gl.size();
}
return result;
Then I had to reference them in the interface dspace-api/src/main/java/org/dspace/authenticate/service/AuthenticationService.java (line 188):
public int authenticateSword(Context context, String un, String pw, String realm, HttpServletRequest request);
public List<Group> getSpecialGroupsSword(Context context, HttpServletRequest request) throws SQLException;
And lastly for swordv2 I had to use them in dspace-swordv2/src/main/java/org/dspace/sword2/SwordAuthenticator.java
line 85-86
int auth = authenticationService
.authenticateSword(context, un, pw, null, null);
Line 196-197
List<Group> specialGroups = authenticationService
.getSpecialGroupsSword(context, null);
Line 228-229
List<Group> specialGroups = authenticationService
.getSpecialGroupsSword(oboContext, null);
Rebuild and redeploy. If you want it for swordV1 as well, you will need to also make the last set of changes to dspace-sword/src/main/java/org/dspace/sword/SWORDAuthenticator.java as well as the following import:
import org.dspace.authenticate.PasswordAuthentication;
Please note that I did this to allow XMLUI to use my ADFS authentication while allowing Sword and SwordV2 to use password authentication. You will need to fix accordingly
Hope this helps.
Shaun
--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAK%3DKc-siPG1roGc8mAvWTQUCpA%2BVWmMvKypM%3DOuMx%3D%3DGAyA_gw%40mail.gmail.com.
Jose Blanco
Apr 15, 2020, 2:39:31 PM4/15/20
to Shaun donovan, DSpace Technical Support
I was looking over the code, and this makes sense. Thank you. I will give it a try. I guess the method you are using in this code is PasswordAuthentication? Correct?
Thank you again!
-Jose
Shaun donovan
Apr 16, 2020, 2:07:17 AM4/16/20
to Jose Blanco, DSpace Technical Support
Correct. Good Luck!
Shaun
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAK%3DKc-t_PopRb6gx%2B%2BtbGBYAa8KsWZZ3Qm8gr6OcjWbh5kFNCQ%40mail.gmail.com.
Mark H. Wood
Apr 16, 2020, 9:32:48 AM4/16/20
to DSpace Technical Support
On Wed, Apr 15, 2020 at 01:32:13PM -0400, Jose Blanco wrote:
> In config/modules/authentication.cfg I have indicated the auth method I
> want the system to use from the browser.
>
> *plugin.sequence.org.dspace.authenticate.AuthenticationMethod =
> In config/modules/authentication.cfg I have indicated the auth method I
> want the system to use from the browser.
>
> org.dspace.authenticate.PasswordAuthentication*
>
> I want the system to use a different auth method when interacting with
> SWORDv2. How do I go about doing this in 6.3?
I have not tried this, but I think that the least intrusive way might
> I want the system to use a different auth method when interacting with
> SWORDv2. How do I go about doing this in 6.3?
be to add a ServletContextConfiguration source to
dspace/config/config-definition.xml:
<servletContext config-optional='true'/>
<!-- place this before the 'properties' with fileName="local.cfg" -->
You may need to add this in the <header> section, to ensure that the
source's tag is defined:
<providers>
<provider config-tag="servletContext"
config-class="org.apache.commons.configuration.DefaultConfigurationBuilder"/>
</providers>
Then you could add a ContextParameter to the 'swordv2' Context:
<Parameter
name='plugin.sequence.org.dspace.authenticate.AuthenticationMethod'
value='org.dspace.authenticate.SomeMethod'
/>
You can probably use 'bin/dspace dsprop --property=dspace.dir' to more
conveniently test config-definition.xml until you get no errors, or at
least until the error you get is that there is no Servlet context.
Please let us know if this works. I think we ought to make this a
standard feature, if it does.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
Reply all
Reply to author
Forward
0 new messages