SWORD v1 login failure on DSpace 9.2

23 views
Skip to first unread message

Joshua Kim

unread,
Apr 10, 2026, 11:22:07 PM (3 days ago) Apr 10
to DSpace Technical Support
Hello,

We have installed DSpace 9.2 (upgraded from 7.6). It has SWORD v1. We use Shibboleth and Orcid for authentication. They are working. But if I try to log in to the SWORD service document page, even though I set a user account to the admin and submitter groups for collections under assign roles and enter the correct email and password, the login fails.
In the DSpace log file,   it prints as follows:
INFO  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.sword.SWORDAuthenticator @ anonymous:session_id=0:ip_addr=10.7.36.158:sword_authenticate:username=xx...@udel.edu,on_behalf_of=null
2026-04-10 21:01:34,316 WARN  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.authenticate.ShibAuthentication @ Unable to authenticate using Shibboleth because the request object is null.
2026-04-10 21:01:34,316 WARN  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.authenticate.OrcidAuthenticationBean @ Unable to authenticate using ORCID because the request object is null.
2026-04-10 21:01:34,316 INFO  unknown a06a96bc-baba-4740-a93d-b4d4bf163210 org.dspace.sword.SWORDAuthenticator @ anonymous:session_id=0:ip_addr=10.7.36.158:sword_unable_to_set_on_behalf_of:username=xxxx...@udel.edu,on_behalf_of=null

ALSO, when I try to use curl, I have an error of "HTTP/1.1 401 401" 
curl -i --data-binary "@/home/joshkim/download/example.zip" -H "Content-Disposition:filename=example.zip" -H "Content-Type:application/zip" -H "X-Packaging:http://purl.org/net/sword-types/METSDSpaceSIP" -u lib-ne...@udel.edu:[mypassword] https://XXXXXXXXXXXudel.edu/server/sword/deposit/123456789/359

HTTP/1.1 401 401
Date: Sat, 11 Apr 2026 00:46:11 GMT

Can someone please help us out? Thank you so much in advance.
 

Toni Prieto

unread,
Apr 11, 2026, 4:38:43 AM (3 days ago) Apr 11
to dspac...@googlegroups.com

Hi Joshua,

I remember running into a similar issue in earlier versions. It might be a bug related to checking whether special groups should be added depending on the authentication method being used.

During the SWORD request, the request object comes through as null, which causes one of these checks to fail. Looking at the recent changes, it’s possible the issue is triggered in the isUsed function of the ORCID and Shibboleth methods you have configured, which are involved in this recent change:
https://github.com/DSpace/DSpace/pull/11633

Modifying the function so that it returns false when request is null could fix the problem.

If you can see the stack trace, it should give you a better idea of exactly where it’s happening.

Regards,

Toni


El 11/4/26 a las 5:22, Joshua Kim escribió:
--
All messages to this mailing list should adhere to the Code of Conduct: https://lyrasis.org/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/9f32811d-b68d-4125-a2ac-6fab25726c02n%40googlegroups.com.
-- 

Toni Prieto
Universitat Politècnica de Catalunya

Joshua Kim

unread,
Apr 11, 2026, 8:21:50 AM (3 days ago) Apr 11
to DSpace Technical Support
Thank you, Toni. 
Do I need to modify the Java source code in DSpace 9.2? I am not quite sure what you suggested to me, though I read https://github.com/DSpace/DSpace/pull/11633. Would you explain me in detail?

Toni Prieto

unread,
Apr 13, 2026, 4:10:25 AM (yesterday) Apr 13
to dspac...@googlegroups.com

Hello Joshua,

Yes, the Java source code in DSpace 9.2 needs to be modified to fix this issue.

I was able to reproduce the error by enabling ORCID authentication, which triggers the NullPointerException during SWORD requests when the request object is null.

I have opened a pull request that should fix the problem here:
https://github.com/DSpace/DSpace/pull/12284

Could you try applying this change and check if it resolves the issue on your side?

Also, please make sure that PasswordAuthentication is enabled as well, since SWORD relies on it to authenticate requests through DSpace’s authentication system.

Regards,

Toni

El 11/4/26 a las 14:21, Joshua Kim escribió:
Reply all
Reply to author
Forward
0 new messages