Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-254

Bitstream (and item-export) download service does not correctly sense authenticated user

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.2, 1.6.0
    • Fix Version/s: 1.6.0
    • Component/s: XMLUI
    • Labels:
      None
    • Environment:
      MacOS/Java 1.5/oracle
    • Attachments:
      1
    • Comments:
      0
    • Documentation Status:
      Not Required

      Description

      When attempting to download a Bitstream with no read access, the XMLUI BitstreamReader class responds differently depending on whether there is an authenticated user: if there is one, it just reports "access denied", but if there is none it offers a login page.

      The code in 1.5.2 does not correctly detect a logged-in user and thus always offers the login option, which is confusing.
      To reproduce the problem, remove all read access policies from a Bitstream, and attempt to view it in XMLUI, while logged in and not. The problem is

      {request}

      .getSession().getAttribute("dspace.current.user.id") does not return the logged-in user.

      Patches included fix the problem for Bitstream and similar code in ItemExportDownloadReader (though I couldn't test that).

      The only other similar code is in dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/cocoon/DSpaceCocoonServletFilter.java, but I don't use SSL redirection (and it looks unlikely to work in any case since there is no place to specify non-standard SSL ports) so I did not attempt to fix that. See the code starting at line 236, around getSession().getAttribute("dspace.current.user.id").

        Attachments

          Activity

            People

            • Assignee:
              lcs Larry Stone
              Reporter:
              lcs Larry Stone
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: