New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Special groups not working with Shibboleth authentication and IP Authentication #8301
Comments
Pulling this onto the 7.4 board. Just a note for eventual testers... we should verify that this is definitely a bug in Shibboleth. It's possible that the bug here is in the Bitstream download (as it sounds like the Item is visible but the Bitstream is not). So, it is possible this is a new bug & not the same as #8161 |
Please note IP-Authentication is having the exact same issue. Adding the anonymous group as a sub group of BITSTREAM_DEFAULT_READ group for that collection had it working for Shibboleth and IP-Authentication too. |
@samj55 : Just to verify, the issue is only with the Bitstream, correct? It sounds like when you access restrict the Item (using If it's correct that this issue is only with the Bitstream then that's a new bug. In #8161 / #8160 we fixed the issue with the Item-level permissions. But, in this ticket, it sounds like you are saying a similar type of issue is appearing at the Bitstream-level. |
Yes it's correct Tim. Only the bitstream is affected by this problem. Adding the anonymous group as a subgroup solves the viewing issue for the Shibboleth and IP users but any anonymous user with the bitstream direct link can view that bitstream. Example of the link: |
I confirm it fixed by #8309 |
Describe the bug
This bug #8161 and #8160 still exist. Please double check.
DSpace version installed: DSpace 7.3-SNAPSHOT
To Reproduce
Steps to reproduce the behavior:
Expected behavior
You should've seen the item as a member of the permitted special group.
Related work
Link to any related tickets or PRs here.
#8161
#8160
DSpace Log:
java.io.IOException: org.dspace.authorize.AuthorizeException: Authorization denied for action READ on BITSTREAM:549dad0f-2438-41c0-ad1c-d1ebfc8ca982 by user 1ccce6d2-beaf-43cc-8b64-b9a15a30e62e
at org.dspace.app.rest.utils.BitstreamResource.getInputStream(BitstreamResource.java:102) ~[classes/:7.3-SNAPSHOT]
at org.springframework.http.converter.ResourceHttpMessageConverter.writeContent(ResourceHttpMessageConverter.java:137) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.http.converter.ResourceHttpMessageConverter.writeInternal(ResourceHttpMessageConverter.java:129) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.http.converter.ResourceHttpMessageConverter.writeInternal(ResourceHttpMessageConverter.java:45) ~[spring-web-5.3.18.jar:5.3.18]
at org.springframework.http.converter.AbstractHttpMessageConverter.write(AbstractHttpMessageConverter.java:227) ~[spring-web-5.3.18.jar:5.3.18]
The text was updated successfully, but these errors were encountered: