| 1 | name=QQQQAuthentication demo
|
|---|
| 2 | textdate=QQQQpublication date\:
|
|---|
| 3 | textnumpages=QQQQno. of pages\:
|
|---|
| 4 | textsource=QQQQsource ref\:
|
|---|
| 5 | section_chapter=QQQQchapter
|
|---|
| 6 | document_book=QQQQbook
|
|---|
| 7 |
|
|---|
| 8 | dls.Organization=QQQQOrganizations
|
|---|
| 9 | dls.Subject=QQQQSubjects
|
|---|
| 10 | index_text=QQQQText
|
|---|
| 11 | index_document=QQQQBook
|
|---|
| 12 | index_section=QQQQChapter
|
|---|
| 13 | dls.Titles=QQQQTitles
|
|---|
| 14 | dls.Keyword=QQQQHow to
|
|---|
| 15 |
|
|---|
| 16 | shortDescription=QQQQ<p>Collection that demonstrates document-level collection authentication in Greenstone 3.</p>
|
|---|
| 17 |
|
|---|
| 18 | description1=QQQQ<p>This demonstration collection contains the same material as the original Greenstone demo collection, but it includes some basic authentication commands. Two documents are publicly available (Farming snails 1 & 2), while the others require logging in to view.</p> <p><center><b> To access this collection try user\:</b> <i>demo</i> <b>and password\:</b> <i>demo</i></center></p>
|
|---|
| 19 |
|
|---|
| 20 | description2=QQQQ<h3>How the collection works</h3><p> The collection configuration file is exactly the same as for the original demo collection apart from the authentication directives, one plugin option (and this description).</p>
|
|---|
| 21 |
|
|---|
| 22 | description3=QQQQ<p>The authentication scheme controls access to the collection. It works in two steps. First it determines whether to restrict access to the collection as a whole or to individual documents in it, and in the latter case which documents those are (either by giving a list of private documents for which access is to be authenticated, or specifying that all documents are private except for a given list of public documents). Then for access-restricted documents it determines which user groups are to have access.</p>
|
|---|
| 23 |
|
|---|
| 24 | description4=QQQQ<p>Authentication is activated using the <i><security></i> XML element in the collectionConfig.xml file. In the example of the authen-e collection, all <i>document</i>s are set to <i>private</i> access by default, with the <i>exception</i> that they are accessible to logged in members of a <i>group</i> called <i>"demo"</i>. The <i>security</i> element further defines a set of documents (<i>documentSet</i>) called "always-public" which contains 2 documents denoted by their document identifiers/OIDs (fb33fe and fb34fe). This documentSet specifies an exceptional case\: the documents in the documentSet are <i>not</i> private access like other documents in the collection are by default, but can instead be accessed by anyone in <i>any</i> group, as no group is specified for their access. \n\
|
|---|
| 25 | <pre><security default_access=QQQQ"private" scope="document"> \n\
|
|---|
| 26 | <exception> \n\
|
|---|
| 27 | <group name=QQQQ"demo"/> \n\
|
|---|
| 28 | </exception> \n\
|
|---|
| 29 | <exception> \n\
|
|---|
| 30 | <documentSet name=QQQQ"always-public"/> \n\
|
|---|
| 31 | <group name=QQQQ""/> \n\
|
|---|
| 32 | </exception> \n\
|
|---|
| 33 | <documentSet name=QQQQ"always-public"> \n\
|
|---|
| 34 | <match>fb33fe</match> \n\
|
|---|
| 35 | <match>fb34fe</match> \n\
|
|---|
| 36 | </documentSet> \n\
|
|---|
| 37 | </security></pre> \n\
|
|---|
| 38 | </p>
|
|---|
| 39 |
|
|---|
| 40 | description5=QQQQ<p>In this case, we have used the <i>-OIDtype dirname</i> option to HTMLPlugin, which specifies that directory names should be used as identifiers. This works for collections where each document is in a separate directory. We have used this option to ensure that identifiers remain the same across different platforms (which may not be the case for HASH identifiers), as we need to specify identifiers here for the <i>documentSet</i>s controlling exceptions to the default access granted (or withheld) by the <i>security</i> element.</p>
|
|---|
| 41 |
|
|---|
| 42 | description6=QQQQ<p>The <i>security</i> directive element specifies the Greenstone <i>group</i>s for to which access will be permitted, if the document (or collection) is one of those that requires authentication. The security element is to contain <i>exception</i> and <i>documentSet</i> elements to define one or more group names that will override the <i>default_access</i> set on the security element (whether all documents are private by default, for example, in which case <i>exception</i> elements define which groups <i>do</i> have access to the collection materials). The Greenstone <i>admin</i> pages allow you to define groups and add members to them.</p>
|
|---|
| 43 |
|
|---|
| 44 | description7=QQQQ<p>For more information on authentication in GS3, the different possibilities when using the <i>security</i> element in a GS3 collectionConfig file, and creating new users and adding them to groups, refer to the following pages on the Greenstone wiki \n\
|
|---|
| 45 | <ul> \n\
|
|---|
| 46 | <li><a href=QQQQ"http\://wiki.greenstone.org/doku.php?id=en\:user\:authentication">Authentication in Greenstone</a></li> \n\
|
|---|
| 47 | <li><a href=QQQQ"http\://wiki.greenstone.org/doku.php?id=en\:user_advanced\:security">Security in Greenstone Collections</a></li> \n\
|
|---|
| 48 | <li><a href=QQQQ"http\://wiki.greenstone.org/doku.php?id=en\:user_advanced\:gs3_user_management">Greenstone 3 User Management</a></li> \n\
|
|---|
| 49 | </ul> \n\
|
|---|
| 50 | </p>
|
|---|
