Authentication demo


This demonstration collection contains the same material as the original Greenstone demo collection, but it includes some basic authentication commands. Two documents are publicly available (Farming snails 1 & 2), while the others require logging in to view.

To access this collection try user: demo and password: demo

How the collection works

The collection configuration file is exactly the same as for the original demo collection apart from the authentication directives, one plugin option (and this description).

The authentication scheme controls access to the collection. It works in two steps. First it determines whether to restrict access to the collection as a whole or to individual documents in it, and in the latter case which documents those are (either by giving a list of private documents for which access is to be authenticated, or specifying that all documents are private except for a given list of public documents). Then for access-restricted documents it determines which user groups are to have access.

Authentication is activated using the <security> XML element in the collectionConfig.xml file. In the example of the authen-e collection, all documents are set to private access by default, with the exception that they are accessible to logged in members of a group called "demo". The security element further defines a set of documents (documentSet) called "always-public" which contains 2 documents denoted by their document identifiers/OIDs (fb33fe and fb34fe). This documentSet specifies an exceptional case: the documents in the documentSet are not private access like other documents in the collection are by default, but can instead be accessed by anyone in any group, as no group is specified for their access.

<security default_access="private" scope="document"> 
	<exception> 
		<group name="demo"/> 
	</exception> 
	<exception> 
		<documentSet name="always-public"/> 
			<group name=""/> 
	</exception> 
	<documentSet name="always-public"> 
		<match>fb33fe</match> 
		<match>fb34fe</match> 
	</documentSet> 
</security>

In this case, we have used the -OIDtype dirname option to HTMLPlugin, which specifies that directory names should be used as identifiers. This works for collections where each document is in a separate directory. We have used this option to ensure that identifiers remain the same across different platforms (which may not be the case for HASH identifiers), as we need to specify identifiers here for the documentSets controlling exceptions to the default access granted (or withheld) by the security element.

The security directive element specifies the Greenstone groups for to which access will be permitted, if the document (or collection) is one of those that requires authentication. The security element is to contain exception and documentSet elements to define one or more group names that will override the default_access set on the security element (whether all documents are private by default, for example, in which case exception elements define which groups do have access to the collection materials). The Greenstone admin pages allow you to define groups and add members to them.

For more information on authentication in GS3, the different possibilities when using the security element in a GS3 collectionConfig file, and creating new users and adding them to groups, refer to the following pages on the Greenstone wiki