Requirements

• Authenticate students against University Directory Service http://www.dsa.unibo.it;
• allow authenticated students to edit/comment documents;
• deny authenticated students the right to delete documents.

Analysis

• A student profile is required enforcing the requirements provided;
• actual authentication plugin/system provides authentication against DSA for University Professors and Technicians.

Design / Solution

• Define a Student group with
  • allow rights for: edit, comment;
  • deny rights for: delete.
• Extend current DSA leveraging authentication system replicating actions in the if-branch matching "@unibo.it" usernames, for "@studio.unibo.it" matching usernames (the replicated if-branch) on account creation add the account to the Student group.

Testing

The solution has been successfully tested on testing webapp istance "xwiki_test" using testing database "xwiki_test".

• Created groups: XWiki.StudentGroup and XWiki.FacultyGroup;
• Authenticated user marco.fabbri2@studio.unibo.it:
  • Profile Created;
  • Profile Added to group XWiki.StudentGroup;
• Authenticated user marco.fabbri28@unibo.it:
  • Profile Created;
  • Profile Added to group XWiki.FacultyGroup;

Deployment and Execution

DSA authentication plugin (apice-dsa-1.5.0.jar) has been placed in $TOMCAT_INSTALL_DIR/webapps/xwiki/WEB-INF/lib replacing all authentication plugin (apice-dsa-1.0.3-jar).

The new authentication mechanism is in place as described in StudentAuthenticationthroughDSA.