Search Results

Search found 1408 results on 57 pages for 'declarative authorization'.

Page 2/57 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • if_attribute on declarative authorization

    - by Victor Martins
    I have a many-to-many relationship like this: A user has_many organizations through affiliations and vice-versa. I'm using declarative organizations and I only want a user to edit a particular organization if he is affiliated and the affiliationtype attribute of affiliation is a particular value. So affiliations has 3 columns , user_id, organization_id and affiliationtype_id I can do: o = Organization.find(:first) o.affiliatons[0].user and get the user now I wish to do this: has_permission_on [:organizations], :to => :edit do if_attribute (...) end That if_attribute should see if the current user is the organization.affiliation[?].user and if the organization.affiliation[?].affiliationtype_id = "3" I hope this is syntax issue ... I really need to get this working.

    Read the article

  • Java basic authorization with URLConnection

    - by zigomir
    Hello! I'm opening a connection to WebService with an URLConnection class. I also set request property for basic authorization like this: c.setRequestProperty("Authorization", "Basic " + usernameAndPasswordEncoded); Where c is an object of type URLConnection. So this is client side of WebService call. Now on server side I need to get username from session: User user = (User) request.getSession().getAttribute("user"); But this won't get an username. Also if I look through debug mode, I see an anonymous userName in HttpSession object. What to do to solve this problem, so that username is sent through client to WebService server for authorization? Thanks everyone!

    Read the article

  • Is there a declarative language for data definitions?

    - by Jekke
    Reading about WPF and thinking about my application's data store at the same time led me to wonder if there are any languages or tools that allow you to define relational data in a declarative way? A shallow Google search suggests no such thing exists. Yet it seems so obviously useful. The kind of tool I have in mind would declaratively describe (at least) entities, relationships and views is a platform-agnostic way that would act as an abstraction layer between data-driven applications and their datastores. Does any such tool exist?

    Read the article

  • declarative authorization and has_and_belongs_to_many

    - by Michael Balsiger
    Hi, I have a little problem with declarative-authorization. I have a User and Role Model with a has_and_belongs_to_many association. I've created a Role named :moderator in my authorization_rules.rb Is it possible that a User with the Role Moderator only gets the Users that have the Moderator Role assigned to it?? -- User.with_permissions_to(:index) I thought it would be possible like that: role :moderator do has_permission_on :users, :to => :index do if_attribute :roles => contains { ????? } end end I also created a named_scope in my User Model because I thought it would help... class User has_and_belongs_to_many :roles named_scope :by_role, lambda { |role| { :include => :roles, :conditions => {"roles.name" => role} } } end Does anyone knows if it's possible to do this with declarative_authorization? Thanks for your help!

    Read the article

  • Authorization in a more purely OOP style...

    - by noblethrasher
    I've never seen this done but I had an idea of doing authorization in a more purely OO way. For each method that requires authorization we associate a delegate. During initialization of the class we wire up the delegates so that they point to the appropriate method (based on the user's rights). For example: class User { private deleteMemberDelegate deleteMember; public StatusMessage DeleteMember(Member member) { if(deleteMember != null) { deleteMember(member); } } //other methods defined similarly... User(string name, string password) //cstor. { //wire up delegates based on user's rights. //Thus we handle authentication and authorization in the same method. } } This way the client code never has to explictly check whether or not a user is in a role, it just calls the method. Of course each method should return a status message so that we know if and why it failed. Thoughts?

    Read the article

  • getRequestProperty("Authorization") always returns null

    - by Thilo
    I am trying to read the authorization header for an HTTP request (because I need to add something to it), but I always get null for the header value. Other headers work fine. public void testAuth() throws MalformedURLException, IOException{ URLConnection request = new URL("http://google.com").openConnection(); request.setRequestProperty("Authorization", "MyHeader"); request.setRequestProperty("Stackoverflow", "anotherHeader"); // works fine assertEquals("anotherHeader", request.getRequestProperty("Stackoverflow")); // Auth header returns null assertEquals("MyHeader", request.getRequestProperty("Authorization")); } Am I doing something wrong? Is this a "security" feature? Is there a way to make this work with URLConnection, or do I need to use another HTTP client library?

    Read the article

  • Ask StackOverFlow : Canny a LightWeight Authorization library in Java

    - by eltados
    In the course of my work i need to develop an authorization engine ( i'm already authenticated and i check access of a user to an action ) in order to store all the authorization logic inside a same place and be able to reuse it and i have created the mini library. http://github.com/eltados/canny (updated) what do you think about it? What are the limits of my approch ? Do you understand the benefit or it? Is there any lightweight Authorization engine library i could have a look at? I had a look at spring security and it does not really answer my requirement. The main idea is that i want to be able to reuse the same code to controll access in the controllers and the views.

    Read the article

  • Multiple CAS servers with Microsoft Exchange and selective authorization

    - by John Wilcox
    I have a Microsoft Exchange 2010 organization within one Microsoft Windows domain and I have users accessing it through OWA. For simplicity lets say I currently have one CAS server (CAS 1) which is accessible only through a VPN connection. Lets call the users connecting to the first CAS group a. For some users though, I need to install another CAS server (CAS 2) so that they can connect without using a VPN connection. Lets call those users group b. What I need to achieve is that group a can only log in to CAS 1 and group b can only log in to CAS 2. Now I know that one can disable/enable OWA per user but in my case that is not enough because OWA must be enabled for both groups.

    Read the article

  • "Half" ssh authorization to a server with git repository

    - by hsz
    Hello ! Currently I have purchased web hosting with ssh access. I have created a git repository on it and if I set my public key in ~/.ssh/authorized_keys file, I have access to that repo, I can push/pull data, etc. This solution allows access for every user that has his public key in authorized_keys file. But there is one thing that I want to avoid. Every user can login to the server too and has access to whole ssh account. Is it possible to create a blacklist of users' keys that will not have an access to ssh ? I see it that way: user logs in to a git - ok, allow for every one user logs in to ssh account ~/.profile file is hooked and called a custom script: check user's public key if public key is in ~/.ssh/blacklist_keys call bash exit/logout Is it possible in any way ?

    Read the article

  • Authorization error when testing FTP to UNC

    - by user64204
    We have a Windows Server 2008 R2 with Active Directory (hereafter called DC) running as a domain controller on which we have IIS and an FTP site installed. We have a second Server 2008 (hereafter called SHARE) which is joined to that domain and has a disk shared as a network share (\\share\Office). That network share is used as the ftp's physical path on DC. We've tested the FTP from the IIS FTP configuration panel, by clicking on Basic Settings... then Test Settings.... When setting Administrator as a username with the Connect as... option, everything is fine: When no user is provided we can the below error: Q1: Could someone explain in more understandable terms what is written in the Details text area?

    Read the article

  • How to decouple trac from or align trac with apache authorization

    - by Laizer
    I've had a trac server running for about a year now - chugging along just as expected. Today, I implemented basic authorization on the apache server that trac runs under. Trac now picks up the user as authenticated by Apache, and doesn't allow either logout or a login. I tried to create an apache user with the same name and password as a trac user, but the behavior remained - I can't access trac. How do I align trac with Apache authorization?

    Read the article

  • Flex URLRequest and .NET authorization

    - by user252160
    can I make role based authorization when sending requests to an ASP.NET MVC backend system. I am calling action methods and expecting JSON results, however, some action methods are decorated with the [Authorize] attribute, others require some role privileges to be present. I certainly hope that passing authorization data with every request is possible

    Read the article

  • Twitter authentication without authorization

    - by user325377
    I wish to get the tweeter usename of a visitor to my site. I do not wish to post statuses or access any other information. I'd be happy to use OAuth, possibly with a 'Sign in with Twitter' button, but this then takes the user to a page which requests authorization for the application, that I wish to avoid. Is there a way to get the username without authorization? Thanks, Daniel

    Read the article

  • Is there a recommended approach for using SQL Server as an Authorization store and extending AD properties using .Net? [closed]

    - by Jim
    We are going to be using SQL Server as an authorization store for our .Net windows services and WCF services as well as storing additional metadata about users and groups to extend the AD properties. Doing this will make this self service and not require IT to change anything for our department (for users or groups). What if any are the existing recommended stategies or technologies that do this function?

    Read the article

  • OSGI Declarative Services (DS): What is a good way of using service component instances

    - by Christoph
    I am just getting started with OSGI and Declarative Services (DS) using Equinox and Eclipse PDE. I have 2 Bundles, A and B. Bundle A exposes a component which is consumed by Bundle B. Both bundles also expose this service to the OSGI Service registry again. Everything works fine so far and Equinox is wireing the components together, which means the Bundle A and Bundle B are instanciated by Equinox (by calling the default constructor) and then the wireing happens using the bind / unbind methods. Now, as Equinox is creating the instances of those components / services I would like to know what is the best way of getting this instance? So assume there is third class class which is NOT instantiated by OSGI: Class WantsToUseComponentB{ public void doSomethingWithComponentB(){ // how do I get componentB??? Something like this maybe? ComponentB component = (ComponentB)someComponentRegistry.getComponent(ComponentB.class.getName()); } I see the following options right now: 1. Use a ServiceTracker in the Activator to get the Service of ComponentBundleA.class.getName() (I have tried that already and it works, but it seems to much overhead to me) and make it available via a static factory methods public class Activator{ private static ServiceTracker componentBServiceTracker; public void start(BundleContext context){ componentBServiceTracker = new ServiceTracker(context, ComponentB.class.getName(),null); } public static ComponentB getComponentB(){ return (ComponentB)componentBServiceTracker.getService(); }; } 2. Create some kind of Registry where each component registers as soon as the activate() method is called. public ComponentB{ public void bind(ComponentA componentA){ someRegistry.registerComponent(this); } or public ComponentB{ public void activate(ComponentContext context){ someRegistry.registerComponent(this); } } } 3. Use an existing registry inside osgi / equinox which has those instances? I mean OSGI is already creating instances and wires them together, so it has the objects already somewhere. But where? How can I get them? Conclusion Where does the class WantsToUseComponentB (which is NOT a Component and NOT instantiated by OSGI) get an instance of ComponentB from? Are there any patterns or best practises? As I said I managed to use a ServiceTracker in the Activator, but I thought that would be possible without it. What I am looking for is actually something like the BeanContainer of Springframework, where I can just say something like Container.getBean(ComponentA.BEAN_NAME). But I don't want to use Spring DS. I hope that was clear enough. Otherwise I can also post some source code to explain in more detail. Thanks Christoph UPDATED: Answer to Neil's comment: Thanks for clarifying this question against the original version, but I think you still need to state why the third class cannot be created via something like DS. Hmm don't know. Maybe there is a way but I would need to refactor my whole framework to be based on DS, so that there are no "new MyThirdClass(arg1, arg2)" statements anymore. Don't really know how to do that, but I read something about ComponentFactories in DS. So instead of doing a MyThirdClass object = new MyThirdClass(arg1, arg2); I might do a ComponentFactory myThirdClassFactory = myThirdClassServiceTracker.getService(); // returns a if (myThirdClassFactory != null){ MyThirdClass object = objectFactory.newInstance(); object.setArg1("arg1"); object.setArg2("arg2"); } else{ // here I can assume that some service of ComponentA or B went away so MyThirdClass Componenent cannot be created as there are missing dependencies? } At the time of writing I don't know exactly how to use the ComponentFactories but this is supposed to be some kind of pseudo code :) Thanks Christoph

    Read the article

  • OEG11gR2 integration with OES11gR2 Authorization with condition

    - by pgoutin
    Introduction This OES use-case has been defined originally by Subbu Devulapalli (http://accessmanagement.wordpress.com/).  Based on this OES museum use-case, I have developed the OEG11gR2 policy able to deal with the OES authorization with condition. From an OEG point of view, the way to deal with OES condition is to provide with the OES request some Environmental / Context Attributes.   Museum Use-Case  All painting in the museum have security sensors, an alarm goes off when a person comes too close a painting. The employee designated for maintenance needs to use their ID and disable the alarm before maintenance. You are the Security Administrator for the museum and you have been tasked with creating authorization policies to manage authorization for different paintings. Your first task is to understand how paintings are organized. Asking around, you are surprised to see that there isno formal process in place, so you need to start from scratch. the museum tracks the following attributes for each painting 1. Name of the work 2. Painter 3. Condition (good/poor) 4. Cost You compile the list of paintings  Name of Painting  Painter  Paint Condition  Cost  Mona Lisa  Leonardo da Vinci  Good  100  Magi  Leonardo da Vinci  Poor  40  Starry Night  Vincent Van Gogh  Poor  75  Still Life  Vincent Van Gogh  Good  25 Being a software geek who doesn’t (yet) understand art, you feel that price(or insurance price) of a painting is the most important criteria. So you feel that based on years-of-experience employees can be tasked with maintaining different paintings. You decide that paintings worth over 50 cost should be only handled by employees with over 20 years of experience and employees with less than 10 years of experience should not handle any painting. Lets us start with policy modeling. All paintings have a common set of attributes and actions, so it will be good to have them under a single Resource Type. Based on this resource type we will create the actual resources. So our high level model is: 1) Resource Type: Painting which has action manage and the following four attributes a) Name of the work b) Painter c) Condition (good/poor) d) Cost 2) To keep things simple lets use painting name for Resource name (in real world you will try to use some identifier which is unique, because in future we may end up with more than one painting which has the same name.) 3) Create Resources based on the previous table 4) Create an identity attribute Experience (Integer) 5) Create the following authorization policies a) Allow employees with over 20 years experience to access all paintings b) Allow employees with 10 – 20 years of experience to access painting which cost less than 50 c) Deny access to all paintings for employees with less than 10 year of experience OES Authorization Configuration We do need to create 2 authorization policies with specific conditions a) Allow employees with over 20 years experience to access all paintings b) Allow employees with 10 – 20 years of experience to access painting which cost less than 50 c) Deny access to all paintings for employees with less than 10 year of experience We don’t need an explicit policy for Deny access to all paintings for employees with less than 10 year of experience, because Oracle Entitlements Server will automatically deny if there is no matching policy. OEG Policy The OEG policy looks like the following The 11g Authorization filter configuration is similar to :  The ${PAINTING_NAME} and ${USER_EXPERIENCE} variables are initialized by the "Retrieve from the HTTP header" filters for testing purpose. That's to say, under Service Explorer, we need to provide 2 attributes "Experience" & "Painting" following the OES 11g Authorization filter described above.

    Read the article

  • Custom fine-grained claims based authorization system in ASP.NET MVC - wheres and hows

    - by BuzzBubba
    So, I'd like to implement my own custom authorization system in MVC2. If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any data to the action itself? Previously (in WebForms) I was using a Session object where I would put a serialized object containing essential user data (account id and a list of roles and rights) and I'd extend my own Page class.

    Read the article

  • Rails authorization plugins

    - by jacklin
    We are evaluating plugins for Authorization in Rails. The two at the top of our list are cancan and declarative_authorization. I would like to get some feedback from anyone currently using either of these plugins. The problem we are going to face with any authorization plugin is that we have a database per customer model and will need to modify the plugin to work within that model. Because of this fact I'm interested in hearing from anyone who has had to tweak the plugins at all as well. I'm just starting to look around at the code. It seems like cancan might be a little easier to customize. Any thoughts?

    Read the article

  • rails declarative authorization, permit all actions for controller?

    - by SooDesuNe
    using the delcarative_authorization gem for rails, is there a shortcut to allow a role access to all controller actions? privileges do # default privilege hierarchies to facilitate RESTful Rails apps privilege :manage, :includes => [:create, :read, :update, :delete] end isn't sufficient, because I have more controlling methods than just CRUD in my controllers. Something like: role :foo do has_permission_on :bar, :to =>[:all] end would be perfect, but I'm not finding it in the docs.

    Read the article

  • C++ Declarative Parsing Serialization

    - by Martin York
    Looking at Java and C# they manage to do some wicked processing based on special languaged based anotation (forgive me if that is the incorrect name). In C++ we have two problems with this: 1) There is no way to annotate a class with type information that is accessable at runtime. 2) Parsing the source to generate stuff is way to complex. But I was thinking that this could be done with some template meta-programming to achieve the same basic affect as anotations (still just thinking about it). Like char_traits that are specialised for the different types an xml_traits template could be used in a declaritive way. This traits class could be used to define how a class is serialised/deserialized by specializing the traits for the class you are trying to serialize. Example Thoughs: template<typename T> struct XML_traits { typedef XML_Empty Children; }; template<> struct XML_traits<Car> { typedef boost::mpl::vector<Body,Wheels,Engine> Children; }; template<typename T> std::ostream& Serialize(T const&) { // my template foo is not that strong. // but somthing like this. boost::mpl::for_each<typename XML_Traits<T>::Children,Serialize>(data); } template<> std::ostream& Serialize<XML_Empty>(T const&) { /* Do Nothing */ } My question is: Has anybody seen any projects/decumentation (not just XML) out there that uses techniques like this (template meta-programming) to emulate the concept of annotation used in languges like Java and C# that can then be used in code generation (to effectively automate the task by using a declaritive style). At this point in my research I am looking for more reading material and examples.

    Read the article

  • Token based Authentication for WCF HTTP/REST Services: Authorization

    - by Your DisplayName here!
    In the previous post I showed how token based authentication can be implemented for WCF HTTP based services. Authentication is the process of finding out who the user is – this includes anonymous users. Then it is up to the service to decide under which circumstances the client has access to the service as a whole or individual operations. This is called authorization. By default – my framework does not allow anonymous users and will deny access right in the service authorization manager. You can however turn anonymous access on – that means technically, that instead of denying access, an anonymous principal is placed on Thread.CurrentPrincipal. You can flip that switch in the configuration class that you can pass into the service host/factory. var configuration = new WebTokenWebServiceHostConfiguration {     AllowAnonymousAccess = true }; But this is not enough, in addition you also need to decorate the individual operations to allow anonymous access as well, e.g.: [AllowAnonymousAccess] public string GetInfo() {     ... } Inside these operations you might have an authenticated or an anonymous principal on Thread.CurrentPrincipal, and it is up to your code to decide what to do. Side note: Being a security guy, I like this opt-in approach to anonymous access much better that all those opt-out approaches out there (like the Authorize attribute – or this.). Claims-based Authorization Since there is a ClaimsPrincipal available, you can use the standard WIF claims authorization manager infrastructure – either declaratively via ClaimsPrincipalPermission or programmatically (see also here). [ClaimsPrincipalPermission(SecurityAction.Demand,     Resource = "Claims",     Operation = "View")] public ViewClaims GetClientIdentity() {     return new ServiceLogic().GetClaims(); }   In addition you can also turn off per-request authorization (see here for background) via the config and just use the “domain specific” instrumentation. While the code is not 100% done – you can download the current solution here. HTH (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

    Read the article

  • web.config + asp.net MVC + location > system.web > authorization + Integrated Security

    - by vdh_ant
    Hi guys I have an ASP.Net MVC app using Integrated Security that I need to be able grant open access to a specific route. The route in question is '~/Agreements/Upload' and the config I have setup looks like this: <configuration> ... <location path="~/Agreements/Upload"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> ... </configuration> I have tried a few things and nothing has worked thus far. In IIS under Directory Security Authentication Methods I only have "Integrated Windows Authentication" selected. Now this could be part of my problem (as even though IIS allows the above IIS doesn't). But if that's the case how do I configure it so that Integrated Security works but allows people who aren't authenticated to access the given route. Cheers Anthony

    Read the article

  • Authorization and authenthication for WinForm application

    - by Adrian
    Hi! I'm starting to develop windows application and I've been looking around for some authenthication and authorization solution available, but no luck so far. I have to be able to allow admin create users and roles, assign users to roles and define access to controls on form for specified roles (button enabled/disabled etc). Is there any solution out there or maybe someone could give me short description of solution he's using? Adrian

    Read the article

  • Download HTML content that require authorization?

    - by NVA
    I use WebClient from System.Net Namespace of Visual Studio 2008 to download the HTML content. It done well with normal website but with some 4rum that require authorization such as warez-bb.org, it always return the HTML of the login page. I wonder if there is a way to send the username and password to the WebClient?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >