Search Results

Search found 1408 results on 57 pages for 'declarative authorization'.

Page 38/57 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • joomla .htaccess file rewrite rule explanation required

    - by Vivek Chandraprakash
    Hi, I'm trying to understand the following lines in joomla's .htaccess file. Can someone explain this please #RewriteCond %{REQUEST_FILENAME} !-f #RewriteCond %{REQUEST_FILENAME} !-d #RewriteCond %{REQUEST_URI} !^/index.php #RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] #RewriteRule (.*) index.php #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] I want to do some custom redirects for example if a url is like this example.com/subdirectory1 i want to redirect to some article. tried adding this line in the .htaccess file RewriteRule ^somepath index.php?option=com_content&view=article&id=1&Itemid=12 but for some reason the article shows the title even though it's not supposed to show. when i access using the long url string the title doesn't appear if i rewrite it appears. Please help. -Vivek

    Read the article

  • oauth process for twitter. the difference between client and web application

    - by Radek
    I managed to make the oauth process work for PIN kind of verification. My twitter application is client type. When enter authorize url into web browser and grant the application access then I have to enter pin in my ruby application. Can I finish the process of getting access token without the pin thing? My current code is like. What changes do I need to do to make it work without pin? gem 'oauth' require 'oauth/consumer' consumer_key = 'w855B2MEJWQr0SoNDrnBKA' consumer_secret ='yLK3Nk1xCWX30p07Id1ahxlXULOkucq5Rve28pNVwE' consumer=OAuth::Consumer.new consumer_key, consumer_secret, {:site=>"http://twitter.com"} request_token = consumer.get_request_token puts request_token.authorize_url puts "Hit enter when you have completed authorization." pin = STDIN.readline.chomp access_token = request_token.get_access_token(:oauth_verifier => pin) puts puts access_token.token puts access_token.secret

    Read the article

  • ASP.NET MVC AuthorizeAttribute passing values to ActionMethod?

    - by subskii
    Hi everyone I'm only a newcomer to ASP.NET MVC and am not sure how to achieve a certain task the "right way". Essentially, I store the logged in userId in HttpContext.User.Identity and have written an EnhancedAuthorizeAttribute to perform some custom authorization. In the overriden OnAuthorization method, my domain model hits the database to ensure the current user id can access the passed in routeValue "BatchCode". The prototype is: ReviewGroup GetReviewGroupFromBatchCode(string batchCode); It will return null if the user can't access the ReviewGroup and the OnAuthorization then denies access. Now, I know the decorated action method will only get executed if OnAuthorization passes, but I don't want to hit the database a second time to get the ReviewGroup again. I am thinking of storing the ReviewGroup in HttpContext.Items["reviewGroup"] and accessing this from the controller at the moment. Is this a feasible solution, or am I on the wrong path? Thanks!

    Read the article

  • Restlets with Google App Engine, Java Server Pages, (JSP's), and Shiro authentication

    - by DutrowLLC
    I'm having difficulty integrating Restlets into my project. I'm using google app engine (GAE) and I also have some java server pages (JSPs) set up. The JSP's never seem to work at the same time as the Restlets, should I only be using one or the other in GAE? I'm also using Shiro (formerly Ki, formerly JSecurity) and I have been unable to get Restlets to work with Shiro's filter for authentication. Are there any issues in particular that I should be aware of? What are other people using to secure restlet apps on GAE? Is Shiro overkill if I just need authentication and some role-based authorization? Thanks so much! Chris

    Read the article

  • Talking to an Authentication Server

    - by Kyle Terry
    I'm building my startup and I'm thinking ahead for shared use of services. So far I want to allow people who have a user account on one app to be able to use the same user account on another app. This means I will have to build an authentication server. I would like some opinions on how to allow an app to talk to the authentication server. Should I use curl? Should I use Python's http libs? All the code will be in Python. All it's going to do is ask the authentication server if the person is allowed to use that app and the auth server will return a JSON user object. All authorization (roles and resources) will be app independent, so this app will not have to handle that. Sorry if this seems a bit newbish; this is the first time I have separated authentication from the actual application.

    Read the article

  • Recieving server broadcast on mobile in real time

    - by Manjoor
    I have to write a simple mobile application that is able to recieve broadcast from a server, connected using GPRS, over a secure SSL connection. The amount of data mobile need to recieve is very small (about 100 character string for a single broadcast and maximum 10 broadcast per minute) I need to display it on screen and generate a alert sound (and vibrate the device). Client need not to send anything back to server. (ofcourse at the time of intialization the client app need to send some data for authorization) The target mobile plateform is symbion S60 and Blackberry. How can i do this? What tools, SDK and Third party framework (if needed) i should use? I am familier with java and network programming but not for mobile device.

    Read the article

  • Spring - MVC - Sanitize URL before redisplaying to the user

    - by Raghav
    In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization. Example: http://www.example.com/welcome<script>alert("hi")</script> The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is. Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user Reference: Spring MVC application filtering HTML in URL - Is this a security issue?

    Read the article

  • How to integrate Facebook the new Graph Api with Authlogic in Ruby on Rails?

    - by amrnt
    I've began with a new project using Authlogic system for Authorization. And I'm now wondering how could I connect Facebook oAuth sessions with my Authlogic session! First of all I want to use and Authlogic-oAuth Gems/Plugins, I what I want to use are just http://github.com/intridea/oauth2 and the interesting http://github.com/nsanta/fbgraph and associate them all with Authlogic. I tried using Authlogic with authlogic-connect extension, but It didnt fill up my needs. And I think the three of the amazing gems above togother will make things done in quality and as I want. Thanks in advance.

    Read the article

  • Which one should I choose AMQP or XMPP for real-time browser-based game?

    - by Devyn
    Hi, I'm choosing between AMQP (RabbitMQ) vs XMPP (eJabberd) for my browser-based flash-free javascript powered real-time turn-based game. I don't know much about AMQP and XMPP protocol. I would like to use PHP for user-authorization and some data store-retrieve with MySQL. As far as I found out, RabbitMQ has PHP clients but eJabberd not. What I understood is javascript client calls PHP script and manipulate necessary processing and then pass to AMQP or XMPP server to pass the data to opponent player. There is a good book 'Pro XMPP Programming with JS and jQuery' from Wrox but there is no example with PHP. So following are my questions. 1) Which protocol is suit for my game? 2) Shall I choose RabbitMQ just for it's PHP client support?

    Read the article

  • Geolocation under firefox 3.6 requires Proxy Authentication?

    - by prem
    I am trying to share my location on geolocation enabled pages from firefox 3.6, but doesn't seem to get any kind of success or failures. When I wrote my custom js containing navigator.geolocation.getCurrentPosition(func1,func2), the success callback isn't called at all. When I tamper the http requests on firefox, the request to https://www.google.com/loc/json returns with status: 407 [Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )]... Yes, my network is behind a proxy server. But the same works with Chrome. I didn't try other browsers yet.

    Read the article

  • How to organize asp.net mvc project (using entity framework) and a corresponding database project?

    - by Bernie
    I recently switched to vs2010 and am experimenting with asp.net MVC2. I am building a simple website and use the entity framework to design the data model. From the .edmx file, I generate the database tables. After a few iterations, I decided that it would be nice to have version control of the database schema as well, and therefore I added a database project into which I imported the script that is generated from the datamodel. As a result, I have to generate the sql every time that I change the model and redo the import. The database project automatically updates the database. Although the manual steps to generate the sql and the import are annoying, this works pretty well, until I wanted to add the standard tables for user accounts/authorization etc. I can use the framework tools to add the necessary tables, views etc. to the database, but as I do not want to have them in the .edmx model I end up with a third manual step. Is anybody facing similar issues?

    Read the article

  • Webview can't type in, is that because of missing setting?

    - by Pentium10
    I have an Android application that connects to Facebook to request authorization of an Application. I use the following setting in the WebView, but once the view is loaded, I can't type in login details. What I am missing? WebView webview; webview = (WebView) findViewById(R.id.facebookview); webview.getSettings().setJavaScriptEnabled(true); webview.setWebViewClient(new FacebookWebViewClient()); webview .loadUrl("http://www.connect.facebook.com/login.php?return_session=1&nochrome=1&fbconnect=1&extern=2&connect_display=popup&api_key=" + FConnect.API_KEY + "&v=1.0&next=" + FConnect.SUCCESS_URL + "%3Ffb_login%26fname%3D_opener&cancel_url=" + FConnect.CANCEL_URL + "%23fname%3D_opener%26%257B%2522t%2522%253A3%252C%2522h%2522%253A%2522fbCancelLogin%2522%252C%2522sid%2522%253A%25220.741%2522%257D&channel_url=" + FConnect.XD_RECEIVER);

    Read the article

  • How do I convert the below PHP code to VB.NET?

    - by Greg
    How do I convert the below PHP code to VB.NET? <?php $X_HOST ="foo.com"; $X_URL = "/index.php"; $X_PORT ="8080"; $X_USERNAME = "foo"; $X_PASSWORD = "bar"; $s_POST_DATA = "Channel=UK.VODAFONE"; // Channel $s_POST_DATA .= "&Shortcode=12345"; // Shortcode $s_POST_DATA .= "&SourceReference=3456"; // Source Reference $s_POST_DATA .= "&MSISDN=447811111111"; // Phone $s_POST_DATA .= "&Content=test"; // Content $s_POST_DATA .= "&DataType=0"; // Data Type $s_POST_DATA .= "&Premium=1"; // Premium $s_POST_DATA .= "&CampaignID=4321"; // CampaignID $s_Request = "POST ".$X_URL." HTTP/1.0\r\n"; $s_Request .="Host: ".$X_HOST.":".$X_PORT."\r\n"; $s_Request .="Authorization: Basic ".base64_encode($X_USERNAME.":".$X_PASSWORD)."\r\n"; $s_Request .="Content-Type: application/x-www-form-urlencoded\r\n"; $s_Request .="Content-Length: ".strlen($s_POST_DATA)."\r\n"; $s_Request .="\r\n".$s_POST_DATA; //Sends out the request to the server. $fp = fsockopen ($X_HOST, $X_PORT, $errno, $errstr, 30) or die("Error!!!"); fputs ($fp, $s_Request); while (!feof($fp)) { $s_GatewayResponse .= fgets ($fp, 128); } fclose ($fp); //Array of official response codes. $a_Responses = array( "100" => "Server has returned an unspecified error.", "101" => "Server successfully received the request.", "102" => "Server has returned an database error", "103" => "Server has returned an syntax error." ); echo "<HTML>\n<BODY>\n\n"; //Checks for an official response code. foreach ($a_Responses as $s_ResponseCode => $s_ResponseDescription) { if (stristr($s_GatewayResponse, "\n$s_ResponseCode\n")) { echo "A response code of $s_ResponseCode was returned – "; echo $s_ResponseDescription"; $b_CodeReturned = true; } } //Checks for an authorization failure where an official response code has //not been recognized. if (!$b_CodeReturned) { if (stristr($s_GatewayResponse, "HTTP/1.1 401")) { echo "The server rejected your username/password (HTTP 401)."; } else { echo "No recognised response code was returned by the server."; } } echo "\n\n</BODY>\n</HTML>"; ?> and <?php $s_ref = $HTTP_POST_VARS["Reference"]; // Reference $s_trg = $HTTP_POST_VARS["Trigger"]; // trigger $s_shc = $HTTP_POST_VARS["Shortcode"]; // shortcode $s_pho = $HTTP_POST_VARS["MSISDN"]; // MSISDN $s_con = $HTTP_POST_VARS["Content"]; // Content $s_chn = $HTTP_POST_VARS["Channel"]; // Channel $s_pay = $HTTP_POST_VARS["DataType"]; // Data Type $s_dat = $HTTP_POST_VARS["DateReceived"]; // Date Received $s_cam = $HTTP_POST_VARS["CampaignID"]; // CampaignID $b_IsValid = getValidateRequest($s_ref, $s_trg, $s_shc, $s_pho, $s_con, $s_cam, $s_chn, $s_pay, $s_dat); if ($b_IsValid) { $s_ResponseCode = "success"; } else { $s_ResponseCode = "fail"; } exit($s_ResponseCode); /*******************************************************************************/ function getValidateRequest ($s_req_ref, $s_req_trg, $s_req_shc, $s_req_pho, $s_req_con, $s_req_cam, $s_req_chn, $s_req_pay, $s_req_dat) { /* * Stub function to be replaced with whatever process is needed to * process/validate request from server by specific client requirements. */ return(true); } ?> lastly <?php $s_ref = $HTTP_POST_VARS["Reference"]; // Reference $s_sta = $HTTP_POST_VARS["Status"]; // Status $s_dat = $HTTP_POST_VARS["DateDelivered"]; // Date Delivered $b_IsValid = getValidateReceipt($s_ref, $s_sta, $s_dat); if ($b_IsValid) { $s_ResponseCode = "success"; } else { $s_ResponseCode = "fail"; } exit($s_ResponseCode); /*******************************************************************************/ function getValidateReceipt ($s_req_ref, $s_req_sta, $s_req_dat) { /* * Stub function to be replaced with whatever process is needed to * process/validate receipts from server by specific client requirements. */ return(true); } ?> Thank you very much in advance Regards Greg

    Read the article

  • IE won't start session from an iframe?..

    - by jayarjo
    The task was to bypass login form on remote server with a session_id acquired through a call to server's web API. So that user wouldn't have to login twice. Since there's no way to set cookies for different domain. What we came up to was - put a little file on remote server, to which we pass encrypted session_id from hidden iframe and which is supposed to start a proper session for a remote app, which is then loaded in another iframe. This approach works fine in FF/Chrome, but not IE... However if I copy url to self-made remote authorization script from iframe's src attribute to to IE's address bar and load it from there, session get's created as expected. But for some reason it just doesn't want to do the same from an iframe. Does anyone have any clue, why this is happening?

    Read the article

  • Issues using ivy

    - by Almas
    Hi, I am new bie to ivy. I am using packager resolver and that packager resolver resolves the zip file, unzip it, extracts the jar file from it in temp build file, but it stays temporarily and only the jar file which i specified as a module name gets copied to destination rest of all are ignored. Is there a way i can get all the jar files? I use preseverBuildDirectories but is there a better way to do it? Also is it possible for me to publish an artifact to svn using normal ivy? I got error while i was trying to use ivy 2.1.0 on XP using ant 1.8.0 java.illegalArguementException saying authorization failed. Is there a way i can work through ivy:publish? Is there a way i can use ivy variable in packager.xml? Thanks in advance, Almas

    Read the article

  • Maven2 problem to access plugins repository !

    - by achraf
    Hi, i just come to install maven2, after configuring the settings.xml in ${user.home}/.m2 and fixing a proxy error. Now by executing the command : mvn -U archetype:create -DgroupId=maven-test -DartifactId=maven-test -DpackageName=net.ensode.maventest i get this error : [INFO] Scanning for projects... [INFO] Searching repository for plugin with prefix: 'archetype'. [INFO] org.apache.maven.plugins: checking for updates from central [WARNING] repository metadata for: 'org.apache.maven.plugins' could not be retri eved from repository: central due to an error: Authorization failed: Access deni ed to: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-metadata.xml [INFO] Repository 'central' will be blacklisted [INFO] ------------------------------------------------------------------------ [ERROR] BUILD ERROR [INFO] ------------------------------------------------------------------------ [INFO] The plugin 'org.apache.maven.plugins:maven-archetype-plugin' does not exi st or no valid version could be found [INFO] ------------------------------------------------------------------------ [INFO] For more information, run Maven with the -e switch [INFO] ------------------------------------------------------------------------ [INFO] Total time: < 1 second [INFO] Finished at: Thu Apr 29 16:05:40 CEST 2010 [INFO] Final Memory: 2M/247M [INFO] ------------------------------------------------------------------------ any idea of what could cause it ? thanks !

    Read the article

  • The Definitive Guide To Website Authentication (beta)

    - by Michiel de Mare
    Form Based Authentication For Websites Please help us create the definitive resource for this topic. We believe that stackoverflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form Based Authentication For Websites" should be a fine topic for such an experiment. It should include topics such as: how to log in how to remain logged in how to store passwords using secret questions forgotten password functionality OpenID "Remember me" checkbox Browser autocompletion of usernames and passwords secret urls (public urls protected by digest) checking password strength email validation and much more It should not include things like: roles and authorization http basic authentication Please help us by Suggesting subtopics Submitting good articles about this subject Editing the official answer (as soon as you have enough karma) UPDATE: See the terrific 7-part series by Jens Roland below.

    Read the article

  • goo.gl Api: How to know if URL was added to user's history?

    - by Manuel
    I'm using the goo.gl API as described here. It's easy to use and it works with or without authantication (I'm using OAuth). So, if I provide the OAuth token / secret, the shortened URL is added to the users history. My problem is, that I would like to show to the user that the shortened URL was added to his goo.gl history. The respone you get from the shortening request, however, is always the same, whether you use authorization or not: { "kind": "urlshortener#url", "id": "http://goo.gl/fbsS", "longUrl": "http://www.google.com/" } So, does anyone know a way to find out, if the shortened URL was successfully added to the user's history? Is there a parameter you can add to the request URL that leads to a more detailed result string?

    Read the article

  • What is the best tool to achieve this API design?

    - by Jose Fernandez
    Our web app offers a service that allows a "Publisher" to create a website (we give them a CMS system) that is ready to provide this service to "Members" (think Shopify). We have some possible clients that wish to become "Publishers" but they already have existing websites (vbulletin, word press blog, etc) with their own user base. We wish to develop an API that would allow these "Publishers" to keep using their own websites, and embed our services into them. Our main business requirement is that once "Members" are logged into the "Publishers" existing system, they should be able to also access our website without having to log-in again OR have to create another account there. The process should be seamless to the "Member" and "Publishers" should not have to sync their user base with our system. We also want to use an existing API authentication/authorization system instead of creating our own (OAuth, OpenID, etc) What would be the best way to use OAuth to achieve this sigle-sign on design? If OAuth is not the best tool, is there any other one out there that fits our requirements?

    Read the article

  • How to determine what invokes User Access Control restrictions?

    - by MX4399
    In a Delphi app intended to build an internet software update service for my software, the Windows 7 UAC system requests authorization from the user to run the exe.The following possible contentious/risk areas exist in the code: A named pipe server is created for communications TCP is used for FTP and HTTP SHGetSpecialFolderPath api call is used Before these items where added UAC did not activate, removing each in turn including all unit reference and then ending with the bare bones exe still causes the UAC event - so its not possible say what is causing it. On top of this Delphi 2007 now requires being launced as an administrator to launcg a debugging process for the app. Question 1 : How can I see what is causing this besides starting from scratch in a new exe - IOW is there a log somewhere I can check Question 2 : Will using a signed exe using authenticode still cause the UAC alert to show

    Read the article

  • How to make an Asp.net MVC 2 website have a Private Beta Mode.

    - by Mark Kitz
    I am creating an ASP.Net MVC website that I am launching soon in private beta. What I am using. ASP.NET MVC 2 ASP.NET Sql Membership Provider Authorization Attributes on ActionMethods. ex. [EditorsOnly] What I am trying to accomplish: During the private Beta period of my website, I want no anonymous users to access my site. Only Beta Testers of my site should be able to login and use my site as normal. After the private beta period people can access it using the security structure I already have set up. I am hoping I do not have to recompile but can have a setting in the webconfig to switch between Private Beta mode to Normal mode. Thanks for your suggestions.

    Read the article

  • Calling a WCF from ASP.NET with same the single-signon user LogonUserIdentity

    - by Dennis Cheung
    I have a ASP.NET MVC page, which call WCF logic. The system is single-signon using NTML. Both the ASP page and the WCF will use the UserIdentity to get user login information. Other then NTML, I will also have a Form based authorization (with AD) in same system. The ASP page, is it simple and I can have it from HttpContext.Current.Request.LogonUserIdentity. However, it seem it is missing from the WCF which call by the ASP, not from browser. How to configure to pass the ID pass from the ASP to the WCF?

    Read the article

  • How to create an object reference to a xaml page from App.xaml.cs codebehind?

    - by John K.
    Hi all, I have a Silverlight 4 Business Project where I have enabled the ASP.NET Authentication/Authorization role information. I would like to pass the currently authenticated user's account information from the app.xaml.cs codebehind to a different XAML page, but I have no idea how that is done, or if it's even possible. My goal is to databind the IsEnabled property of various buttons of my target XAML page, based on whether the current user is in a particular admin related role or not. The Application_UserLoaded event handler of app.xaml.cs seems to be the safest event handler to initiate this task because it fires only after the user's account information is loaded from the server. I had previously attempted to retrieve the current user information directly from my target XAML page, but I was never getting the current user information because Application_UserLoaded hadn't finished loading the current user info yet. public partial class App : Application { private void Application_UserLoaded(LoadUserOperation operation) { // How do you create an object reference to a XAML page from your project solution // from this event handler? } } Thanks in advance for any assistance, John

    Read the article

  • DotNetOpenAuth for previously authorized site

    - by Burke Holland
    I've had great luck with DotNetOpenAuth to do 3 legged authorization. Currently, I am connecting and pulling in some Google data. My question is that apparently, if you have already auth'd my web application to your Google account, when I call var accessTokenResponse = google.ProcessUserAuthorization(); It basically does nothing. How do I get the token for an account that has already auth'd my application? I see no callback of any kind. I'm chocking this up to my ignorance about OAuth in general.

    Read the article

  • Web services Authentication Jungle

    - by redben
    I have been doing some research lately about best approaches to authenticating web services calls (REST SOAP or whatever). But none of the Approaches convinced me... But i still can't a make a choise... Some talk about SSL and http basic authentication -login/password- which just seems weird for a machine (i mean having to assign a login/password to a machine, or is it not ?). Some others say API keys (seems like these scheme is more used for tracking and not realy for securing). Some say tokens (like session IDs) but shouldn't we stay stateless (especially if in REST style) ? In my use case, when a remote app is calling one of our web services, i have to authenticate the calling application obviously, and the call must - if applicable - tell me which user it impersonates so i can deal with authorization later. Any thoughts ?

    Read the article

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >