Search Results

Search found 1408 results on 57 pages for 'declarative authorization'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 46/57 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

  • Multiple Zend application code organisation

    - by user966936
    For the past year I have been working on a series of applications all based on the Zend framework and centered on a complex business logic that all applications must have access to even if they don't use all (easier than having multiple library folders for each application as they are all linked together with a common center). Without going into much detail about what the project is specifically about, I am looking for some input (as I am working on the project alone) on how I have "grouped" my code. I have tried to split it all up in such a way that it removes dependencies as much as possible. I'm trying to keep it as decoupled as I logically can, so in 12 months time when my time is up anyone else coming in can have no problem extending on what I have produced. Example structure: applicationStorage\ (contains all applications and associated data) applicationStorage\Applications\ (contains the applications themselves) applicationStorage\Applications\external\ (application grouping folder) (contains all external customer access applications) applicationStorage\Applications\external\site\ (main external customer access application) applicationStorage\Applications\external\site\Modules\ applicationStorage\Applications\external\site\Config\ applicationStorage\Applications\external\site\Layouts\ applicationStorage\Applications\external\site\ZendExtended\ (contains extended Zend classes specific to this application example: ZendExtended_Controller_Action extends zend_controller_Action ) applicationStorage\Applications\external\mobile\ (mobile external customer access application different workflow limited capabilities compared to full site version) applicationStorage\Applications\internal\ (application grouping folder) (contains all internal company applications) applicationStorage\Applications\internal\site\ (main internal application) applicationStorage\Applications\internal\mobile\ (mobile access has different flow and limited abilities compared to main site version) applicationStorage\Tests\ (contains PHP unit tests) applicationStorage\Library\ applicationStorage\Library\Service\ (contains all business logic, services and servicelocator; these are completely decoupled from Zend framework and rely on models' interfaces) applicationStorage\Library\Zend\ (Zend framework) applicationStorage\Library\Models\ (doesn't know services but is linked to Zend framework for DB operations; contains model interfaces and model datamappers for all business objects; examples include Iorder/IorderMapper, Iworksheet/IWorksheetMapper, Icustomer/IcustomerMapper) (Note: the Modules, Config, Layouts and ZendExtended folders are duplicated in each application folder; but i have omitted them as they are not required for my purposes.) For the library this contains all "universal" code. The Zend framework is at the heart of all applications, but I wanted my business logic to be Zend-framework-independent. All model and mapper interfaces have no public references to Zend_Db but actually wrap around it in private. So my hope is that in the future I will be able to rewrite the mappers and dbtables (containing a Models_DbTable_Abstract that extends Zend_Db_Table_Abstract) in order to decouple my business logic from the Zend framework if I want to move my business logic (services) to a non-Zend framework environment (maybe some other PHP framework). Using a serviceLocator and registering the required services within the bootstrap of each application, I can use different versions of the same service depending on the request and which application is being accessed. Example: all external applications will have a service_auth_External implementing service_auth_Interface registered. Same with internal aplications with Service_Auth_Internal implementing service_auth_Interface Service_Locator::getService('Auth'). I'm concerned I may be missing some possible problems with this. One I'm half-thinking about is a config.ini file for all externals, then a separate application config.ini overriding or adding to the global external config.ini. If anyone has any suggestions I would be greatly appreciative. I have used contextswitching for AJAX functions within the individual applications, but there is a big chance both external and internal will get web services created for them. Again, these will be separated due to authorization and different available services. \applicationstorage\Applications\internal\webservice \applicationstorage\Applications\external\webservice

    Read the article

  • Using oauth2_access_token to get connections in linkedIn

    - by Pedro
    I'm trying to get the connections in linkedIn using their API, but when I try to retrieve the connections I get a 401 unauthorized error. in the official documentation says You must use an access token to make an authenticated call on behalf of a user Make the API calls You can now use this access_token to make API calls on behalf of this user by appending "oauth2_access_token=access_token" at the end of the API call that you wish to make. The API call that I'm trying to do is the following Error -- http://api.linkedin.com/v1/people/~/connections:(id,headline,first-name,last-name)?format=json&oauth2_access_token=access_token I have tried to do it with the following endpoint without any problems. OK -- https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,date-of-birth,industry,email-address,location,headline,picture-urls::(original))?format=json&oauth2_access_token=access_token this list of endpoints for the connections API are described here http://developer.linkedin.com/documents/connections-api I just copied and pasted one endpoint from there, so the question is what's the problem with the endpoint for getting the connections? what am I missing? EDIT: for the preAuth Url I'm using https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=ConsumerKey&scope=r_fullprofile%20r_emailaddress%20r_network&state&state=NewGuid&redirect_uri=Encoded_Url https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=QueryString_Code&redirect_uri=EncodedCallback&client_id=ConsummerKey&client_secret=ConsumerSecret please find attached the login screen requesting the permissions EDIT2: Switched to https and worked like a charm!

    Read the article

  • MVC2 Apps (and others) sharing WCF services and authentication

    - by stupid-phil
    Hi, I've seen several similar scenarios explained here but not my particular one. I wonder if someone could tell me which direction to go in? I am developing two (and more later) MVC2 apps. There will also be another (thicker) client later on (WPF or Silverlight, TBD). These all need to share the same authentication. For the MVC2 apps they (preferably) need to be single log on - ie if a user logs in to one MVC2 app, they should be authorised on the other, as long as the cookie hasn't timed out. Forms authentication is to be used. All the apps need to use common business functionality and perform db access via a common WCF Service App. It would be nice (I think) if the WCF is not publicly accessible (ie blocked behind FW). The thicker client could use an additional service layer to access the Common WCF App. What this should look like is: MVCApp1 - WCFAppCommon MVCApp2 - WCFAppCommon ThickClient - WCFApp2 - WCFAppCommon Is it possible to carry out all the authentication/authorization in the WCFAppCommon? Otherwise I think I'll have to repeat all the security logic in the MVCApps and WCFApp2, whereas, to me, it seems to sit naturally in WCFAppCommon. On the otherhand, it seems if I authenticate/authorize in WCFAppCommon, I wouldn't be able to use Forms Authentication. Where I've seen possible solutions (that I haven't tried yet) they seem much more complex than Forms Authentication and a single DB. Any help appreciated, Phil

    Read the article

  • Permission denied: .hg\store\lock

    - by harpo
    This smells like a serverfault question, yet there are many similar questions here. Your call. I'm setting up Mercurial over IIS6, and thanks to a number of detailed blogs, it's working fine — almost. I can browse and clone the repositories fine, but this is what happens when I try to push: D:\sample2>hg push pushing to http://localhost/hg/sample2 searching for changes abort: HTTP Error 500: Permission denied: .hg\store\lock First of all, there is no such file or folder. Second, the App Pool's logon has total permission on the repository's parent directory, with these inherited ad infinitum. The repository is located on another logical drive (on the same machine), and if I push to it directly, that also works: D:\sample2>hg push e:\hg\sample2 pushing to e:\hg\sample2 searching for changes adding changesets adding manifests adding file changes added 1 changesets with 1 changes to 1 files If I change the password in my hgrc, the message indicates a failed authorization, so I believe that's working. I've been fighting this for a couple of days, so any leads would be helpful. Thanks!

    Read the article

  • Websphere 7 simple realm (like tomcat-users.xml)

    - by Heavy Bytes
    I am trying to port a J2EE app from Tomcat to Websphere and I'm not too familiar with Websphere. The only problem I am having is authorization (I use basic-authentication in my web.xml). In Tomcat I use the tomcat-users.xml file to define my users/passwords and to what roles they belong. How do I do this "simply" in Websphere? When deploying the EAR to Websphere it also asks me to map my role from web.xml to a user or group. Do I have to set up some sort of realm? Custom user registry? Thanks. UPDATE: I configured a Standalone custom registry, however I can't get a log-in prompt for username/password. It works just fine in Tomcat, and it doesn't in Websphere. Code from web.xml <security-constraint> <web-resource-collection> <web-resource-name>basic-auth security</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>HELLO_USER</role-name> </auth-constraint> <user-data-constraint>NONE</user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>HELLO_USER</role-name> </security-role>

    Read the article

  • WCF/MSMQ Transport Security with Certificates

    - by user104295
    Hi there, my goal is to secure the communication between MSMQ Queue Managers – I don’t want unknown clients sending messages to my MSMQ server. I have spent many hours now trying to get Transport security working for the net.msmq binding in WCF, where MSMQ is in Workgroup mode and the client and server do not have Active Directory… so I’m using certificates. I have created a new X.509 certificate, called Kristan and put it into the “Trusted people” store on the server and into the My store of Current User of the client. The error I’m getting is: An error occurred while sending to the queue: Unrecognized error -1072824272 (0xc00e0030).Ensure that MSMQ is installed and running. If you are sending to a local queue, ensure the queue exists with the required access mode and authorization. Using smartsniff, I see that there’s no attempted connection with the remote MSMQ, however, it’s an error probably coming from the local queue manager. The stack trace is: at System.ServiceModel.Channels.MsmqOutputChannel.OnSend(Message message, TimeSpan timeout) at System.ServiceModel.Channels.OutputChannel.Send(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.OutputChannelBinder.Send(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) The code:- EndpointAddress endpointAddress = new EndpointAddress(new Uri(endPointAddress)); NetMsmqBinding clientBinding = new NetMsmqBinding(); clientBinding.Security.Mode = NetMsmqSecurityMode.Transport; clientBinding.Security.Transport.MsmqAuthenticationMode = MsmqAuthenticationMode.Certificate; clientBinding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign; clientBinding.ExactlyOnce = false; clientBinding.UseActiveDirectory = false; // start new var channelFactory = new ChannelFactory<IAsyncImportApi>(clientBinding, endpointAddress); channelFactory.Credentials.ClientCertificate.SetCertificate("CN=Kristan", StoreLocation.CurrentUser, StoreName.My); The queue is flagged as ‘Authenticated’ on the server. I have checked the effect of this and if I turn off all security in the client send, then I get ‘Signature is invalid’ – which is understandable and shows that it’s definitely looking for a sig. Are there are special ports that I need to check are open for cert-based msmq auth? thanks Kris

    Read the article

  • Having problems with uploading photos to TwitPic using OAuth in Objective C on the iPhone

    - by M. Bedi
    I have been working on an iPhone app that has a feature of uploading photos to TwitPic. I have it working with basic authentication. I am trying to get it working with OAuth. I am getting authentication errors. I have studied very carefully the TwitPic documentation. I am authorising the app by displaying a UI Web View and the it returns a PIN value. I enter the PIN value in the app and request the token. I am able to upload status updates to Twitter but not photos. My code is based on some example code from here: Example iPhone app using OAuth Here is my code: NSString *url = @"http://api.twitpic.com/2/upload.json"; NSString *oauth_header = [oAuth oAuthHeaderForMethod:@"POST" andUrl:url andParams:nil]; NSLog(@"OAuth header : %@\n\n", oauth_header); ASIFormDataRequest *request = [ASIFormDataRequest requestWithURL:[NSURL URLWithString:url]]; [request addRequestHeader:@"User-Agent" value:@"ASIHTTPRequest"]; request.requestMethod = @"POST"; [request addRequestHeader:@"X-Auth-Service-Provider" value:@"https://api.twitter.com/1/account/verify_credentials.json"]; [request addRequestHeader:@"X-Verify-Credentials-Authorization" value:oauth_header]; NSData *imageRepresentation = UIImageJPEGRepresentation(imageToUpload, 0.8); [request setData:imageRepresentation forKey:@"media"]; [request setPostValue:@"Some Message" forKey:@"message"]; [request setPostValue:TWITPIC_API_KEY forKey:@"key"]; [request setDelegate:self]; [request setDidFinishSelector:@selector(requestDone:)]; [request setDidFailSelector:@selector(requestFailed:)]; [request start]; Here is the OAuth Header: OAuth realm="http://api.twitter.com/", oauth_timestamp="1275492425", oauth_nonce="b686f20a18ba6763ac52b689b2ac0c421a9e4013", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="zNbW3Xi3MuS7i9cpz6fw", oauth_version="1.0", oauth_token="147275699-jmrjpwk3B6mO2FX2BCc9Ci9CRBbBKYW1bOni2MYs", oauth_signature="d17HImz6VgygZgbcp845CD2qNnI%3D"

    Read the article

  • why does Integrated Windows Authentication fail when clients access off the network

    - by Bryan
    My background is not with web applications so this problem is hard for me to explain easily. First I'll try to describe the setup. Client setup:-Only browser that is effected is IE 6-8 (Firefox, chrome, opera, and safari all work fine) -A user will try to access our web application from a company laptop that is not connected to our network. -This machine will be a member of our workgroup and have the company DNS listed as a trusted intranet site. (to which the application in question would be a member) -The security logon mode is set to Automatic Logon only in intranet zone only, and IWA authentication is enabled on the clients browser.Server setup:-Windows server 2003 fp2-The application will first redirect to an Authorization asp page which has anonymous access disabled and IWA enabled in IIS.what should happen is that, since the client is not currently on the network, when this page is called it should prompt the user for network credentials. But with IE, instead of prompting, the user gets a page cannot be displayed error because the IIS manager is denying access to the asp page. If the company DNS is removed from the trusted intranet site list then it prompts correctly but disables single sign on the next time that computer is connected to the network or vpn. My assumption is that since IE uses IWA and the site is listed as an internal site, when no network is found IE just sends nulls to the server attempting to authenticate which is swiftly punted back. Other browsers do not have security zones so when network credentials are not present the server prompts for them. Is there a way to get around this so that our clients can keep the company DNS in the intranet zone but still have the server prompt for credentials when not on the network? Any attempt to allow for anonymous access on the asp page, as far as I know, will cause AUTH_USER to return null and again break SSO. I realize this is slightly rambling so I will do my best to clarify and questions you guys might have. Thanks in advance.

    Read the article

  • spring security login pages?

    - by es11
    I have some confusion with how spring security works: In my application, I need to have a login page for users after which they are redirected back the page from where they came. I went through a few spring security tutorials and read some articles, and the examples work by securing a certain page on a site (managed by the <intercept url ..> tag). Then Spring security will generate a login page (or you can specify your own) in order to access the secured page. I am confused because I don't want to necessary secure a given page on my site: I want a login page for users to log into after which they have access to elevated features of the site (through spring security's authorization features). My question is: given what I described, what would be the strategy to create this login page which, after login, would grant the logged in user the appropriate authorities? The hack I thought of would be to create a simple JSP page who's only function is to redirect back to the previous page. Then I would use Spring Security to secure that JSP page. But it seems like there should be a better way of doing this... Thanks

    Read the article

  • using wget against protected site with NTLM

    - by Joey V.
    Trying to mirror a local intranet site and have found previous questions using 'wget'. It works great with sites that are anonymous, but I have not been able to use it against a site that is expecting username\password (IIS with Integrated Windows Authentication). Here is what I pass in: wget -c --http-user='domain\user' --http-password=pwd http://local/site -dv Here is the debug output (note I replaced some with dummy values obviously): Setting --verbose (verbose) to 1 DEBUG output created by Wget 1.11.4 on Windows-MSVC. --2009-07-14 09:39:04-- http://local/site Host `local' has not issued a general basic challenge. Resolving local... seconds 0.00, x.x.x.x Caching local = x.x.x.x Connecting to local|x.x.x.x|:80... seconds 0.00, connected. Created socket 1896. Releasing 0x003e32b0 (new refcount 1). ---request begin--- GET /site/ HTTP/1.0 User-Agent: Wget/1.11.4 Accept: */* Host: local Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 401 Access Denied Server: Microsoft-IIS/5.1 Date: Tue, 14 Jul 2009 13:39:04 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 4431 Content-Type: text/html ---response end--- 401 Access Denied Closed fd 1896 Unknown authentication scheme. Authorization failed.

    Read the article

  • WebDav And Exchange2007 HTTP1.1 404 Ressource not Found!

    - by adrien
    i have Exchange2007. and i am using the url: "https://exchange2007.exchange.server.com/Exchange/username/calendar"; 'calendar', or 'mailbox'( in your language! example, "boite de reception" in french or "calendário" in portuguese) with that url that i'm using i can list my ressources, but can't send a mail or write an appointement! why?!? See that i get a response of the server 207multistatus and ok, but the return a HTTP/1.1 404 Resource Not Found i wish a 201 created!!! (for my appointement) someone have better ideia ? thx. Console: >>>>>>> to server --------------------------------------------------- PROPPATCH /Exchange/marcelo/calend%C3%A1rio HTTP/1.1 Authorization: Basic bWFyY2Vsb0BleGNoYW5nZTptdXN0YWZhMSQ= Content-Type: text/xml; charset=utf-8 User-Agent: Jakarta Commons-HttpClient/2.0final Host: exchange2007.exchange.snap.com.br Content-Length: 1407 <D:propertyupdate xmlns:D="DAV:"> <D:set> <D:prop> <mapi xmlns="xmlns"> http://schemas.microsoft.com/mapi/ </mapi> <Cmd xmlns="urn:"> saveappt </Cmd> <dtEnd xmlns="urn:schemas:calendar"> 2009-06-30T10:30:00.000Z </dtEnd> <contentclass xmlns="DAV"> urn:content-classes:Appointment </contentclass> <Subject xmlns="urn:schemas:httpmail"> Changed Test Appointment Subject </Subject> <Location xmlns="urn:schemas:calendar"> do </Location> <responserequested xmlns="urn:schemas:calendar"> 0 </responserequested> <saveappt xmlns="urn:schemas:calendar:cmd"> 1 </saveappt> <ressource xmlns="DAV"> https://exchange2007.exchange.snap.com.br/Exchange/marcelo/calendárioassuntoteste.EML </ressource> <alldayevent xmlns="urn:schemas:calendar"> 0 </alldayevent> <to xmlns="urn:schemas:header"> adrien </to> <dtStart xmlns="urn:schemas:calendar"> 2009-06-30T10:00:00.000Z </dtStart> <isfolder xmlns="DAV"> 0 </isfolder> <cmd xmlns="Cmd"> saveappt </cmd> <HtmlDescription xmlns="urn:schemas:httpmail"> Let's meet here </HtmlDescription> <outlookmessageclass xmlns="http://schemas.microsoft.com/exchange/subject-utf8=Appointment"> IPM.Appointement </outlookmessageclass> <instancetype xmlns="urn:schemas:calendar"> 0 </instancetype> <meetingstatus xmlns="urn:schemas:calendar"> CONFIRMED </meetingstatus> <finvited xmlns="urn:schemas:mapi"> 0 </finvited> <BusyType xmlns="urn:schemas:calendar"> BUSY </BusyType> </D:prop> </D:set> </D:propertyupdate> ------------------------------------------------------------------------ <<<<<<< from server --------------------------------------------------- HTTP/1.1 207 Multi-Status Date: Thu, 16 Jul 2009 20:29:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MS-Exchange-Permanent-URL: https://exchange2007.exchange.snap.com.br/Exchange/marcelo/-FlatUrlSpace-/b3ee92320938254c828a96e2e269a417-a6271d Repl-UID: <rid:b3ee92320938254c828a96e2e269a417000000a6282e> Content-Type: text/xml Content-Length: 825 ResourceTag: <rt:b3ee92320938254c828a96e2e269a417000000a6282eb3ee92320938254c828a96e2e269a41700545bb4844c> MS-WebStorage: 08.01.10240 <a:multistatus xmlns:a="DAV:" xmlns:b="xmlns" xmlns:c="urn:" xmlns:d="urn:schemas:calendar" xmlns:e="DAV" xmlns:f="urn:schemas:httpmail" xmlns:g="urn:schemas:calendar:cmd" xmlns:h="urn:schemas:header" xmlns:i="Cmd" xmlns:j="http://schemas.microsoft.com/exchange/subject-utf8=Appointment" xmlns:k="urn:schemas:mapi"> <a:response> <a:href> https://exchange2007.exchange.snap.com.br/Exchange/marcelo/Calend%C3%A1rio </a:href> <a:propstat> <a:status> HTTP/1.1 200 OK </a:status> <a:prop> <b:mapi> </b:mapi> <c:Cmd> </c:Cmd> <d:dtEnd> </d:dtEnd> <e:contentclass> </e:contentclass> <f:Subject> </f:Subject> <d:Location> </d:Location> <d:responserequested> </d:responserequested> <g:saveappt> </g:saveappt> <e:ressource> </e:ressource> <d:alldayevent> </d:alldayevent> <h:to> </h:to> <d:dtStart> </d:dtStart> <e:isfolder> </e:isfolder> <i:cmd> </i:cmd> <f:HtmlDescription> </f:HtmlDescription> <j:outlookmessageclass> </j:outlookmessageclass> <d:instancetype> </d:instancetype> <d:meetingstatus> </d:meetingstatus> <k:finvited> </k:finvited> <d:BusyType> </d:BusyType> </a:prop> </a:propstat> </a:response> </a:multistatus> ------------------------------------------------------------------------ >>>>>>> to server --------------------------------------------------- PROPFIND /Exchange/marcelo/calend%C3%A1rio HTTP/1.1 Authorization: Basic bWFyY2Vsb0BleGNoYW5nZTptdXN0YWZhMSQ= Content-Type: text/xml; charset=utf-8 User-Agent: Jakarta Commons-HttpClient/2.0final Host: exchange2007.exchange.snap.com.br Content-Length: 207 Depth: 0 <D:propfind xmlns:D="DAV:"> <D:prop> <D:displayname> </D:displayname> <D:getcontentlength> </D:getcontentlength> <D:getcontenttype> </D:getcontenttype> <D:resourcetype> </D:resourcetype> <D:getlastmodified> </D:getlastmodified> <D:lockdiscovery> </D:lockdiscovery> </D:prop> </D:propfind> ------------------------------------------------------------------------ <<<<<<< from server --------------------------------------------------- HTTP/1.1 207 Multi-Status Date: Thu, 16 Jul 2009 20:29:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: text/xml Accept-Ranges: rows MS-WebStorage: 08.01.10240 Transfer-Encoding: chunked <a:multistatus xmlns:a="DAV:" xmlns:b="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" xmlns:c="xml:"> <a:response> <a:href> https://exchange2007.exchange.snap.com.br/Exchange/marcelo/Calend%C3%A1rio/ </a:href> <a:propstat> <a:status> HTTP/1.1 200 OK </a:status> <a:prop> <a:displayname> Calendário </a:displayname> <a:getcontentlength b:dt="int"> 0 </a:getcontentlength> <a:resourcetype> <a:collection> </a:collection> </a:resourcetype> <a:getlastmodified b:dt="dateTime.tz"> 2009-07-16T20:29:40.098Z </a:getlastmodified> <lockdiscovery xmlns="DAV:"> </lockdiscovery> </a:prop> </a:propstat> <a:propstat> <a:status> HTTP/1.1 404 Resource Not Found </a:status> <a:prop> <a:getcontenttype> </a:getcontenttype> </a:prop> </a:propstat> </a:response> </a:multistatus>

    Read the article

  • A question about paypal IPN

    - by user304828
    i download sample code from https://cms.paypal.com/cms_content/US/en_US/files/developer/nvp_DoDirectPayment_php.txt run and get TIMESTAMP=2010%2d05%2d11T04%3a42%3a06Z&CORRELATIONID=ac15852d1e958&ACK=Failure&VERSION=51%2e0&BUILD=1268624&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error' (length=233) what is problem ? api username ? api pass ? signature or anything else ? this infor i fill in source code: // Set request-specific fields. $paymentType = urlencode('Authorization'); // or 'Sale' $firstName = urlencode('Nguyen'); $lastName = urlencode('Quang Trung'); $creditCardType = urlencode('Visa'); $creditCardNumber = urlencode(' 4111111111111111'); $expDateMonth = '04'; // Month must be padded with leading zero $padDateMonth = urlencode(str_pad($expDateMonth, 2, '0', STR_PAD_LEFT)); $expDateYear = urlencode('2015'); $cvv2Number = urlencode('5360 '); $address1 = urlencode('ha noi'); $address2 = urlencode('hcm'); $city = urlencode('ha noi'); $state = urlencode('ha noi state'); $zip = urlencode('84'); $country = urlencode('viet nam'); // US or other valid country code $amount = urlencode('900'); $currencyID = urlencode('USD'); // or other currency ('GBP', 'EUR', 'JPY', 'CAD', 'AUD')

    Read the article

  • ASP.NET MVC - Entending the Authorize Attribute

    - by Mad Halfling
    Hi folks, currently I use [Authorize(Roles = ".....")] to secure my controller actions on my ASP.NET MVC 1 app, and this works fine. However, certain search views need to have buttons that route to these actions that need to be enabled/disabled based on the record selected on the search list, and also the security privs of the user logged in. Therefore I think I need to have a class accessing a DB table which cross-references these target controller/actions with application roles to determine the state of these buttons. This will, obviously, make things messy as privs will need to be maintained in 2 places - in that class/DB table and also on the controller actions (plus, if I want to change the access to the action I will have to change the code and compile rather than just change a DB table entry). Ideally I would like to extend the [Authorize] functionality so that instead of having to specify the roles in the [Authorize] code, it will query the security class based on the user, controller and action and that will then return a boolean allowing or denying access. Are there any good articles on this - I can't imagine it's an unusual thing to want to do, but I seem to be struggling to find anything on how to do it (could be Monday-morning brain). I've started some code doing this, looking at article http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/ , and it seems to be starting off ok but I can't find the "correct" way to get the calling controller and action values from the httpContext - I could possibly fudge a bit of code to extract them from the request url, but that doesn't seem right to me and I'd rather do it properly. Cheers MH

    Read the article

  • ASP.NET MVC and WCF

    - by Michael Stum
    I'm working my way into MVC at the moment, but on my "To learn at some point" list, I also have WCF. I just wonder if WCF is something that should/could be used in an MVC Application or not? The Background is that I want a Desktop Application (.NET 3.5, WPF) interact with my MVC Web Site, and I wonder what the best way to transfer data between the two is. Should I just use special Views/have the controllers return JSON or XML (using the ContentResult)? And maybe even more important, for the other way round, could I just call special controllers? Not sure how Authorization would work in such a context. I can either use Windows Authentication or (if the Site is running forms authentication) have the user store his/her credentials in the application, but I would then essentially create a HTTP Client in my Application. So while MVC = Application seems really easy, Application = MVC does seem to be somewhat tricky and a possible use for WCF? I'm not trying to brute-force WCF in this, but I just wonder if there is indeed a good use case for WCF in an MVC application.

    Read the article

  • Connect to a site using proxy code in java

    - by Nithin
    I want to connect to as site through proxy in java.This is the code which I have written public class ConnectThroughProxy { Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxy ip", 8080)); public static void main(String[] args) { try{ URL url = new URL("http://www.rgagnon.com/javadetails/java-0085.html"); URLConnection connection=url.openConnection(); String encoded = new String(Base64.encode(new String("user_name:pass_word").getBytes())); connection.setDoOutput(true); connection.setRequestProperty("Proxy-Authorization","Basic "+encoded); String page=""; String line; StringBuffer tmp = new StringBuffer(); BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream())); while ((line=in.readLine()) != null){ page.concat(line + "\n"); } System.out.println(page); }catch(Exception ex){ ex.printStackTrace(); } } while trying to run this code it throws the following error java.lang.IllegalArgumentException: Illegal character(s) in message header value: Basic dXNlcl9uYW1lOnBhc3Nfd29yZA== at sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:323) at sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:2054) at test.ConnectThroughProxy.main(ConnectThroughProxy.java:30) Any Idea how to do it.

    Read the article

  • How do you Access an Authenticated Google App Engine Service with Ruby?

    - by viatropos
    I am trying to do this same thing here but with Ruby: Access Authenticated GAE Client with Python. Any ideas how to retrieve authenticated content from GAE with Ruby? I am using the Ruby GData Gem to access everything in Google Docs and such and it's making life very easy, but now I'd like to access things on GAE that require admin access, programmatically, and it doesn't support that. Here's what I'm getting (using DocList, not sure what to use yet): c = GData::Client::DocList.new c.clientlogin(username, password, nil, nil, nil, "HOSTED") c => #<GData::Client::DocList:0x201bad8 @clientlogin_service="writely", @version="2", @auth_handler=#<GData::Auth::ClientLogin:0x200803c @account_type="HOSTED", @token="long-hash", @auth_url="https://www.google.com/accounts/ClientLogin", @service="writely">, @source="AnonymousApp", @headers={"Authorization"=>"GoogleLogin auth=long-hash", "User-Agent"=>"GoogleDataRubyUtil-AnonymousApp", "GData-Version"=>"2", "Content-Type"=>"application/atom+xml"}, @authsub_scope="http://docs.google.com/feeds/", @http_service=GData::HTTP::DefaultService> url = "http://my-cdn.appspot.com/files/restricted-file.html" c.get(url) => #<GData::HTTP::Response:0x20004b8 @status_code=302, @body="", @headers={"connection"=>"close", "date"=>"Sun, 11 Apr 2010 00:30:20 GMT", "content-type"=>"text/html", "server"=>"Google Frontend", "content-length"=>"0", "location"=>"https://www.google.com/accounts/ServiceLogin service=ah&continue=http://my-cdn.appspot.com/_ah/login%3Fcontinue%3D http://my-cdn.appspot.com/files/restricted-file.html& ltmpl=gm&ahname=My+CDN&sig=a-signature"}> Any tips? That other SO question pointed to doing something with the redirect... Not sure how to handle that. Just looking for a point in the right direction from the ruby experts. Thanks.

    Read the article

  • How to handle custom Java exception in Flex app.

    - by mico
    Hello, we are using BlazeDS as a proxy between Flex and Java. The approach is the same as in (http://www.flexpasta.com/index.php/2008/05/16/exception-handling-with-blazeds-and-flex/) Java exception declaration: public class FlexException extends RuntimeException { private String name = 'John'; public FlexException(String message) { super(message); } public String getName() { return name; } } Then, we are throwing it: public void testMethod(String str) throws Exception { throw new FlexException("Custom exception"); } Flex part: private function faultHandler(event:FaultEvent):void { var errorMessage:ErrorMessage = event.message as ErrorMessage; trace("error++"); } and remote object is instantiated here: <mx:RemoteObject id="mySample" destination="mySample" channelSet="{cs1}" fault="faultHandler(event)" /> But in event.fault I get "Server.Processing" and event.faultString equals "There was an unhandled failure on the server. Custom exception" How can I receive the data is specified in exception props ? BlazeDS log is similar to the log that was mentioned in the comment [BlazeDS] 11:28:13.906 [DEBUG] Serializing AMF/HTTP response Version: 3 (Message #0 targetURI=/2/onStatus, responseUR|-) (Typed Object #0 ‘flex.messaging.messages.ErrorMessage’) headers = (Object #1) rootCause = null body = null correlationId = “2F1126D7-5658-BE40-E27C-7B43F3C5DCDD” faultDetail = null faultString = “Login required before authorization can proceed.” clientId = “C4F0E77C-3208-ECDD-1497-B8D070884830? timeToLive = 0.0 destination = “books” timestamp = 1.204658893906E12 extendedData = null faultCode = “Client.Authentication” messageId = “C4F0E77C-321E-6FCE-E17D-D9F1C16600A8? So the quesion is why rootClause is null? How can I get that Exception object not just a string 'Custom exception'?

    Read the article

  • Bitbucket API authentication with Python's HTTPBasicAuthHandler

    - by jbochi
    I'm trying to get the list of issues on a private repository using bitbucket's API. I have confirmed that HTTP Basic authentication works with hurl, but I am unable to authenticate in Python. Adapting the code from this tutorial, I have written the following script. import cookielib import urllib2 class API(): api_url = 'http://api.bitbucket.org/1.0/' def __init__(self, username, password): self._opener = self._create_opener(username, password) def _create_opener(self, username, password): cj = cookielib.LWPCookieJar() cookie_handler = urllib2.HTTPCookieProcessor(cj) password_manager = urllib2.HTTPPasswordMgrWithDefaultRealm() password_manager.add_password(None, self.api_url, username, password) auth_handler = urllib2.HTTPBasicAuthHandler(password_manager) opener = urllib2.build_opener(cookie_handler, auth_handler) return opener def get_issues(self, username, repository): query_url = self.api_url + 'repositories/%s/%s/issues/' % (username, repository) try: handler = self._opener.open(query_url) except urllib2.HTTPError, e: print e.headers raise e return handler.read() api = API(username='my_username', password='XXXXXXXX') api.get_issues('my_username', 'my_repository') results in: >>> Server: nginx/0.7.62 Date: Mon, 19 Apr 2010 16:15:06 GMT Content-Type: text/plain Connection: close Vary: Authorization,Cookie Content-Length: 9 Traceback (most recent call last): File "C:/USERS/personal/bitbucket-burndown/bitbucket-api.py", line 29, in <module> print api.get_issues('my_username', 'my_repository') File "C:/USERS/personal/bitbucket-burndown/bitbucket-api.py", line 25, in get_issues raise e HTTPError: HTTP Error 401: UNAUTHORIZED api.get_issues('jespern', 'bitbucket') works like a charm. What's wrong with my code?

    Read the article

  • Changing URI suffix in Joomla when adding child php pages

    - by Sleem
    I have added a new directory in my joomla website: http://sitedomain.tld/xxx/ then I have added index.php in that directory here is the code define( '_JEXEC', 1 ); define('JPATH_BASE', '..' ); define( 'DS', DIRECTORY_SEPARATOR ); require_once ( '../includes/defines.php' ); require_once ( '../includes/framework.php' ); //JDEBUG ? $_PROFILER->mark( 'afterLoad' ) : null; /** * CREATE THE APPLICATION * * NOTE : */ $mainframe =& JFactory::getApplication('site'); $template_name = $mainframe->getTemplate();; $mainframe->initialise(); JPluginHelper::importPlugin('system'); /** * ROUTE THE APPLICATION * * NOTE : */ $mainframe->route(); // authorization $Itemid = JRequest::getInt( 'Itemid'); $mainframe->authorize($Itemid); // trigger the onAfterRoute events //JDEBUG ? $_PROFILER->mark('afterRoute') : null; //$mainframe->triggerEvent('onAfterRoute'); /** * DISPATCH THE APPLICATION * * NOTE : */ $option = JRequest::getCmd('option'); //$mainframe->dispatch($option); // trigger the onAfterDispatch events //JDEBUG ? $_PROFILER->mark('afterDispatch') : null; //$mainframe->triggerEvent('onAfterDispatch'); /** * RENDER THE APPLICATION * * NOTE : */ $mainframe->render(); /** * RETURN THE RESPONSE */ var_dump($document->getHeadData()); echo JResponse::toString($mainframe->getCfg('gzip')); sdwdwd wdwd When I view this page in the browser, all the dynamic links like CSS, JS and images were suffixed by the /xxx/ path which make them broken ! How can I drop this suffix or how do I change this suffix from /xxx to / to it points to the original files location? I have tried setting the JDocument::setBase and also tried to play with the JURI object and changed its _path and _uri without any change Thanks

    Read the article

  • Magento - Authorize.net - Get Payment Update for expired transactions

    - by pspahn
    Magento 1.6.1 I have set up Authorize.net (AIM) for the client's store. Previously they were using saved CC method and entering information manually in Authorize.net's merchant terminal. Most of it is working as expected, however for transactions that are flagged as 'Suspected Fraud' by Authorize.net, if the client does not update the transaction manually before the authorization expires, using 'Get Payment Update' in Magento fails because the transaction is expired (I believe it's five days for an authorize only transaction). For the client, it seems the only way to update this order in Magento is to simply delete the order, as it doesn't appear the Paygate model knows about expired transactions. Performing 'Get Payment Update' simply returns 'There is no update for this payment'. I have already modified the file: /app/code/core/Mage/Paygate/Model/Authorize.net to have the correct API URL as described in issue #27117 ( http://www.magentocommerce.com/bug-tracking/issue?issue=12991 - must be logged in to view ). This resolved the button not working for all other orders; however this does not fix the issue I am describing. Is anyone familiar with Authorize.net's AIM API so that we can update these orders in Magento to something that makes sense (canceled, etc.) without having to delete the order? I am thinking it should be a case of adding a new order status to Magento, checking the update for an 'Expired' status, and setting the order to the newly created order status. -- edit -- I just ran a diff for the file mentioned above and noticed that Magento 1.7.0.2 includes the _isTransactionExpired() method which seems like it would be the fix. Can it be as simple as updating this model with the newer version?

    Read the article

  • httprequest handle time delays till having response

    - by bourax webmaster
    I have an application that calls a function to send JSON object to a REST API, my problem is how can I handle time delays and repeat this function till i have a response from the server in case of interrupted network connexion ?? I try to use the Handler but i don't know how to stop it when i get a response !!! here's my function that is called when button clicked : protected void sendJson(final String name, final String email, final String homepage,final Long unixTime,final String bundleId) { Thread t = new Thread() { public void run() { Looper.prepare(); //For Preparing Message Pool for the child Thread HttpClient client = new DefaultHttpClient(); HttpConnectionParams.setConnectionTimeout(client.getParams(), 10000); //Timeout Limit HttpResponse response; JSONObject json = new JSONObject(); //creating meta object JSONObject metaJson = new JSONObject(); try { HttpPost post = new HttpPost("http://util.trademob.com:5000/cards"); metaJson.put("time", unixTime); metaJson.put("bundleId", bundleId); json.put("name", name); json.put("email", email); json.put("homepage", homepage); //add the meta in the root object json.put("meta", metaJson); StringEntity se = new StringEntity( json.toString()); se.setContentType(new BasicHeader(HTTP.CONTENT_TYPE, "application/json")); post.setEntity(se); String authorizationString = "Basic " + Base64.encodeToString( ("tester" + ":" + "tm-sdktest").getBytes(), Base64.NO_WRAP); //Base64.NO_WRAP flag post.setHeader("Authorization", authorizationString); response = client.execute(post); String temp = EntityUtils.toString(response.getEntity()); Toast.makeText(getApplicationContext(), temp, Toast.LENGTH_LONG).show(); } catch(Exception e) { e.printStackTrace(); } Looper.loop(); //Loop in the message queue } }; t.start(); }

    Read the article

  • Google Reader API with Objective-C - Problem getting token

    - by JustinXXVII
    I am able to successfully get the SID (SessionID) for my Google Reader account. In order to obtain the feed and do other operations inside Google Reader, you have to obtain an authorization token. I'm having trouble doing this. Can someone shed some light? //Create a cookie to append to the GET request NSDictionary *cookieDictionary = [NSDictionary dictionaryWithObjectsAndKeys:@"SID",@"NSHTTPCookieName",self.sessionID,@"NSHTTPCookieValue",@".google.com",@"NSHTTPCookieDomain",@"/",@"NSHTTPCookiePath",@"NSHTTPCookieExpires",@"160000000000",nil]; NSHTTPCookie *authCookie = [NSHTTPCookie cookieWithProperties:cookieDictionary]; //The URL to obtain the Token from NSURL *tokenURL = [NSURL URLWithString:@"http://www.google.com/reader/api/0/token"]; NSMutableURLRequest *tokenRequest = [NSMutableURLRequest requestWithURL:tokenURL]; //Not sure if this is right: add cookie to array, extract the headers from the cookie inside the array...? [tokenRequest setAllHTTPHeaderFields:[NSHTTPCookie requestHeaderFieldsWithCookies:[NSArray arrayWithObjects:authCookie,nil]]]; //This gives me an Error 403 Forbidden in the didReceiveResponse of the delegate [NSURLConnection connectionWithRequest:tokenRequest delegate:self]; I get a 403 Forbidden error as the response from Google. I'm probably not doing it right. I set the dictionary values according to the documentation for NSHTTPCookie.

    Read the article

  • MultipartFormDataContent Access to patch xx is denied

    - by Florian Schaal
    So I'm trying to upload a pdf file to a restapi. For some reason I the application cant get access to the files on my pc. The code im using to upload: public void Upload(string token, string FileName, string FileLocation, string Name, int TypeId, int AddressId, string CompanyName, string StreetNr, string Zip, string City, string CountryCode, string CustomFieldName, string CustomFieldValue) { var client = new HttpClient(); client.BaseAddress = _API.baseAddress; //upload a new form client.DefaultRequestHeaders.Date = DateTime.Now; client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token); using (var multiPartContent = new MultipartFormDataContent()) { //get te bytes from a file byte[] pdfData; using (var pdf = new FileStream(@FileLocation, FileMode.Open))//Here i get the error. { pdfData = new byte[pdf.Length]; pdf.Read(pdfData, 0, (int)pdf.Length); } var fileContent = new ByteArrayContent(pdfData); fileContent.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment") { FileName = FileName + ".pdf" }; //add the bytes to the multipart message multiPartContent.Add(fileContent); //make a json message var json = new FormRest { Name = Name, TypeId = TypeId, AddressId = AddressId, CompanyName = CompanyName, StreetNr = StreetNr, Zip = Zip, City = City, CountryCode = CountryCode, CustomFields = new List<CustomFieldRest> { new CustomFieldRest {Name = CustomFieldName, Value = CustomFieldValue} } }; var Content = new JsonContent(json); //add the json message to the multipart message multiPartContent.Add(Content); var result = client.PostAsync("forms", multiPartContent).Result; } } }

    Read the article

  • How to get "AuthSub " token in C#? For google APPS Contacts ?

    - by Pari
    Hi, I fount this code on net : HttpWebRequest update = (HttpWebRequest)WebRequest.Create(**editUrl** ); // editUrl is a string containing the contact's edit URL update.Method = "PUT"; update.ContentType = "application/atom+xml"; update.Headers.Add(HttpRequestHeader.Authorization, "GoogleLogin auth=" + **AuthToken**); update.Headers.Add(HttpRequestHeader.IfMatch, **etag**); // etag is a string containing the <entry> element's gd:etag attribute value update.Headers.Add("GData-Version", "3.0"); Stream streamRequest = update.GetRequestStream(); StreamWriter streamWriter = new StreamWriter(streamRequest, Encoding.UTF8); streamWriter.Write(entry); // entry is the string representation of the atom entry to update streamWriter.Close(); WebResponse response = update.GetResponse(); But here i am not getting what to put in " editurl" , "AuthToken" and "Etag". a) I studied abt "AuthToken" from this Link .But not getting how to create it? Can anyone help me out here? b) Also not getting " editurl" and "Etag". I am trying to use this method to Migrate my contacts to Google Apps. Thanx

    Read the article

  • I am Unable to Post Xml to Linkedin Share API

    - by Vijesh V.Nair
    I am using Delphi 2010, with Indy 10.5.8(svn version) and oAuth.pas from chuckbeasley. I am able to collect token with app key and App secret, authorize token with a web page and Access the final token. Now I have to post a status with Linkedin’s Share API. I am getting a unauthorized response. My request and responses are giving bellow. Request, POST /v1/people/~/shares HTTP/1.0 Content-Encoding: utf-8 Content-Type: text/xml; charset=us-ascii Content-Length: 999 Authorization: OAuth oauth_consumer_key="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340438599",oauth_nonce="BB4C78E0A6EB452BEE0FAA2C3F921FC4",oauth_version="1.0",oauth_token="xxx",oauth_signature="Pz8%2FPz8%2FPz9ePzkxPyc%2FDD82Pz8%3D" Host: api.linkedin.com Accept: text/html, */* Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library) %3C%3Fxml+version=%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%253Cshare%253E%253Ccomment%253E83%2525%2520of%2520employers%2520will%2520use%2520social%2520media%2520to%2520hire%253A%252078%2525%2520LinkedIn%252C%252055%2525%2520Facebook%252C%252045%2525%2520Twitter%2520%255BSF%2520Biz%2520Times%255D%2520http%253A%252F%252Fbit.ly%252FcCpeOD%253C%252Fcomment%253E%253Ccontent%253E%253Ctitle%253ESurvey%253A%2520Social%2520networks%2520top%2520hiring%2520tool%2520-%2520San%2520Francisco%2520Business%2520Times%253C%252Ftitle%253E%253Csubmitted-url%253Ehttp%253A%252F%252Fsanfrancisco.bizjournals.com%252Fsanfrancisco%252Fstories%252F2010%252F06%252F28%252Fdaily34.html%253C%252Fsubmitted-url%253E%253Csubmitted-image-url%253Ehttp%253A%252F%252Fimages.bizjournals.com%252Ftravel%252Fcityscapes%252Fthumbs%252Fsm_sanfrancisco.jpg%253C%252Fsubmitted-image-url%253E%253C%252Fcontent%253E%253Cvisibility%253E%253Ccode%253Eanyone%253C%252Fcode%253E%253C%252Fvisibility%253E%253C%252Fshare%253E Response, HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 x-li-request-id: K14SWRPEPL Date: Sat, 23 Jun 2012 08:07:17 GMT Vary: * x-li-format: xml Content-Type: text/xml;charset=UTF-8 Content-Length: 341 Connection: keep-alive <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <error> <status>401</status> <timestamp>1340438838344</timestamp> <request-id>K14SWRPEPL</request-id> <error-code>0</error-code> <message>[unauthorized]. OAU:xxx|nnnnn|*01|*01:1340438599:Pz8/Pz8/Pz9ePzkxPyc/DD82Pz8=</message> </error> Please help. Regards, Vijesh Nair

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >