FAQ Database Discussion Community


c++: Let user process write to LOCAL_SYSTEM named pipe - Custom Security Descriptor

c++,windows,winapi,pipe,authorization
I have a service running as LocalSystem which creates a Processes in the logged on users' session. Then the service creates a named pipe to which the client connects to read and write. According to https://msdn.microsoft.com/en-us/library/aa365600%28v=vs.85%29.aspx the client can only read from the pipe (It's No Admin, not the Creator,...

Can I submit a form with google's recaptcha in it from my app?

http,request,authorization,captcha,recaptcha
I'm writing an app which involves letting users to share comments on a website, which has a comment form with Google's reCAPTCHA embeded. I would like to load this page via HTTP and display CAPTCHA within my app, so that user can post comments from my app. Is it easy...

Paypal PHP How to check validity of refresh token for future payments

php,paypal,authorization,token
I am working on an iOS app where I am getting user's consent for future payments via Paypal iOS SDK. I get the authorization token, send it to the PHP server that gets the refresh token via Paypal PHP SDK and stores it in database. Then for any future payments,...

User Permission - Display edit in view (express, handlebars)

node.js,express,authorization,handlebars.js
At the moment I have user profiles that are rendered using Handlbars as such: exports.profile = function(req, res) { User.findOne({username: req.params.username}).exec(function(err, user){ res.render('profile/view', { user: req.user, name: user.name, username: user.username }); }); }; On the rendered template at profile/view I would like to display an edit button if the user...

Restlet Authorization by Method AND User

java,authentication,authorization,restlet
I'm new to Restlet and REST in general and want to implement a RESTful API for a running server / database. Routing and addressing seems to work fine so far but I'll need a few hints at how to handle authentication and authorization. The situation: There are some resources with...

Thinktecture Authorization Server SAML Identity Provider

authorization,saml,thinktecture
I can easily associate Thinktecture Authorization Server with Identity Server. Is there a way to associate Authorization Server as a relying party to an Identity Provider that only deals in SAML and not WS-*?

How to use LDAP to implement a resource/action based authorization?

c#,ldap,authorization,rbac,abac
We have a legacy system that uses a resource/action based authorization. Recently our company has decided to use a LDAP server as a repository for both Authentication and Authorization. I haven't worked with LDAP servers before but as far as I have learned we can define our schema for different...

Authentication with OAuth and JWT but without OpenID Connect

session,authentication,oauth,authorization,openid-connect
I’m wondering if I really need OpenID Connect to provide authentication on top of OAuth2. It seems to me if I generate JWTs (JWE) as my access token and I store user claims, roles/permissions, etc. in the access token, then the OpenID Connect's id token isn't needed. Resource servers can...

Pundit Usage When Creating/Deleting Objects

ruby-on-rails-4,authorization,pundit
I am creating and updating objects, my controller has: def create @mymodel = MyModel.create mymodel_params authorize @mymodel end I need to authorize create so I have added authorize @mymodel but surely this should come first? The problem is what parameter do I give authorize? I could do authorize :mymodel but...

ASP.net Web API 2 controller with multiple authentication filters

.net,web-services,authentication,authorization,asp.net-web-api2
What is the intended semantics for multiple authentication filters? It is allowed? and if so, how do they work together? Here is a specific example. Suppose I have a controller class such as [BasicAuthenticator] [LocalAuthenticator] [Authorize] public class TestController : ApiController { [AllowAnonymous] public IHttpActionResult GetProduct(int id) { } //...

Storing Google App Engine User Nicknames with PHP [closed]

php,google-app-engine,authorization
Using Google App Engine with PHP, I would like to use User Services to authorize the user. I want to store the user's preference and other custom information to a database and relate this data to the user. Is it safe to store the nickname from getNickname() as a unique...

Rails + CanCan: Disallow User from Joining a Group if Already a Member

ruby-on-rails,authorization,cancan,cancancan
I have a Rails app, using CanCan for authorization. I have Users that can have Memberships in Groups. I would like to create a CanCan rule that authorizes a user to create a group membership only if they are not already a member of that group. So far I have...

Sitecore 8 error SPEAK error after upgrade

asp.net-mvc,authorization,sitecore,sitecore8,sitecore-speak-ui
I just did a test upgrade on a Sitecore 7.5 site. The upgrade process went off without a hitch. I navigated to /sitecore and saw the fancy new 8 login screen. I entered my admin creds and was then presented with a .net error: Could not get pipeline: speak.client.initialize.layout (domain:...

google OAUTH2 exchange authorization code for acces token “invalid request”

php,google-api,authorization,access-token
I'm getting google api authorization code from this page on my server https://github.com/google/google-api-php-client/blob/master/examples/user-example.php the same page on my hosting to test http://mawk3y.net/google/google-api-php-client/examples/user-example.php after adjusting client id, secret and redirect uri. $data =file_get_contents('https://accounts.google.com/o/oauth2/auth?code='.$code.'&client_secret={secret}&redirect_uri={my web page}&grant_type=authorization_code'); print_r($data); but i get an error so i'm...

Ruby on Rails Why isn't my create user working using bcyrpt gem?

ruby-on-rails,ruby,login,authorization,registration
In my Ruby on Rails application I have just started to try to include registering and logging in. I firstly ran the scaffold command: rails generate scaffold User name:string password_digest:string role:string and then rake db:migrate. This all went well and created the needed files for User. In my gemfile I...

Where to apply domain level permissioning

design-patterns,permissions,authorization,onion-architecture,hexagonal-architecture
Permissioning/Authorization (not Authentication) is a cross-cutting concern, I think. In an Onion Architecture or Hexagonal Architecture, where should permissioning be performed? Examples of permissioning required would be: Filtering data returned to the front end (UI, API, or otherwise) Validating that a business operation can be performed at all Ideally, via...

Youtube API returning Insufficient Permission when requesting comments

php,api,youtube-api,authorization
I'm trying to retrieve comment threads for a users video but I'm getting a 403 Insufficient Permission error. My oAuth client in the developers console has the Youtube Data v3 API enabled and I set the youtube scope when the token is generated. Here is the client I use to...

Use ALFA in standalone mode

authorization,xacml,alfa,abac
The DSL ALFA by Axiomatics is only provided as an eclipse plugin. Is it possible to use it in standalone mode? There is a Main class bundled in the jar but I have had no luck getting it to work.

Implemeneting IIS hosted WCF service with AzMan role provider

asp.net,web-services,wcf,iis,authorization
I try to implement a WCF service that is hosted on IIS, the users ask for some templates files transformation and it return them the processed file (If they are authorized for the template they asked for). I selected the visual studio project template "WCF Service Application" and got a...

How to create log-in functionality in ASP.NET MVC?

c#,asp.net-mvc,authorization
I have an ASP.NET MVC 5 app, and I'm using the Empty template with the No Authentication option. Because I don't want to use ASP.NET Identity, I want to implement something very simple myself. I created for test purposes a vey simple model: public class User { public int UserId...

ASP.NET Web API Authorization tokens expiring early

asp.net-mvc-4,authorization,asp.net-web-api2,bearer-token
I have implemented security for my web api (individual accounts) as discussed here. I have hosted the website on godaddy (shared hosting) and its working fine. When I ask for token by using url "domain.com/token", I get the token with expiration date of within 15 days. I have set this...

How to have a rails admin and only 1 admin that can edit & create new posts

ruby-on-rails,ruby-on-rails-4,devise,authorization,pundit
I am trying to create a simple page where any visitor can read the weekly posts. I want there to only be 1 admin that can edit or create new posts. How would I go about creating this? I started with devise but theoretically anyone can go to the new_user_registration...

IdentityServer3 with external user management

authentication,authorization,thinktecture-ident-server,thinktecture
Given a scenario where a web hosted IdentityServer3 only handles authorization, being user authentication handled by an external custom service, what is required to implement to support this? A custom OWIN middleware?

Rails 4.2: Role Based Auth and Separate Attributes

ruby-on-rails,authentication,devise,authorization,table-relationships
I am creating an app with 3 types of Users which could end up with a 4th... Admin Provider Member (patient) The tricky part is each share some common attributes such as 'first_name' and 'last_name', but will have more attributes that differ. If they all share the same 'User' table,...

Hadoop-2.6.0 Authorization not working for MR jobs

security,hadoop,authorization,kerberos
I have configured hadoop-2.6.0 with kerberos security. For authorization, i referred the Documentation. But security.job.submission.protocol.acl property is not available in the hadoop-policy.xml. It seems the property changed into security.job.client.protocol.acl. Even though i add any of these property for submitting map reduce jobs, its not working. Any user can submit...

Hide ActionLinks based on user roles without exposing roles in view

asp.net-mvc,controller,authorization,actionlink
I use the AuthorizeAttribute and roles (Identity). I want to hide ActionLinks based on user roles. I found solutions with HtmlHelpers like this. But I really don't like those solutions because the view must know about the required roles. This means the roles are defined twice: in the controller and...

WCF authentication + authorization

c#,sql,wcf,authorization
We have WCF 4.5 service and we are trying to secure it. We have users in our database schema but what we want to do is operations like [OperationsContract] void PostMessage(string message, int userId) //used ID is supposed to be id of user who post message our service is secured...

tastypie obj_create and authorization

python,django,authorization,tastypie
I use tastypie 0.12.2-dev to create API for my django site. I wrote a class authorization (ApprovedLaptopsAuthorization) and used it in my ModelResource (RecordResource) class. The endpoint of RecordResource is http://myserver/book/api/record. HTTP GET Request to that endpoint is working correctly. (permissions are checked in read_list() method of ApprovedLaptopsAuthorization class). Now...

Restrict Pyramid to require login by default

python,authorization,pyramid
How can I use pyramid so, that it requires a User to be logged in, unless I explicitly say it does not for a certain view? Currently I need to add some required permission to each and every view_config I'm creating. If I forget one, I'll have a possible security...

How to create permisison based on user group in codeigniter?

php,mysql,codeigniter,authorization
I am using codeigniter ion authentication for user group maintenance Here's link for ion authenticaiton documentation In Edit user group i would like to add menus to access for particular group alone. how to design a mysql table and access it in our controller and view page to restrict page...

Paypal Payments (Authorization & Capture) not returning Authorization ID

api,paypal,authorization,capture
According to the documentation the paypal payment method should be able to do Authorization & Capture just fine. The following excerpt under the PayPal authorizations excerpt specifically states how to go about it: First get payment approval and execute the payment as you normally would do for a PayPal payment....

Getting HTTP 401.2 Unauthorized when porting old Web Forms to OWIN

c#,asp.net,authentication,authorization,owin
I've followed Require Authentication for all requests to an OWIN application so my code looks like this: public void Configuration(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions() { CookieSecure = CookieSecureOption.Never }); app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions() { MetadataAddress =...

ios how is permission/Authorization working?

ios,permissions,authorization
I'am trying to find how the iOS permissions and authorizations works, but I can't find anything. What I want to know is, if in my app version 1.1. I ask user for location's permission and when I update my app to 1.2, I now ask for location and camera. Is...

Setting CORS call to GET not OPTIONS

javascript,xmlhttprequest,authorization,cors
I am creating a CORS call as follows: createCORSRequest: function(method, url) { var xhr = new XMLHttpRequest(); xhr.withCredentials = true; if ("withCredentials" in xhr) { // Check if the XMLHttpRequest object has a "withCredentials" property. // "withCredentials" only exists on XMLHTTPRequest2 objects. console.log("Sending request with credneitials"); xhr.open(method, url, true); }...

How to use DatabaseCertificate login module

authentication,jboss,authorization,wildfly
I want to use DatabaseCertificate login module to load groups from DB. Current config: > <security-domain name="LDAPAuth"> > <authentication> > <login-module code="LdapExtended" flag="required"> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.provider.url" value="***************"/> > <module-option name="java.naming.security.authentication" value="simple"/> > <module-option name="bindDN"...

Google Cloud Storage: How can I grant an installed application access to only one bucket?

authorization,google-cloud-storage,google-cloud-platform
I'm developing an application that manipulates data in Google Cloud Storage buckets owned by the user. I would like to set it up so the user can arrange to grant the application access to only one of his or her buckets, for the sake of compartmentalization of damage if the...

Authorization Model: Context of Role?

security,authorization,claims-based-identity,abac,role-based-access-control
I am currently attempting to design an Authorization Model that has the following components: Privileges - an action that can either be granted or denied to a user/group Roles - a collection of privileges; roles can be associated with a user or group Security Objects - the entity to which...

How to do simple authentication with QuickBooks Online without using OAuth?

java,authorization,quickbooks,quickbooks-online
I'd like to authenticate myself with my QuickBooks Online account using the Accounting API (Java) so that I can create an invoice. I've already done this successfully in another app. In that situation, the app had a front-end interface that allowed anyone to login to their account, so I used...

API Authentication Method - am I doing it correctly?

rest,authentication,authorization,privatekey,public-key
I'm incredibly new to building API authentication - so wanted to ensure I'm going about this the correct way as there could be major security flaws that I'm not aware of. It's based on a secret/private key pair, where both the client and the server know the secret key, but...

Adding authorization to routes

ruby-on-rails,rest,routes,authorization
I cannot seem to find a good example for this. I have for example, a TicketController I define a ticket resource in my routes.rb. You only need to be logged in as a customer to GET a ticket, but you must be logged in as an administrator to PUT a...

Call java function based on name read from file [duplicate]

java,xml,authorization,function-call
This question already has an answer here: How to invoke a method in java using reflection 4 answers I am trying to write an authorization layer for my application where the developer write a java function for validating the user before allowing him to access files. The problem is...

RESTful security authorization

java,javascript,security,rest,authorization
I have an application which is wrote with JS frameworks and it makes REST request to RESTful service which I wrote. The problem is that I want to put an authorization. I found OAuth 1.0a and OAuth 2 for using them for that purpose. How can I make a security...

Token Based Authentication in ASP.NET 5 (vNext) (refreshed)

c#,authentication,authorization,web-api,asp.net-5
I'm working with ASP.NET 5 (vNext) application. I'm trying to implement Token Based Authentication but can not figure out how to use new Security System. My scenario: A client requests a token. My server should authorize the user and return access_token which will be used by the client in following...

Is there a way to use AutoFac Web Api Authorization Filters through Attributes instead of injection?

asp.net-web-api,filter,dependency-injection,authorization,autofac
I have an Autofac Web Api Authorization Filter like that: public class MyAuthorizationFilter : IAutofacAuthorizationFilter { public void OnAuthorization(HttpActionContext actionContext){} } public class MyAuthorizationAttribute : Attribute { public MyAuthorizationAttribute() { } } Right now the only way I can have an Autofac Web Api Authorization Filter is through injecting it...

How apply granular per content rights in OAuth 2?

security,oauth-2.0,authorization
We know how to grant access through an access token and user info through identity token. We know we can add roles claims to the identity token. But in a permission access per content, I don't know how to use claims and tokens. Think in the case that user A...

Azure DocumentDB - The MAC signature found in the HTTP request is not the same as the computed signature

c#,.net,azure,authorization,azure-documentdb
Seemingly randomly I am unable to get a document from DocumentDB. I can be debugging, have it fail with the below message then try again and work. If this has to do with my MAC address i've also tried from a different workstation with the same result. Microsoft.Azure.Documents.UnauthorizedException, message: {"Errors":["The...

django-rest-framework : restrict RelatedField queryset according to request

python,django,authorization,django-rest-framework
I have a model with a ForeignKey models.py class B(models.Model): user = models.ForeignKey(contrib.auth.User) class A(models.Model): b = models.ForeignKey(B) serializers.py class ASerializer(serializers.ModelSerializer): class Meta: model = A fields = ['b'] views.py class AViewSet(iewsets.ModelViewSet): queryset = A.objects.all() serializer_class = ASerializer Now what I want is to restrict the A.b values to the...

Simultaneous authorization in advanced app

php,authorization,yii2
In advanced app, I tried to implement divided authorization for backend and frontend. In first case, I used User class from basic app, in order to use users without database. But for frontend part, I used User class from advanced app. It would seemthat everything is working perfectly. But when...

SonarQube LDAP authentication is not working

authentication,ldap,authorization,sonarqube
Presently, connecting to Apache Directory Server 2.0 from SonarQube 5.0.1. Have given the following entries in sonar.properties file: # LDAP configuration # General Configuration sonar.security.realm=LDAP sonar.security.savePassword=false ldap.url=ldap://10.53.67.11:30389 # User Configuration ldap.user.baseDn=o=TechMahindra ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login})) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail # Group Configuration...

Microsoft Dynamics CRM and application authentication and authorization

authentication,authorization,dynamics-crm,dynamics-crm-online,dynamics-crm-2015
does Microsoft Dynamics CRM Online (2015) has some feature for authentication and authorization of external apps that needs to access CRM data records from all CRM entities? External apps are in my case 3rd party Windows Services etc. to perform some sync and automation tasks, and these apps does not...

Where to place autorisation code

php,design-patterns,authorization
I have a PHP MVC application. The business logic is implemented in a service layer and a domain model. My question is, where should I implement authorisation checks? In the service layer? Or the domain model? In a discussion on the service layer pattern, http://martinfowler.com/eaaCatalog/serviceLayer.html, Martin Fowler prefers to separate...

socket.io room authorisation

node.js,websocket,socket.io,authorization
I have a use case of socket.io where, within an individual namespace, a client can connect to several rooms. A user needs to authenticate on a per-room basis (because they may not be allowed to access those data streams). Obviously I can check the authorisation on connection to the namespace...

How to securely register users on App Engine using multiple OAUTH providers?

android,facebook,google-app-engine,oauth,authorization
I would like to discuss a common scenario: An app wants to authorize users using multiple OAUTH providers, such as Facebook, Google+ or Twitter. Essentially this question has been asked two years ago here Mobile API Authentication Using Existing Web App with Multiple OAuth Providers and stays unanswered, so I...

MVC5 ASP Identity dynamic Authorize attribute

c#,asp.net-mvc,authorization,asp.net-identity,authorize-attribute
I have a MVC5 project with backend to configure which role can access which menu. The normal way to implement role based authorization is something like this. [Authorize(Roles="Admin")] public ActionResult UpdateProduct(ProductModel model) { //do something return View(model); } Because I need the roles to be dynamic, I was thinking of...

Access to header information by $resource in AngularJS

angularjs,http-headers,authorization,angular-resource
I send a request server-side by $resource which is inside my factory. In the return object there many information, but I'd like to have access to the authorization in the headers. I tried to print the returning object by console.log() but I dont see any headers and authorization in console....

IIS Authorization and Restrictions

asp.net,iis,authorization,relative-path,restriction
I'm trying to restrict anonymous users from browsing directly to a particular filename (image file) in a folder on my website. But when I turn on the "IIS Authentication" feature on the folder, both anonymous users and the website application can't access the image file. How can I deny access...

PayPal - Check tickets still available before sending the money

php,paypal,authorization,stock
I'm working on an online ticket distribution system. The system checks if the tickets are available before the user attempts to pay, however, it might happen that the tickets run out while the user is paying. I want to make it so that when the user actually completes the payment...

Custom Authentication and Authorization for different user types in asp.net mvc

asp.net,asp.net-mvc,authentication,authorization
I’m working on a project where there are different three user types (Admin, Parent, and Teacher) that access the website. The users log in by providing their credentials and selecting their type as shown the image below I wanted to provide a custom authentication and authorization for the users. By...

Should i do authorization on my Domain Services?

c#,authorization,domain-driven-design
I have the following domain service: pulic void DeleteCustomer(int customerId, string userIdentity, string userPassword) { //1º Do login operation to verify if the credentials are valid. customerRepository.DeleteById(customerId); } Let's say that I am consuming this code of ASP.NET MVC or Windows Forms application that has a login window. The login...

Security+Authentication+Authorization with Java EE 7 [closed]

java,java-ee,authentication,ejb,authorization
I am new to Java EE, so to learn Java EE (EJB+CDI+either Zkoss/JSF 2.0) I am trying to build a sample application. In this application I don't want to use any spring-security related stuff. I do want the Authentication+Authorization mix which is provided by Spring Security. Further more I want...

Allow only specific/official HTML5 Web Apps to connect to a Websocket host

html5,api,websocket,socket.io,authorization
is it possible to ensure, that establishing a web socket connection (via socket.io) is only possible from an "official" (HTML5) app? The target is, that third party apps with knowledge of the API cannot connect to the host without further authorization information. In my opinion, the difficulty is to place...

ASP.NET MVC: Unauthenticated User Always Redirected to Login page

asp.net-mvc,asp.net-mvc-4,authentication,authorization
I've been trying to fix this for a week now, I tried everything that crossed my mind. I am creating web app using asp.net mvc 4 template. Problem is that I am always redirected to login page before I can't access any route without log in first. Not even register...

Azure AD Graph API User memberOf nested groups

c#,azure,authorization,azure-active-directory
I am querying my Azure AD graph API for a user's group memberships. I can make the query just fine, but the results are only the groups that the user DIRECTLY belongs to. None of the nested groups are listed. I'm trying to find out if a user belongs to...

OnAuthorization isn't being called

asp.net-mvc,asp.net-web-api,authorization
I use a WebApi Service with custom Authorization. This is the AuthorizationAttribute: (to keep it as simple as possible I removed all logic and just try to send a 401): public class Auth : AuthorizeAttribute { private readonly List<Permissions> _requiredPermissions; public Auth(params Permissions[] permissions) { _requiredPermissions = permissions.ToList(); } public...

How do you access url parameters inside of $stateProvider.state's stateConfig object?

angularjs,authorization,angular-ui-router
.state('edit', { url: '/edit/:id', templateUrl: 'app/skims/form/form.html', controller: 'FormCtrl as formCtrl', authenticate: { loggedIn: true, authorized: // :id } }) I'd like to assign authorized to the :id part of the URL. Is there a way to do this? My reason for wanting to do this is so I could set...

python3 - can't pass through autorization

authentication,python-3.x,web-crawler,authorization
I need to build webcrawler for internal usage and I need to login into administration area. I'm trying to use requests lib, tried this ways: import urllib.parse import requests base_url = "https://target.url" data = ({'login': 'login', 'pass': 'password'}) params = urllib.parse.urlencode(data) r = requests.post(base_url, data=params) print(r.text) and import requests base_url...

Openid Connect signing in through multiple providers

authentication,authorization,openid
If i sign on to multiple OpenId providers (such as AOL and Google), will the authentication profile be unified between the multiple providers or will there be different profiles?

undefined method `total_pages'- When use load_and_authorize_resource

ruby-on-rails,ruby-on-rails-4,authorization,cancancan
Am using cancancan for authorization.And am using will_paginate for table pagination. Its works fine until I add load_and_authorize_resource in controller. When using load_and_authorize_resource in controller, will_paginate throws ActionView::Template::Error (undefined methodtotal_pages' for #)`: Abilyty.rb: def initialize(user) if user.user_type == "ADMIN" then can :manage, :all cannot :manage, ParentMessageController elsif user.user_type == "MANAGEMENT"...

Java Google Coantacts API Access Service Account Authentication

java,google-api,authorization,google-oauth,google-api-java-client
I'm trying to access Googles Contacts API but my attempt failed already on getting authorized. From other (web) languages i'm used to the APIConsole and the public API-key (authorization). GoogleCredential credential = new GoogleCredential().setAccessToken("<<PublicAPIKey>>"); System.out.println(credential.refreshToken()); // false This way I'm not able to refresh the token and be unsure about...

Stop Hacks to Wordpress Site - New User Added

wordpress,security,authorization
My apologies in advance if I am posting it in the wrong forum. I have a WordPress site. Every couple of days, a new user is added as an "Administrator" as shown below I have changed my password many times using complex passwords but to no use. I even searched...

Role concept in the authorization

java,security,authorization
I'm writing the following public interface SecurityService{ public Error tryLogin(String usr, String psw); public String getRoleCurrentUser(); //Attention here } and of course, there will be a couple implementations. For instance, now I have public SpringSecurityService{ @Autowired AuthenticationManager authenticationManager; public Error tryLogin(String usr, String psw){ //Implementation here } public String getRoleCurrentUser(){...

Validating Multiple Roles in Spring Security

spring,authentication,spring-security,authorization,intercept
I have added all the required libs and dependencies for the security and the application is working for single role & Any role cases Single: <security:intercept-url pattern="/**" access="hasRole('enabled')" /> Any Role <security:intercept-url pattern="/**" access="hasAnyRole('enabled','view')" /> is there are way to check multiple(AND or All Roles) roles using the expression ?...

Gitlab: Can I create a Branch visible to only certain developers?

permissions,authorization,branch,gitlab
Im using gitlab, and I am wondering, is there a simple way to restrict access to a branch to only certain developers? This has to do with time varying disclosure and the ability for certain developers to see some objects models, while other cannot? Ideally this would happen in one...

Adding custom Roles to Azure Mobile Services User (Google, Twitter, Facebook, Microsoft)

.net,authorization,azure-mobile-services
I have an .NET Azure Mobile Services project with some controllers I want to secure with the typical Authorize attribute. I can create a Roles table and a UserProfiles table and associate the various users authenticated through Google, Facebook, etc. with Roles in my Roles table. My question is: How...

Getting Location Services to work in IOS 8

ios,objective-c,authorization,cllocationmanager
I am trying to update some old code to get it to work in IOS 8. I have read through Location Services not working in iOS 8 but I am still very confused as to how to correctly implement the methodology. I have added in <key>NSLocationWhenInUseUsageDescription</key> <string>The spirit of stack...

Blocking batch_actions with ActiveAdmin and CanCan

ruby-on-rails,authorization,activeadmin,cancan
I am using ActiveAdmin with Cancan for authorization. In my ability model, I setup a user to only have read ability. This works as expected, except the user can still select devices(the model I am restricting) and then perform a batch_update to edit one or more of them. I can't...

tacacs+ for Linux authentication/authorization using pam_tacplus

linux,security,authentication,authorization,pam
I am using TACACS+ to authenticate Linux users using pam_tacplus.so PAM module and it works without issues. I have modified the pam_tacplus module to meet some of my custom requirements. I know by default, TACACS+ does not have any means to support linux groups or access level control over linux...

correct syntax postgresql query with two conditions, rails, eula acceptance / version test

ruby-on-rails,ruby,postgresql,devise,authorization
At time of login, I am trying to evaluate whether or not a user has accepted our current end user license agreement ( eula ). In the contracts-controller.rb def eula_version eula_version = "3" end In the application_controller.rb, an after_sign_in_path_for(resource) method per the devise gem instructions def after_sign_in_path_for(resource) if @user =...

Using JMX with Jaas for jconsole authentication

java,authentication,authorization,jmx,jaas
I have the following scenario: I have an application that uses JMX to expose some methods, sat on a server. At present users can connect to this via the command line using jconsole. There are currently no access restrictions. Users will be logging into a machine and have access rights...

WCF Show/Hide Methods For User Groups

wcf,authorization
I have a wcf web service and there are two types of users that will use this service.Service methods need to be different for each user group. In other words, User group A should not see service methods that belong to user group B. How can I achieve this?

How to Read the JSON Payload in a JAX-RS Filter

java,filter,jersey,authorization,jax-rs
I'm trying to do a personalised authZ process prior to each api-request. I'm using JAX-RS/Jersey. public class AuthorizationRequestFilter implements ContainerRequestFilter { @Override public void filter(ContainerRequestContext request) throws IOException { // How to see JSON payload here? ... } } ...

CanCan Rails Authorization

ruby-on-rails,ruby-on-rails-4,authorization,cancan
I am creating REST API and also using Authorization in REST API. Whenever a user is not authorized for a action it redirects to home page using the following code rescue_from CanCan::AccessDenied do |exception| redirect_to "/", :alert => exception.message end For Rest API method, I don't want to be redirected...

Best way to prevent unauthorized user on Angular site from seeing site for a split second before being redirected to login?

javascript,angularjs,api,authorization,interceptor
I am currently building an Angular front end on a site that pulls much of its data from an API that requires authorization via login. I have built the following authInterceptor that works well and redirects users to the login page if a 401 error is sent from the server:...

Duplication of data in explicit authorization

permissions,authorization,relational-database,rdbms
Our current authorization strategy on our site is very tightly coupled to our RDB's schema - which in some ways is a good thing, since it means the permissions available to a user exactly match what he should have, assuming a correct interpretation of the data. So when we query...

HTTPClient getting two 401s before success (sending wrong token)

c#,.net,http,authorization,.net-4.5
I'm trying to communicate with a self-hosted WebAPI client using HttpClient. The client is created with the following code: HttpClientHandler clientHandler = new HttpClientHandler() { UseDefaultCredentials = true, PreAuthenticate = true }; var client = new HttpClient(clientHandler); on the server side we set: HttpListener listener = (HttpListener)app.Properties[typeof(HttpListener).FullName]; listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;...