authorization,xacml,alfa,abac , Use ALFA in standalone mode


Use ALFA in standalone mode

Question:

Tag: authorization,xacml,alfa,abac

The DSL ALFA by Axiomatics is only provided as an eclipse plugin. Is it possible to use it in standalone mode? There is a Main class bundled in the jar but I have had no luck getting it to work.


Answer:

It is not possible just yet but it will be in the near future. Stay tuned for further developments


Related:


API Authentication Method - am I doing it correctly?


rest,authentication,authorization,privatekey,public-key
I'm incredibly new to building API authentication - so wanted to ensure I'm going about this the correct way as there could be major security flaws that I'm not aware of. It's based on a secret/private key pair, where both the client and the server know the secret key, but...

Authentication with OAuth and JWT but without OpenID Connect


session,authentication,oauth,authorization,openid-connect
I’m wondering if I really need OpenID Connect to provide authentication on top of OAuth2. It seems to me if I generate JWTs (JWE) as my access token and I store user claims, roles/permissions, etc. in the access token, then the OpenID Connect's id token isn't needed. Resource servers can...

Access to header information by $resource in AngularJS


angularjs,http-headers,authorization,angular-resource
I send a request server-side by $resource which is inside my factory. In the return object there many information, but I'd like to have access to the authorization in the headers. I tried to print the returning object by console.log() but I dont see any headers and authorization in console....

Allow only specific/official HTML5 Web Apps to connect to a Websocket host


html5,api,websocket,socket.io,authorization
is it possible to ensure, that establishing a web socket connection (via socket.io) is only possible from an "official" (HTML5) app? The target is, that third party apps with knowledge of the API cannot connect to the host without further authorization information. In my opinion, the difficulty is to place...

Hide ActionLinks based on user roles without exposing roles in view


asp.net-mvc,controller,authorization,actionlink
I use the AuthorizeAttribute and roles (Identity). I want to hide ActionLinks based on user roles. I found solutions with HtmlHelpers like this. But I really don't like those solutions because the view must know about the required roles. This means the roles are defined twice: in the controller and...

Java Google Coantacts API Access Service Account Authentication


java,google-api,authorization,google-oauth,google-api-java-client
I'm trying to access Googles Contacts API but my attempt failed already on getting authorized. From other (web) languages i'm used to the APIConsole and the public API-key (authorization). GoogleCredential credential = new GoogleCredential().setAccessToken("<<PublicAPIKey>>"); System.out.println(credential.refreshToken()); // false This way I'm not able to refresh the token and be unsure about...

Duplication of data in explicit authorization


permissions,authorization,relational-database,rdbms
Our current authorization strategy on our site is very tightly coupled to our RDB's schema - which in some ways is a good thing, since it means the permissions available to a user exactly match what he should have, assuming a correct interpretation of the data. So when we query...

MVC5 ASP Identity dynamic Authorize attribute


c#,asp.net-mvc,authorization,asp.net-identity,authorize-attribute
I have a MVC5 project with backend to configure which role can access which menu. The normal way to implement role based authorization is something like this. [Authorize(Roles="Admin")] public ActionResult UpdateProduct(ProductModel model) { //do something return View(model); } Because I need the roles to be dynamic, I was thinking of...

tastypie obj_create and authorization


python,django,authorization,tastypie
I use tastypie 0.12.2-dev to create API for my django site. I wrote a class authorization (ApprovedLaptopsAuthorization) and used it in my ModelResource (RecordResource) class. The endpoint of RecordResource is http://myserver/book/api/record. HTTP GET Request to that endpoint is working correctly. (permissions are checked in read_list() method of ApprovedLaptopsAuthorization class). Now...

Is there a way to use AutoFac Web Api Authorization Filters through Attributes instead of injection?


asp.net-web-api,filter,dependency-injection,authorization,autofac
I have an Autofac Web Api Authorization Filter like that: public class MyAuthorizationFilter : IAutofacAuthorizationFilter { public void OnAuthorization(HttpActionContext actionContext){} } public class MyAuthorizationAttribute : Attribute { public MyAuthorizationAttribute() { } } Right now the only way I can have an Autofac Web Api Authorization Filter is through injecting it...

Sitecore 8 error SPEAK error after upgrade


asp.net-mvc,authorization,sitecore,sitecore8,sitecore-speak-ui
I just did a test upgrade on a Sitecore 7.5 site. The upgrade process went off without a hitch. I navigated to /sitecore and saw the fancy new 8 login screen. I entered my admin creds and was then presented with a .net error: Could not get pipeline: speak.client.initialize.layout (domain:...

Authorization Model: Context of Role?


security,authorization,claims-based-identity,abac,role-based-access-control
I am currently attempting to design an Authorization Model that has the following components: Privileges - an action that can either be granted or denied to a user/group Roles - a collection of privileges; roles can be associated with a user or group Security Objects - the entity to which...

Getting Location Services to work in IOS 8


ios,objective-c,authorization,cllocationmanager
I am trying to update some old code to get it to work in IOS 8. I have read through Location Services not working in iOS 8 but I am still very confused as to how to correctly implement the methodology. I have added in <key>NSLocationWhenInUseUsageDescription</key> <string>The spirit of stack...

IdentityServer3 with external user management


authentication,authorization,thinktecture-ident-server,thinktecture
Given a scenario where a web hosted IdentityServer3 only handles authorization, being user authentication handled by an external custom service, what is required to implement to support this? A custom OWIN middleware?

Is WSO2 Identity Server working with JSON XACML request/response?


json,wso2,wso2is,xacml,abac
I´m new in the world of WSO2 Identity Server. Does anyone know if Identity Server is able to send and receive XACML requests and responses using the new JSON defined in the Oasis XACML Definition? I cannot find any reference or tutorial talking about that. Thanks in advance!...

How to use DatabaseCertificate login module


authentication,jboss,authorization,wildfly
I want to use DatabaseCertificate login module to load groups from DB. Current config: > <security-domain name="LDAPAuth"> > <authentication> > <login-module code="LdapExtended" flag="required"> > <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> > <module-option name="java.naming.provider.url" value="***************"/> > <module-option name="java.naming.security.authentication" value="simple"/> > <module-option name="bindDN"...

How do you access url parameters inside of $stateProvider.state's stateConfig object?


angularjs,authorization,angular-ui-router
.state('edit', { url: '/edit/:id', templateUrl: 'app/skims/form/form.html', controller: 'FormCtrl as formCtrl', authenticate: { loggedIn: true, authorized: // :id } }) I'd like to assign authorized to the :id part of the URL. Is there a way to do this? My reason for wanting to do this is so I could set...

Paypal Payments (Authorization & Capture) not returning Authorization ID


api,paypal,authorization,capture
According to the documentation the paypal payment method should be able to do Authorization & Capture just fine. The following excerpt under the PayPal authorizations excerpt specifically states how to go about it: First get payment approval and execute the payment as you normally would do for a PayPal payment....

Should i do authorization on my Domain Services?


c#,authorization,domain-driven-design
I have the following domain service: pulic void DeleteCustomer(int customerId, string userIdentity, string userPassword) { //1º Do login operation to verify if the credentials are valid. customerRepository.DeleteById(customerId); } Let's say that I am consuming this code of ASP.NET MVC or Windows Forms application that has a login window. The login...

ASP.NET MVC: Unauthenticated User Always Redirected to Login page


asp.net-mvc,asp.net-mvc-4,authentication,authorization
I've been trying to fix this for a week now, I tried everything that crossed my mind. I am creating web app using asp.net mvc 4 template. Problem is that I am always redirected to login page before I can't access any route without log in first. Not even register...

Rails 4.2: Role Based Auth and Separate Attributes


ruby-on-rails,authentication,devise,authorization,table-relationships
I am creating an app with 3 types of Users which could end up with a 4th... Admin Provider Member (patient) The tricky part is each share some common attributes such as 'first_name' and 'last_name', but will have more attributes that differ. If they all share the same 'User' table,...

Stop Hacks to Wordpress Site - New User Added


wordpress,security,authorization
My apologies in advance if I am posting it in the wrong forum. I have a WordPress site. Every couple of days, a new user is added as an "Administrator" as shown below I have changed my password many times using complex passwords but to no use. I even searched...

Pundit Usage When Creating/Deleting Objects


ruby-on-rails-4,authorization,pundit
I am creating and updating objects, my controller has: def create @mymodel = MyModel.create mymodel_params authorize @mymodel end I need to authorize create so I have added authorize @mymodel but surely this should come first? The problem is what parameter do I give authorize? I could do authorize :mymodel but...

Where to apply domain level permissioning


design-patterns,permissions,authorization,onion-architecture,hexagonal-architecture
Permissioning/Authorization (not Authentication) is a cross-cutting concern, I think. In an Onion Architecture or Hexagonal Architecture, where should permissioning be performed? Examples of permissioning required would be: Filtering data returned to the front end (UI, API, or otherwise) Validating that a business operation can be performed at all Ideally, via...

HTTPClient getting two 401s before success (sending wrong token)


c#,.net,http,authorization,.net-4.5
I'm trying to communicate with a self-hosted WebAPI client using HttpClient. The client is created with the following code: HttpClientHandler clientHandler = new HttpClientHandler() { UseDefaultCredentials = true, PreAuthenticate = true }; var client = new HttpClient(clientHandler); on the server side we set: HttpListener listener = (HttpListener)app.Properties[typeof(HttpListener).FullName]; listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;...

PayPal - Check tickets still available before sending the money


php,paypal,authorization,stock
I'm working on an online ticket distribution system. The system checks if the tickets are available before the user attempts to pay, however, it might happen that the tickets run out while the user is paying. I want to make it so that when the user actually completes the payment...

ios how is permission/Authorization working?


ios,permissions,authorization
I'am trying to find how the iOS permissions and authorizations works, but I can't find anything. What I want to know is, if in my app version 1.1. I ask user for location's permission and when I update my app to 1.2, I now ask for location and camera. Is...

SonarQube LDAP authentication is not working


authentication,ldap,authorization,sonarqube
Presently, connecting to Apache Directory Server 2.0 from SonarQube 5.0.1. Have given the following entries in sonar.properties file: # LDAP configuration # General Configuration sonar.security.realm=LDAP sonar.security.savePassword=false ldap.url=ldap://10.53.67.11:30389 # User Configuration ldap.user.baseDn=o=TechMahindra ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login})) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail # Group Configuration...

Role concept in the authorization


java,security,authorization
I'm writing the following public interface SecurityService{ public Error tryLogin(String usr, String psw); public String getRoleCurrentUser(); //Attention here } and of course, there will be a couple implementations. For instance, now I have public SpringSecurityService{ @Autowired AuthenticationManager authenticationManager; public Error tryLogin(String usr, String psw){ //Implementation here } public String getRoleCurrentUser(){...

Is one XACML file per user a good approach?


wso2,wso2is,erp,xacml,xacml3
Scenario: I'm developing a custom PAP for WSO2 IS 5.0.0. I have simple rules to administrate such as: The user Bob can read Orders of branch XYZ? The user Bob can create Invoices of branch PTO? I'm thinking to write one Policy per user with many rules, each rule containing...

Can I submit a form with google's recaptcha in it from my app?


http,request,authorization,captcha,recaptcha
I'm writing an app which involves letting users to share comments on a website, which has a comment form with Google's reCAPTCHA embeded. I would like to load this page via HTTP and display CAPTCHA within my app, so that user can post comments from my app. Is it easy...

OnAuthorization isn't being called


asp.net-mvc,asp.net-web-api,authorization
I use a WebApi Service with custom Authorization. This is the AuthorizationAttribute: (to keep it as simple as possible I removed all logic and just try to send a 401): public class Auth : AuthorizeAttribute { private readonly List<Permissions> _requiredPermissions; public Auth(params Permissions[] permissions) { _requiredPermissions = permissions.ToList(); } public...

User Permission - Display edit in view (express, handlebars)


node.js,express,authorization,handlebars.js
At the moment I have user profiles that are rendered using Handlbars as such: exports.profile = function(req, res) { User.findOne({username: req.params.username}).exec(function(err, user){ res.render('profile/view', { user: req.user, name: user.name, username: user.username }); }); }; On the rendered template at profile/view I would like to display an edit button if the user...

Adding custom Roles to Azure Mobile Services User (Google, Twitter, Facebook, Microsoft)


.net,authorization,azure-mobile-services
I have an .NET Azure Mobile Services project with some controllers I want to secure with the typical Authorize attribute. I can create a Roles table and a UserProfiles table and associate the various users authenticated through Google, Facebook, etc. with Roles in my Roles table. My question is: How...

Restlet Authorization by Method AND User


java,authentication,authorization,restlet
I'm new to Restlet and REST in general and want to implement a RESTful API for a running server / database. Routing and addressing seems to work fine so far but I'll need a few hints at how to handle authentication and authorization. The situation: There are some resources with...

How to create permisison based on user group in codeigniter?


php,mysql,codeigniter,authorization
I am using codeigniter ion authentication for user group maintenance Here's link for ion authenticaiton documentation In Edit user group i would like to add menus to access for particular group alone. how to design a mysql table and access it in our controller and view page to restrict page...

Youtube API returning Insufficient Permission when requesting comments


php,api,youtube-api,authorization
I'm trying to retrieve comment threads for a users video but I'm getting a 403 Insufficient Permission error. My oAuth client in the developers console has the Youtube Data v3 API enabled and I set the youtube scope when the token is generated. Here is the client I use to...

Custom Authentication and Authorization for different user types in asp.net mvc


asp.net,asp.net-mvc,authentication,authorization
I’m working on a project where there are different three user types (Admin, Parent, and Teacher) that access the website. The users log in by providing their credentials and selecting their type as shown the image below I wanted to provide a custom authentication and authorization for the users. By...

Gitlab: Can I create a Branch visible to only certain developers?


permissions,authorization,branch,gitlab
Im using gitlab, and I am wondering, is there a simple way to restrict access to a branch to only certain developers? This has to do with time varying disclosure and the ability for certain developers to see some objects models, while other cannot? Ideally this would happen in one...

Validating Multiple Roles in Spring Security


spring,authentication,spring-security,authorization,intercept
I have added all the required libs and dependencies for the security and the application is working for single role & Any role cases Single: <security:intercept-url pattern="/**" access="hasRole('enabled')" /> Any Role <security:intercept-url pattern="/**" access="hasAnyRole('enabled','view')" /> is there are way to check multiple(AND or All Roles) roles using the expression ?...

CanCan Rails Authorization


ruby-on-rails,ruby-on-rails-4,authorization,cancan
I am creating REST API and also using Authorization in REST API. Whenever a user is not authorized for a action it redirects to home page using the following code rescue_from CanCan::AccessDenied do |exception| redirect_to "/", :alert => exception.message end For Rest API method, I don't want to be redirected...

c++: Let user process write to LOCAL_SYSTEM named pipe - Custom Security Descriptor


c++,windows,winapi,pipe,authorization
I have a service running as LocalSystem which creates a Processes in the logged on users' session. Then the service creates a named pipe to which the client connects to read and write. According to https://msdn.microsoft.com/en-us/library/aa365600%28v=vs.85%29.aspx the client can only read from the pipe (It's No Admin, not the Creator,...

Token Based Authentication in ASP.NET 5 (vNext) (refreshed)


c#,authentication,authorization,web-api,asp.net-5
I'm working with ASP.NET 5 (vNext) application. I'm trying to implement Token Based Authentication but can not figure out how to use new Security System. My scenario: A client requests a token. My server should authorize the user and return access_token which will be used by the client in following...

Using JMX with Jaas for jconsole authentication


java,authentication,authorization,jmx,jaas
I have the following scenario: I have an application that uses JMX to expose some methods, sat on a server. At present users can connect to this via the command line using jconsole. There are currently no access restrictions. Users will be logging into a machine and have access rights...

Adding authorization to routes


ruby-on-rails,rest,routes,authorization
I cannot seem to find a good example for this. I have for example, a TicketController I define a ticket resource in my routes.rb. You only need to be logged in as a customer to GET a ticket, but you must be logged in as an administrator to PUT a...

correct syntax postgresql query with two conditions, rails, eula acceptance / version test


ruby-on-rails,ruby,postgresql,devise,authorization
At time of login, I am trying to evaluate whether or not a user has accepted our current end user license agreement ( eula ). In the contracts-controller.rb def eula_version eula_version = "3" end In the application_controller.rb, an after_sign_in_path_for(resource) method per the devise gem instructions def after_sign_in_path_for(resource) if @user =...

How to do simple authentication with QuickBooks Online without using OAuth?


java,authorization,quickbooks,quickbooks-online
I'd like to authenticate myself with my QuickBooks Online account using the Accounting API (Java) so that I can create an invoice. I've already done this successfully in another app. In that situation, the app had a front-end interface that allowed anyone to login to their account, so I used...

socket.io room authorisation


node.js,websocket,socket.io,authorization
I have a use case of socket.io where, within an individual namespace, a client can connect to several rooms. A user needs to authenticate on a per-room basis (because they may not be allowed to access those data streams). Obviously I can check the authorisation on connection to the namespace...

Storing Google App Engine User Nicknames with PHP [closed]


php,google-app-engine,authorization
Using Google App Engine with PHP, I would like to use User Services to authorize the user. I want to store the user's preference and other custom information to a database and relate this data to the user. Is it safe to store the nickname from getNickname() as a unique...

undefined method `total_pages'- When use load_and_authorize_resource


ruby-on-rails,ruby-on-rails-4,authorization,cancancan
Am using cancancan for authorization.And am using will_paginate for table pagination. Its works fine until I add load_and_authorize_resource in controller. When using load_and_authorize_resource in controller, will_paginate throws ActionView::Template::Error (undefined methodtotal_pages' for #)`: Abilyty.rb: def initialize(user) if user.user_type == "ADMIN" then can :manage, :all cannot :manage, ParentMessageController elsif user.user_type == "MANAGEMENT"...