EzDevInfo.com

authority

A Simple and Elegant PHP Authorization System

How to use session in shrio?

I am a Chinese student, and recently I used springMVC+shrio, but in the program I can't use session, as every time I need authority, it will do the following method: doGetAuthorizationInfo(PrincipalCollection principals), then find database and search authority and so on.

protected AuthorizationInfo doGetAuthorizationInfo(
            PrincipalCollection principals) {
        /* 这里编写授权代码 */
        Object ob = principals.fromRealm(getName()).iterator().next(); 
        String userName = (String) ob; 
        User user = roleService.findUser(userName);
        Set<String> roleNames = roleService.findRoleName(user.getId());
        Set<String> permissions = roleService.findUrls(user.getId());
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roleNames);
        info.setStringPermissions(permissions);
        return info;
}

Source: (StackOverflow)

Authority com.android.contacts not found exception when doing applyBatch

I have this code:

context.getContentResolver().applyBatch(ContactsContract.AUTHORITY, ops);

On some phones (user report it to me) it causes a:

java.lang.IllegalArgumentException: Unknown authority com.android.contacts

However similar authority is listed within installed packages:

contacts;com.android.contacts

or

com.google.contacts.gal.provider

Note contacts; prefix - does not seem good to me. I used this code to get it:

String message="";
for (android.content.pm.PackageInfo pack : context.getPackageManager().getInstalledPackages(PackageManager.GET_PROVIDERS)) {
 ProviderInfo[] providers = pack.providers;
 if (providers != null) {
  for (ProviderInfo provider : providers) {
  message=message+", "+provider.authority;
 }
 }
}

Do you think it's appropriate to failover to contacts;com.android.contact if com.android.contacts fails??


Source: (StackOverflow)

Advertisements

Redirect User / Admin to different Webpage during log-in depending on Authority [closed]

I want to redirect the user of my webpage based on their Authority level.

Authority : 'Admin' or 'User'

I kept on searching regarding this matter but I can't seem to find solution to my problem..

Here is my code:

<?php 
 $con = mysql_connect("localhost","root","");
 if (!$con)
   { die ('Could not connect: '.mysql_error());}
  mysql_select_db("rfq_db",$con);
  ?>

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Log-in</title>
</head>

<body>

<div class="container">
  <div class="header">

  <div class="content">
  <form id="form1" name="form1" method="post" action="">
  <table width="450" border="0" align="center">
    <caption>
      Please enter your username and password below:
    </caption>
    <tr>
      <td class="labelL"><label for="username">Username:</label></td>
      <td class="labelTF"><input type="text" name="username" id="username" /></td>
    </tr>
    <tr>
      <td class="labelL"><label for="password">Password:</label></td>
      <td class="labelTF"><input type="password" name="password" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Login" id="Login" value="Log in" /></td>
    </tr>
  </table>
</form>




 <?php

   if (isset($_POST['Login'])){

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);


  if (isset($username) && isset($password)){

    $query = mysql_query("SELECT  Username, Password FROM tbluser WHERE Username = '$username' AND Password = '$password' ");
        if(mysql_num_rows($query) == 0){
        echo 'Account does not exist';
        }
        else {   
            $row_user = mysql_fetch_array($query);


            if (($username != $row_user['Username']) && ($password != $row_user['Password'])){
                echo "Wrong Username or Password"; }

        else {


                $authority = $row_user['Authority'];

                          if ($authority == "Admin"){
                               header("location: HomePage.php");
                                 }
                            else
                             { header("location: HomeVer2.php");} }

        }
 }else {echo "Please enter username and password"; }}



  ?>        



</div>

  </body>
</html>

Please help.. I don't know what's wrong.. when I tested it, it redirects only in the HomeVer2.php even if i logged in an Admin account..


Source: (StackOverflow)

Is the "api" part of a Web API route considered by Android's Uri.Builder as part of the authority or a path?

I've tried both of these:

builder.scheme("http").authority("10.0.2.2:28642").appendPath("api").appendPath("DeliveryItems").appendPath("PostArgsAndXMLFileAsStr").

builder.scheme("http").authority("10.0.2.2:28642/api").appendPath("DeliveryItems").appendPath("PostArgsAndXMLFileAsStr").

...and although for other reasons the code is not working yet, I'm wondering which way is right:

.authority("10.0.2.2:28642").appendPath("api").

-or:

authority("10.0.2.2:28642/api").

?


Source: (StackOverflow)

android duplicate provider authority

I have had users complaining of a "duplicate provider authority" error when trying to install my android application. I initially thought it might be an old version interfering with the new version, but they have never installed the app before. Any suggestions as to what might be causing this?


Source: (StackOverflow)

Cpanel subdomain access to parent folder prevent

For example:
I have "abc.com" and i use "cpanel"
In "cpanel -> Domains -> Subdomains"
i create
Subdomain: "x.abc.com"
Document Root: "/home/abc/public_html/hisfolder"

And i will give this address to my customer
i don't want he access to my other files except "hisfolder"
He must only access with "ftp" to "hisfolder" and my Database.

And i create In "cpanel -> Files -> Ftp Accounts"
Login: "hisname@abc.com"
Password: "*****"
Directory: "/home/abc/public_html/hisfolder"

With "filezilla" or etc. he only access "hisfolder" he can't access to parent folders and files OK.
But when he write a ".php" file like:

<?php
$dir    = '../';
$files = scandir($dir);
print_r($files);

$phpApiFile = file_get_contents('../api.php');
echo $phpApiFile;
?>

and upload to "/home/abc/public_html/hisfolder/index.php" he can now access to my files?

  1. He should add his .php files and connect to database
  2. He should not access to my files

So how can i do this both agents? what am i do?


Source: (StackOverflow)

Laravel Roles & Permissions with Authority

From my research, I have found that the Authority package (https://github.com/machuga/authority-l4) is best for implementing a role/permissions based user auth system while maintaining flexibility. I am having trouble understanding exactly how to use this package. The documentation covers it's functions and configuration, but does not explain a few things. Was hoping someone could point me in the right direction.

What is the purpose of the config file? To specify permissions? Are these not stored in the database?

I see you can group permissions together using Aliases. What if I do not want to use an alias. Is there a way to create just a permission by itself?

I see you can create rules for Resources, such as only allowing a user to edit posts which they are assigned to. The documentation does not appear to have much information on this.

Any help would be greatly appreciated. Searched the internet, but not finding much for this package.


Source: (StackOverflow)

Do I strictly need authorities for user-service in Spring?

If I remove

<authorities-by-username-query="myquery"> 

in my jdbc-user-service then my form always gives me 'bad credentials'. I've checked it triple times , I cannot authorize person without giving him at least one authority?


Source: (StackOverflow)

How to use Authority package for Laravel

After some searching, I succesfully installed the Authority-l4 package to use for my Laravel project. The docs are clear but small (not much info/examples). This is what my config file looks like atm:

return array[

    'initialize' => function($authority) {
        $user = $authority->getCurrentUser();

        $authority->addAlias('manage', ['create', 'read', 'update', 'delete']);

        if($user->hasRole('admin')) {
            //Admin can manage all resources
            $authority->allow('manage', 'all');
        }

        // User can manage his own post
        Authority::allow('manage', 'User', function($self, $user){
            return $self->getCurrentUser()->id === $user->id;
        });

        // User can manage his own post
        Authority::allow('manage', 'Post', function($self, $post){
            return $self->getCurrentUser()->id === $post->id;
        });
    }

];

I have some questions about this:

  1. How to add a role to a user? hasRole() exists, why not setRole()?
  2. I noticed nothing gets saved into the database, isn't this better?
  3. How do I use my database with Authority? Could someone give me a head start, I've been strugling four hours now.
  4. In some articles they say that the class Role should be changed to have many permissions instead of a user having many permissions, isn't this better?

Probably I'm thinking way to difficult about this package, searching the internet doesn't help either. Any help is appreciated!


Source: (StackOverflow)

Found authority component in URI: when trying yo open an image

In my application i collect some images form the device's gallery as files' names. I whant to display one of the images when ever application started. When i use the following code -

Intent intent = new Intent();
intent.setAction(Intent.ACTION_VIEW);
String imageFileName = imagesNamesArrayList.get(rndIndex);
Uri imageUri = Uri.parse("file://" + imageFileName);
intent.setDataAndType(imageUri, "image/*");
startActivity(intent);

I get the following error -

03-22 18:00:18.248: E/AndroidRuntime(12560): FATAL EXCEPTION: MediaFeed

03-22 18:00:18.248: E/AndroidRuntime(12560): java.lang.IllegalArgumentException: Found authority component in URI: file://mnt/sdcard/tapjoy/cache/images/placeholder.png

How it can be solved?


Source: (StackOverflow)

How do roles and rights translate to Spring Security?

In my applications I usually create three tables for access management. Roles, Rights and an association table that maps between Roles and Rights.

I am trying to translate this approach to Spring security and after reading [this article][1] I thought I was on the right track. I created a custom AuthenticationProvider and implemented the authenticate() method like so:

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    UserProfile profile = userProfileService.findByEmail(authentication.getPrincipal().toString());

    if(profile == null){
        throw new UsernameNotFoundException(String.format("Invalid credentials", authentication.getPrincipal()));
    }

    String suppliedPasswordHash = DigestUtils.shaHex(authentication.getCredentials().toString());

    if(!profile.getPasswordHash().equals(suppliedPasswordHash)){
        throw new BadCredentialsException("Invalid credentials");
    }

    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(profile, null, profile.getAuthorities());

    return token;
}

The profile.getAuthorities() method creates a list of Rights (rights are wrapped in my own implementation of GrantedAuthority). So, the UsernamePasswordAuthenticationToken object is created with this list. This is the UserProfile.getGrantedAuthorities() method that takes care of this:

public Collection<? extends GrantedAuthority> getAuthorities() {
    Set<ProduxAuthority> authorities = new HashSet<ProduxAuthority>();
    for (Role role : roles) {
        for (Right right : role.getRights()) {
            ProduxAuthority produxAuthority = new ProduxAuthority(right.getName());
            authorities.add(produxAuthority);
        }
    }
    return authorities;
}

My question is whether this is a correct approach. I am getting the impression that I should stuff roles into GrantedAuthorities instead of rights, but I would like to use rights to secure methods and urls, because it gives me more fine grained control over authorization. How would I accomplish this? And what is the difference between a ROLE and a PERMISSION in Spring? Do permissions map to rights and could I use hasPermission() to secure stuff bases on rights instead of roles?


Source: (StackOverflow)

what's the best way to check user's current authority in spring3 controller methods?

User's authority is frequently changed in my web service.
In this case, how do I check user's authority effectively?

I wrote code that check user's authority in every controller temporarily. But I think this way would not good for maintenance.

How do I check user's authority without writing checking method in every controller?


Source: (StackOverflow)

authority labs API callback

I am using Authority labs API in my rails application for ranking service. I am getting connection refused(2) error when I check in API error list.It shows the error type as Callback Error. Please guide me to fix this.


Source: (StackOverflow)

ant command needs sudo authority to run on OSX?

I just installed Apache Ant.

I unzipped file and put in to my ~/ folder.

And I edited my .bash_profile like below (of course, I did source, too)

export AKKA_HOME=/usr/local/share/akka
export SCALA_HOME=/usr/local/share/scala
export MAGICK_HOME=/opt/ImageMagick
export DYLD_LIBRARY_PATH=$MAGICK_HOME/lib/
export ANT_HOME=/Users/juneyoungoh/apache-ant-1.9.5

# PostgreSQL.app
# export POSTGRESQL_PATH=/Applications/Postgres.app/Contents/Versions/9.4/bin/
# pg_dir=/Library/PostgreSQL/9.4/lib

export POSTGRESQL_PATH=/Library/PostgreSQL/9.4/bin
export PGDATA=/Users/juneyoungoh/Documents/postgreSQL

After this, I type ant -v commend and got an error like...

Error: Could not find or load main class org.apache.tools.ant.launch.Launcher

So I tried sudo ant -v and it works. I do not know why ant command needs sudo authority and how to do it without the authority.

Thanks for answers :D (I want to know reason and solution both! ty)


Source: (StackOverflow)

SAP: Where are the authority objects?

Any ideas where I can find a list of existing authority objects? I'm looking for the 'default' ones like S_CARRID.


Source: (StackOverflow)