authorization

问题 We want to use OpenSSO for our authentication and authorization needs but would prefer it talking to database instead of the default LDAP datastore. We found that there is an experimental Database datastore present in the OpenAM 9.0 release. However, it seems to be just concerned with authentication and user lifecycle management. There is no provision for storing entitlements information in the database datastore. We would want to keep the entire authentication and authorization info in

问题 I'm using ZF2 in combination with ZFCUser and bjyauthorize . I have a landing page which should be globally accessable. All other pages need to be behind a login. At first I blamed bjyauthorize for not letting guest users access my landing page. But after some discussions it seems that ZFCUser is blocking the way. My question is: How can I tell ZFCUser not to block one page/action? Edit: My Application/Module.php looks like in this post. When I add my app myApp to the whitlist, I can access

问题 I am trying to protect a (sub)directory in my ASP.NET website that contains files (Videos, documents etc.) So I created a Web.config file: <?xml version="1.0"?> <configuration> <system.web> <authorization> <deny users="?"/> <allow roles="Administrator"/> <allow roles="Author"/> <allow roles="Report"/> </authorization> </system.web> </configuration> These roles correspond with those defined in the asp.net roles table in my database. I opened up IIS7 to check if the authorization rules were

问题 I am using jboss server. I want to do BASIC authentication using web.xml file. How do I do that? 回答1: The tutorial on How to Configure JBoss for Basic Authentication should help you in this 回答2: The steps are Add security-constraint in web.xml for secure pages Apply login-config in web.xml In jboss-web.xml apply security-domain Create properties files for user and roles The following link explains this pretty well with an example https://community.jboss.org/wiki/BASICAuthentication users

问题 I am seeing this in my ((System.Security.Claims.ClaimsIdentity)User.Identity).Claims : How do I make use of these group GUID's I am getting from our Azure AD (to secure the endpoint based on group membership)? [Authorize(Roles="<group guid here>")] or [Authorize("<group guid here>")] Or do I need to set something up in the startup.cs file? 回答1: You could use policy in asp.net core , use an attribute with a named policy then you define the policy in startup to require group claim and set

问题 How best can I restrict access to certain routes in AWS API gateway by IP? I want to allow only my ECS cluster to access certain routes in API gateway. I tried putting the ECS NAT gateway, the VPC CIDR range in aws:SourceIp but always get denied. I even tried my personal computer public IP address ... same results ... Is this the correct way? Or should I try IAM authorizers? The downside with IAM authorizer is I need to sign my API calls? Perhaps using the API Gateway SDK? Which means code

问题 Coding a news website,I'm trying to make authorization so that only the author (who posted the article) is able to edit and delete it (these buttons appear at the bottom of the page and are visible to all the users). But then there are certain news/websites which don't have a login/sign up option. For example : http://www.denofgeek.com/us . Because they have no authentication, does this mean that they have no authorization? How are they able to edit/delete the articles if the settings for the

问题 I'm trying to setup a reverse proxy that requires authentication against an OpenID Connect Identity Provider. The User then grants the reverse proxy access to his data. Some applications behind the proxy are only accessible by the user if he is the member of specific LDAP groups. Sadly the applications are the dump and cannot authorize themselves, so the reverse proxy must handle that part. It wasn't so hard to setup the authentication part with mod_auth_openidc. What I struggle with is the

问题 I have Question model in my application. app/models/question.rb class Question < ActiveRecord::Base ... end I'm using 'pundit' gem for authorization. There are two controllers to do some changes in questions: one for registered user, one for admin. I'm trying to create separate policies for controllers. app/controllers/questions_controller.rb class QuestionsController < ApplicationController ... end app/policies/question_policy.rb class QuestionPolicy < ApplicationPolicy ... end app

问题 I have problems with redirecting user after authorization back to the app tab in facebook page. I always end up in standalone application canvas page. Edit: It was meant to be an app in tab within a Fb page. I wanted to do the authorization and then to redirect user back to page tab. But when you do this the tab looks just like before and it seems to user like an error because he came from authorization and the app in tab looks the same. He has to click on it to get some kind of response or