Basically, I have 1 Policyset with 2 policies and I want to return all the obligations of both policies if they give a permit decision.
So I'm running an image of authzforce/server:release-10.1.1 and I inserted this policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
PolicySetId="root"
Version="1.0.77"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-unless-permit">
<Target/>
<Policy PolicyId="p1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit">
<Target/>
<Rule RuleId="B1" Effect="Permit"/>
<ObligationExpressions>
<ObligationExpression ObligationId="aaaaaaa" FulfillOn="Permit">
</ObligationExpression>
</ObligationExpressions>
</Policy>
<Policy PolicyId="p2" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-unless-permit">
<Target/>
<Rule RuleId="B2" Effect="Permit"/>
<ObligationExpressions>
<ObligationExpression ObligationId="bbbb" FulfillOn="Permit">
</ObligationExpression>
</ObligationExpressions>
</Policy>
</PolicySet>
So when i do a request I obtain:
{
"Response": {
"Result": {
"Decision": "Permit",
"Obligations": {
"Obligation": {
"#ObligationId": "aaaaaaa"
}
}
}
}
}
But I want to get an array of "Obligations" with the Obligation "aaaaaaa" and the Obligation "bbbb". Is this even posible?
In order to collect all of the obligations associated with permit decisions you will need to change the combining algorithm or your root policy to deny-overrides because policy evaluation is stoping on the first permit with the current deny-unless-permit. Using deny-overrides will force evaluation down the second branch looking for a deny decision which will then collect the second obligation in the process.
Related
I want to change the filenames of the PDF files in Magento 2.
The default names are not clear and I want invoices to be searchable when saved to a location on my pc.
Is it possible to change the filenames of the PDF-files in Magento 2 to a format like "invoice_1000000123.pdf"?
You should never edit core files. Seriously, don't.
Since /vendor/magento/module-sales/Controller/Adminhtml/Invoice/AbstractInvoice/PrintAction.php is an abstract class you have to use a plugin or preference in your module in order to override it.
What you need to achieve that:
The usual minimum files:
/Vendor/Module/composer.json, /Vendor/Module/registration.php, /Vendor/Module/etc/module.xml
In /Vendor/Module/etc/module.xml you should sequence Magento_Sales
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
<module name="Vendor_Module" setup_version="1.0.0">
<sequence>
<module name="Magento_Sales"/>
</sequence>
</module>
</config>
Then you can either use a plugin or a preference in /Vendor/Module/etc/di.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<preference for="Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\PrintAction" type="Vendor\Module\Controller\Adminhtml\Invoice\AbstractInvoice\PrintAction"/>
</config>
Plugin would look something like this:
<type name="Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\PrintAction">
<plugin name="Vendor_Module::aroundPrintInvoice" type="Vendor\Module\Block\Class" sortOrder="0"/>
</type>
Now add a PrintAction.php to the path specified in your preference / plugin (Example for preference)
<?php
namespace Vendor\Module\Controller\Adminhtml\Invoice\AbstractInvoice;
class PrintAction extends \Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\PrintAction
{
/* Write code here */
}
You need override the invoice admin controller.
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<preference for="\Magento\Sales\Controller\Adminhtml\Order\Invoice"
type="Vendor\Module\Controller\Adminhtml\Order\Invoice" />
</config>
In your custom module admin controller, You need to change the name of Pdf file.
public function execute()
{
$invoiceId = $this->getRequest()->getParam('invoice_id');
return $this->_fileFactory->create(
'invoice_13012020' . $invoiceId . '.pdf', //<== Change the pdf name here.
$pdf->render(),
DirectoryList::VAR_DIR,
'application/pdf'
);
...
}
Reference Link
Yes it is possible to change invoice pdf filename.
Please go to following path:
/vendor/magento/module-sales/Controller/Adminhtml/Invoice/AbstractInvoice/PrintAction.php
You can change filename from above file.
I want my Asp.net core application to be configured to use external providers only, let's say Facebook only. In other words I don't want my users to have the ability to create an account with a password etc.
How can I modify the default Asp.net core with individual accounts template that is generated by Visual Studio to safely remove such capability of creating local user accounts?
Thanks.
I'm using the .UseRewriter() middleware to allow me to redirect to /Error for the Identity pages that don't apply to my application (I only allow Github authentication and no local registration)
public static class IisRewriterConfigurationExtensions
{
public static IApplicationBuilder UseIisRewriter(this IApplicationBuilder applicationBuilder)
{
using (var iisUrlRewriteStreamReader = File.OpenText("iis-application-route-rewrites.xml"))
{
var options = new RewriteOptions()
.AddIISUrlRewrite(iisUrlRewriteStreamReader);
applicationBuilder.UseRewriter(options);
}
return applicationBuilder;
}
}
Then I call app.UseIisRewriter(); in Startup.Configure().
My iis-application-route-rewrites.xml looks like this
<?xml version="1.0" encoding="utf-8" ?>
<rewrite>
<rules>
<rule name="Redirect from Identity Forgot Password">
<match url="^Identity/Account/ForgotPassword" />
<action type="Redirect" url="Error?id=404" redirectType="Permanent" />
</rule>
<rule name="Redirect from Identity Reset Password">
<match url="^Identity/Account/ResetPasswordConfirmation" />
<action type="Redirect" url="Error?id=404" redirectType="Permanent" />
</rule>
<!-- More rules -->
</rules>
</rewrites>
In my Login.cshtml.cs I removed all the request handlers that I no longer wanted users to have access to.
I have created a XACML file for authorization, which looks as:
<?xml version="1.0" encoding="UTF-8"?><PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicySetId="mysecurity:security:policyset:testmypolicyapi" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:oshttp://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd">
<Policy PolicyId="mytest:security:policy:testcollection" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Description>This is a test policy,not for official use</Description>
<Target/>
<Rule Effect="Deny" RuleId="RuleIdrule1">
<Description>This is a test rule</Description>
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ADMIN</AttributeValue>
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:ADMIN" DataType="POLICY_ATTRIBUTEDATATYPE"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TESTRESOURCE1</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:TESTRESOURCE1" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TESTACTION</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:TESTACTION"/>
</ActionMatch>
</Action>
</Actions>
</Target>
</Rule>
</Policy>
</PolicySet>
I am doing balana based validation but I am getting the error as:
resource missing resource-id
But I have mentioned the resource-id already, same code works with balana test policy file, difference is I am using policy set instead of "policy".
Could you please let us know XACML request that you are using.. If not, please try to change the following value in the policy and try out. I guess that can be the issues. In your request you may sending resource-id value as attribute id
urn:oasis:names:tc:xacml:1.0:resource:TESTRESOURCE1
into
urn:oasis:names:tc:xacml:1.0:resource:resource-id
I create api proxies and check the box that says "Enable Direct Browser Access for Your API — Allow direct requests from a browser via CORS." but my OPTIONS requests are still failing with :
{
"fault": {
"faultstring": "Received 405 Response without Allow Header",
"detail": {
"errorcode": "protocol.http.Response405WithoutAllowHeader"
}
}
}
From what I understand about CORS Pre-Flight Options requests, the client first sends the OPTIONS request to the server as a safeguard for "safe" CORS. This request should return a response with the list of request types that are available.
My Question: How do I make it so that Apigee responds correctly to OPTIONS requests and does not pass the OPTIONS request to my api behind the proxy?. If it helps I have AngularJS javascript apps trying to communicate with my Apigee endpoint.
Javascript errors:
OPTIONS http://api.example.com No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://client.example.com' is therefore not allowed access.
XMLHttpRequest cannot load http://api.example.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://client.example.com' is therefore not allowed access.
Default "Add CORS" xml
<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
<DisplayName>Add CORS</DisplayName>
<FaultRules/>
<Properties/>
<Add>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
Default Proxy Endpoints xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<Flows/>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<HTTPProxyConnection>
<BasePath>/v1/cnc</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</ProxyEndpoint>
Default Target Endpoint xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
<Description/>
<Flows/>
<PreFlow name="PreFlow">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
</PreFlow>
<HTTPTargetConnection>
<URL>http://api.example.com/v1/assets.json</URL>
</HTTPTargetConnection>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</TargetEndpoint>
Since you don't want the OPTIONS request to pass through to the backend API, there are two things needed:
A RouteRule to a null target with condition for the OPTIONS request. Notice there is no TargetEndpoint specified.
<RouteRule name="NoRoute">
<Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>
A custom flow in the ProxyEndpoint to handle the CORS response. Since the new RouteRule sends the message to a null Target (echoes request back to client), the message will not route to the 'default' TargetEndpoint where the CORS policy currently is defined.
An updated version of your ProxyEndpoint would look like the below:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<Flows>
<Flow name="OptionsPreFlight">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
<Condition>request.verb == "OPTIONS"</Condition>
</Flow>
</Flows>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<HTTPProxyConnection>
<BasePath>/v1/cnc</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="NoRoute">
<Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</ProxyEndpoint>
NOTE: The RouteRules are evaluated in the order specified in the ProxyEnpoint configuration. You should always have the default (no condition) Route at the end. Otherwise, if at the top, it will always match and never evaluate the other Route possibilities.
I did the same thing mentioned in the above answer but still getting the same issue. Then after doing some research issue was solved.
The issue was that the cors header response was not passed as header during request. To solve that you can do is adding the cors value in proxy endpoint preflow as well:
<PreFlow name="PreFlow">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
</PreFlow>
Ive seen a number of threads on this issue but none have worked for me. I have a simple silverlight application. I consume a WCF service. When I call a method GetOrderList from the service I get the following error:
An error occurred while trying to make a request to URI 'https://testserver2.mydomain.org/ORDERNET/WCFServices/OrderService/OrderService.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details.
Here is my code:
public partial class MainPage : UserControl
{
public MainPage()
{
InitializeComponent();
ServiceReference1.ServiceClient sc = new ServiceReference1.ServiceClient();
sc.GetOrderListAsync("testuser");
sc.GetOrderListCompleted += new EventHandler<ServiceReference1.GetOrderListCompletedEventArgs>(sc_GetOrderListCompleted);
}
void sc_GetOrderListCompleted(object sender, ServiceReference1.GetOrderListCompletedEventArgs e)
{
var RESULT = e.Result;
}
}
This is my client access policy file that I put on my wwwroot:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
When I run fiddler, it finds the "clientaccesspolicy.xml" with a 200 OK (text/xml) so I know is finding the file.
What could be the issue? Do I have an invalid policy file? If I create a console application and consume the service, I can call the method with thno problem.
Any ideas?
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Silverlight Cross Domain Web Service Access Error - This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place
thanks.....
I had similar issue but with service having http protocol, which was solved using .clientconfig file.
I notice you are using HTTPS (https://testserver2.mydomain.org/ORDERNET/WCFServices/OrderService/OrderService.svc)
Have you tried explicitly adding a https://* uri to your cross domain policy file:
<domain uri="https://*"/>
If you need to support http, then add both:
<domain uri="http://*"/>
<domain uri="https://*"/>