my EbooksEntities.xml file
<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://moqui.org/xsd/entity-definition-2.1.xsd">
<entity entity-name="Ebook" package="moqui.ebook" short-alias="ebooks">
<field name="ebookId" type="id" is-pk="true"><description>primary sequenced ID</description></field>
<field name="md5" type="text-medium"/>
<field name="file" type="binary-very-long" />
</entity>
</entities>
my ebook.rest.xml file
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://moqui.org/xsd/rest-api-2.1.xsd" name="ebook" displayName="Ebook REST API" version="2.0.0">
<resource name="ebooks">
<method type="get"><entity name="ebooks" operation="list"/></method>
<method type="post"><entity name="ebooks" operation="create"/></method>
</resource>
</resource>
now swagger REST API browser shows file parameter as String. How can I create REST method to post binary file?
You’ll need to write your own service that utilizes the ResourceFacade to copy the file to the DB or file system and then update the entity with the resource location.
You cannot use an entity-auto service, such as the ones listed in your answer, for this type of operation.
Related
We use an extension called "Login As Customer", and I'm trying to update its Allow Login as Customer field via API on all customer records.
When creating token access I see "Login As Customer" as an available API to which to grant access (pictured), but when I curl to our /rest/V1/customers/ endpoint, I don't see any extension attributes/data related to this extension. I'm pretty new to extensions and how they work through API, but I've been able to curl and update data before to our catalog, orders and invoices. Thanks for any help
Please check if your extension has an acl.xml file or not please create /etc/acl.xml and add below code for your extension. The extension needs acl.xml in etc folder for the show in roles.
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
<acl>
<resources>
<resource id="Magento_Backend::admin">
<resource id="Magento_Backend::stores">
<resource id="Magento_Backend::stores_settings">
<resource id="Magento_Config::config">
<resource id="Companyname_Vendor::config" title="Extension title" />
</resource>
</resource>
</resource>
</resource>
</resources>
</acl>
</config>
In openam I created a subRealm named TestRealm .In order to create policies in TestRealm there should be a referral policy. Im trying to create a policies for TestRealm with the help of ssoadm command, but its throwing a error Cannot create policy. No referral exists to the organization. Im using the following policy.xml to create policies under the root realm.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Policies PUBLIC "-//OpenSSO Policy Administration DTD//EN" "jar://com/sun/identity/policy/policyAdmin.dtd">
<!-- New policy, same as the old policy -->
<Policies>
<Policy name="Test Policy" referralPolicy="false" active="true" >
<Rule name="Test Allow GET with parameters">
<ServiceName name="iPlanetAMWebAgentService" />
<ResourceName name="http://www.test.com/demo/*?*" />
<AttributeValuePair>
<Attribute name="GET" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Rule name="Vidz Ref Allow GET and POST">
<ServiceName name="iPlanetAMWebAgentService" />
<ResourceName name="http://www.test.com/demo/*" />
<AttributeValuePair>
<Attribute name="POST" />
<Value>allow</Value>
</AttributeValuePair>
<AttributeValuePair>
<Attribute name="GET" />
<Value>allow</Value>
</AttributeValuePair>
</Rule>
<Subjects name="Subjects" description="Everybody authenticated">
<Subject name="All Authenticated Users" type="AuthenticatedUsers" includeType="inclusive">
</Subject>
</Subjects>
</Policy>
</Policies>
How to modify the above one to create a referral policy??
The easiest way would be to simply create an example referral in the top level realm, and then just export it via ssoadm for subsequent imports. Also you should use very generic rules in referrals, like http://www.test.demo.com/* and http://www.test.demo.com/*?*, having complex rules in referrals will only slow down policy evaluation without much of a point (the referred policies will be used to make the allow/deny decision in the end anyways).
I am able to deploy my web-application from IDEA without problems using annotation-based url-mappings, so why does IDEA nevertheless highlight the tag as a violation of the schema-definition here?
(using IDEA 12.1.4, Tomcat 7)
IDEA is validating your XML according to the schema and it is correctly saying that Element metadata-complete is not allowed here.
If you look at the schema web-app_3.0.xsd you'll see that it imports web-commmon_3.0.xsd. And this web-common schema has defined metadata-complete to be part of the web-common-attributes.
<xsd:attributeGroup name="web-common-attributes">
<xsd:attribute name="version"
type="javaee:web-app-versionType"
use="required"/>
<xsd:attribute name="id"
type="xsd:ID"/>
<xsd:attribute name="metadata-complete"
type="xsd:boolean">
...
In summary this means that metadata-complete is an attribute to web-app element.
Change your xml to this instead:
<?xml version=1.0 encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3.0.xsd"
version="3.0"
metadata-complete="false">
<display-name>Hello World</display-name>
</web-app>
I'm trying to write an XACML policy that will utilize a custom attribute. I'm thinking of something like:
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="deny-demo100"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Description> </Description>
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Rule Effect="Deny" RuleId="rule-deny-demo100">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<Resource>
<AnyResource/>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">customAttribute</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action- id" MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
</Actions>
</Target>
</Rule>
<Rule RuleId="deny-demo100-catch-all" Effect="Permit" />
</Policy>
(We're using Fedora's XACML implementation).
I'm sure I'm missing something really simple and fundamental here, but cannot figure out what. Could someone point me in the right direction please?
What do you mean by custom attribute? What is it you want to express in 'plain old English'?
In XACML you can use any attribute you like such as role, citizenship, clearance, resource classification, time of day... Of course the availability of the attribute depends on the type of app you are protecting. How are you using the Fedora implementation? Is it for access control within Fedora Linux OS?
If you want to compare an attribute to a value e.g. citizenship == Canadian, then use a <Target/>. If you want to compare 2 attributes together e.g. clearance > classification, then use a <Condition>.
I am not sure what you are actually looking for, but I guess you need to do some attribute-based access control.
In XACML there is a component called PIP (Policy Information Point), where you can retrieve attributes from external sources and check authorization.
This may help you: Understanding PIP (Policy Information Point).
If you need to create XACML policies in a easier way, you can follow this: XACML Policy Editor in WSO2 Identity Server.
I have to admit I'm kinda new to XACML and Fedora's implementation of it, but my understanding is you should be able to query any value that appears when checking the user object. The URL on a default Fedora Commons install should be "localhost:8080/fedora/user" and yields the following object on my server after logging in a previously created LDAP user called "Joe User":
<user id="Joe User">
<attribute name="uid">
<value>userj</value>
</attribute>
<attribute name="mail">
<value>UserJ#ldap.test.user.uconn.edu</value>
</attribute>
<attribute name="sn">
<value>User</value>
</attribute>
<attribute name="ou">
<value>DPT</value>
</attribute>
<attribute name="cn">
<value>Joe User</value>
</attribute>
<attribute name="description">
<value>sample user</value>
</attribute>
<attribute name="role"/>
<attribute name="fedoraRole"/>
<attribute name="objectClass">
<value>organizationalPerson</value>
<value>person</value>
<value>inetOrgPerson</value>
<value>top</value>
</attribute>
<attribute name="displayName">
<value>Joe User (LDAP)</value>
</attribute>
</user>
Once a value has been injected into the user object via some JAAS authentication module (as in the above case using the LDAP module) or even an environment variable you should be able to query it. In the example policy below I've set Fedora to grant fedoraAdmin like access to API-M calls if a user has an OU set to "DPT":
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
PolicyId="permit-apim-to-ldap-ou"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
>
<!-- test policy to approve API-M operations if a specific LDAP OU exists -->
<!-- make sure access to API-M in premitted from the current client IP address first (check "deny-apim-if-not-in-list.xml" or "deny-apim-if-not-localhost.xml" ) -->
<Description>note that other policies may provide exceptions to this broad policy. This policy assumes api-m users have to be authenticated</Description>
<Target>
<Subjects>
<Subject>
<!-- specific OU - need to get this working with a range of values -->
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DPT</AttributeValue>
<SubjectAttributeDesignator AttributeId="ou" MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Rule RuleId="1" Effect="Permit"/>
</Policy>
Custom attributes can even be added the Fedora XML User file (not the Tomcat user file) rather than using LDAP. Likely there is a better way to do this, but as I stated before I'm rather new to XACML and don't fully understand it. This rule works on my localhost test server based on the other rules also in place. Your mileage may vary.
Also, as stated in the sample policy file, make sure that the client you are testing from can both be permitted and then later denied API-M access before you put a rule like this in place as debugging XACML policies in Fedora seems to be extremely difficult with little data being written to the log file even in Debug mode (you will see an operation passed or failed but never the name of the rule that caused the pass/fail result to happen).
I am wondering if there is somebody who can help me with this probelm.
I want to add a property to onet.xml of my custom webtemplate. so that if you create a site from this web template the site will contain the property.
is that possible? Thank you.
Please refer this... it contains some information about onet.xml
This is also a very useful link describing how to reference properties from your custom web part. http://aarebrot.net/blog/2008/11/loading-custom-web-parts-inside-your-onet-xml/
The link explains how v3 format looks like, if you haven't noticed it is different from using v2:
<webParts>
<webPart xmlns="http://schemas.microsoft.com/WebPart/v3">
<metaData>
<type name="Client.Publishing.Intranet.WebParts.ClientStoryRotator,Client.Publishing.Intranet.WebParts, Version=1.0.0.0, Culture=neutral, PublicKeyToken=320209e28e1f8058" />
<importErrorMessage>$Resources:cmscore,WebPartImportError;</importErrorMessage>
</metaData>
<data>
<properties>
<property name="Title" type="string">$Resources:Client.Publishing.Intranet.Lists.Articles,list_Stories_Title;</property>
<property name="Description" type="string">$Resources:Client.Publishing.Intranet.Lists.Articles,list_Stories_Description;</property>
<property name="ListName" type="string">$Resources:Client.Publishing.Intranet.Lists.Articles,list_Stories_Title;</property>
<property name="WebName" type="string">$Resources:Client.Publishing.Intranet.SiteTemplates,webpart_Library_Url;</property>
<property name="Width" type="string">$Resources:Client.Publishing.Intranet.SiteTemplates,webpart_Stories_Width;</property>
</properties>
</data>
</webPart>
</webParts>