I'm trying to embed JasperServer into a web application and I like the look and feel of JasperServer's interface as is. I just want to override JasperServer's ACL engine and divert it so it will use my own application's instead.
For starters, if the user is already authenticated in the host web application, JasperServer shouldn't ask for it one more time. More over, whenever JasperServer is trying to decide whether to show or not some part of the interface, it should be the host application's ACL data to grant or deny the permission. The same goes for the list of reports one user can use.
Can someone please guide me to the right direction if and how this is possible?
Related
What is the best way to password-protect a folder on IIS with a single set of credentials to be shared by a group of users?
Our hosting service offers Plesk, which in turn offers a "password-protected directory" function, but some of our clients have HTTP authorization disabled, so they get an automatic 401.4 error with no prompt for credentials.
I've looked into Forms authentication but this seems cumbersome to set up for the numerous separate domains at issue.
The protected content is not super sensitive, we just don't want it easily accessible to the public. Many of our users do not use the site frequently and we don't want to implement individual credentialing for everyone (we do have that in place for more sensitive sections) just so they can view current project reports or meeting minutes.
On sites I don't control, but am just a user, that do the same things as mine, it is a big pain to have to look up a username and password twice per year just to view a meeting agenda (yes, browser could remember but they also have a 4-month expiration and lots of us are on different devices all the time).
Is Forms authentication the way to go? Took a several hours for me to get it set up and working, with all sorts of settings not well documented in a single place.
(I had previously asked about how to disable Basic Auth on the client side, was told more than once it's not possible - but it is, via client/browser registry keys)
Thanks.
It's perfectly fine to use forms authentication. All you need to do is navigate to the folder or file you want to protect, then go to Authorization Rules. Add a deny rule for anonymous users, when users who are not logged in try to click on any file in that folder, they will be redirected to your login page. You can find a lot of guides on forms authentication in Google, you can refer to the following:
https://learn.microsoft.com/zh-CN/troubleshoot/developer/webapps/aspnet/development/forms-based-authentication
https://learn.microsoft.com/en-us/iis/application-frameworks/building-and-running-aspnet-applications/how-to-take-advantage-of-the-iis-integrated-pipeline
I use current stable version of Nextcloud (nextcloud docker image). I want to disable an authentication window when user enter the site. Is it possible? I found only anonymous upload feature in official doc.
Nextcloud is build around the concept that each user has it's personal (cloud) folder where he can upload, edit and share files. Therefore you cannot access the "normal" user interface without a log in.
However it is possible for any user to share files/folders via a link and allow editing of them without login:
https://docs.nextcloud.com/server/latest/user_manual/en/files/sharing.html#public-link-shares
https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_sharing_configuration.html
But just in case you rally want to give all anonymous visitors of your Nextcloud instance the option to upload and edit files anonymously, here is a possible solution:
Create a folder anonymous with your admin account
Share it via link and allow editing
In your admin settings, go towards Theming: https://your-domain.com/settings/admin/theming
Set Anonymous Usage as Name and your shared link as Web link
Now if you log out and access your Nextcloud instance, you'll see a link at the very bottom called Anonymous Usage that you (and your clients) can follow to upload files/folders or edit existing ones. All files uploaded via that link will be stored inside the anonymous folder and will be owned by your admin account. So make sure to set the storage quota on that account high enough.
Be ware that
by visiting your Nextcloud instance anyone could delete all files inside anonymous as he doesn't need to authenticate himself.
the visitors are not fully anonymous, as there are probably some log files of Nextcloud and your Webserver with their IP addresses.
Good morning everyone,
I am developing an app for QNAP which has also a web interface. In my qpkg.conf I set QPKG_WEBUI and QPKG_USE_PROXY and I can see correctly the Web interface inside the QNAP interface once I am logged in. It seems perfectly integrated with the QNAP interface, BUT, I can see it also writing the right url in my web browser, even if I am not logged in the QNAP and I cleared all possible cache/cookies.
I want to give access to my Web interface only to valid users. Unfortunately I do not know how to do it. I tried to write a .htaccess to deploy with my application, but without any success (obviously I can not modify the apache standard configuration, and with the standard configuration I was not able to do it).
The only thing I found, inside the Apache folder, there is a pwauth executable that let me ask for username/password (even if I do not want to ask, I want only to see if the user is ALREADY logged in). Anyway with the standard apache configuration, the external module is not loaded, then I can not use the pwauth inside the .htaccess. Maybe I could create some custom cgi program that call it, but I would prefer to avoid custom solution, I really would like to follow a "standard" way to do it, it should be one.....
I would like to know if there is some QNAP variable to set in the qpkg.conf file, or some configuration to set in a .htaccess that does what I want: grant the access only if the user is ALREADY logged in.
Thanks very much to everyone, I could not find anything in google or in the official documentation.
Is it possible to use Liferay Authentication in order to allow or deny access on a directory listing?
In my scenario Liferay is running under Tomcat. What I want is to restrict access on a specific directory and its content (lets say localhost:8080/pdf/). Currently each user is able to access the pdf-directory, which is not my intention.
May I use the current HTTP session?
-------- EDIT ---------
I will try to go more in detail: Under liferay tomcat I defined a new context as shown below.
<Context path="/pdfs" docBase="/Users/marco/Development/liferay/resources/pdfs/"
crossContext="false" debug="0" reloadable="true">
</Context>
The advantage of this is, I easly can access contents of "/pdfs". The disadvantage is, everybody can access "/pdfs".
The question is, how can I restrict access to "/pdfs"? My idea was to use Liferays authentication... but how? How can I restrict access to "/pdfs" to users currently logged into the Liferay application?
Thank you.
I think that the best option is to implement the restrictions in the standard servlet filter, because this functionality is Tomcat-standard feature.
What do you mean using HTTP session? I guess you want to use the Liferay permision-checker system to avoid listing directories, right?
Best regards,
Jorge
With setting the context you bypassed Liferay.
I would suggest another approach. Instead of defining docBase I would store dokument in Liferay Document Library. You have much better control over the content's permissions.
DLFileEntryServiceUtil.addFileEntry(...)
Im new to Zend and to LDAP so I've got real stack overflow...
What I have:
LDAP-server
Apache-server
Zend-application
What I need:
On any page of the app while user is
not authorized show Apache's
basic-auth prompt
If login and
password are correct on LDAP-server then
redirect to index-controller.
I've read tons of manuals about Zend_Auth, about authnz_ldap_module etc but couldnt solve the given task.
Any help - examples, solutions, links - would be highly appreciated!
AuthType basic
AuthName "Secure Login"
AuthBasicProvider ldap
AuthLDAPURL "ldaps://ldap.example.com/ou=People,dc=exmaple,dc=com?uid?sub".
Add that to your directory directive this will cover your need for ldap auth. But you still will need to figure how to redirect freshly coming visitor to index, probably cookies.
I recently worked through the whole ACL process and am happy with the result. Here's what I implemented:
Extend Zend_ACL and use its constructor to add your roles (including inheritance relationships).
Create an action helper which is loaded in the bootstrap. (You need to load it early so that you can make use of its hooks such as preDispatch).
Edit the init() of each controller that you want to protect and call the new ACL helper, passing in the rules that you want applied to this controller, e.g: allow('member', 'edit);
The real work is done by the action helper. It has four functions:
init() - Instantiates your new ACL class, then adds a new resource which mirrors the name of the current controller, ie. $this->_resource = $this->getRequest()->getControllerName()).
preDispatch() - Gets the current user type using Zend_Auth (or assigns a default of guest where user is not logged in). Checks if the request is allowed using the ACL, i.e. $this->_acl->isAllowed($currentRole, $resource, $action). Note that the requested action becomes the ACL privilege.
allow() - This just proxies through to the allow() function on the ACL object. It's called by the controller constructor to set the rules in the ACL.
deny() - As for allow.
So, at runtime, the series of events is as follows:
action helper is loaded in the bootstrap. This a) instantiates the custom ACL object, which sets its own roles, then b) adds the current controller name as a resource.
Controllers init() is run. It calls the helper's allow() and deny() methods to set the rules.
The helper's preDispatch() is run, and if !isAllowed(), the user is redirected.
I was auth'ing against a DB, but the same logic would apply if you were using LDAP. (Is Apache's basic auth-prompt the default challenge in this case? If not, that may add an additional complication).
I adapted this from the book by Rob Allen (Zend Framework in Action), and various other sources. Note that some Zend professionals recommend an ACL based on Models (not Controller Actions). I'll give this some thought too down the track.
One particularly handy aspect of the above approach is that it's really easy to maintain ACL rules on an ongoing basis. While you are working on a particular controller you set up its ACL rules in the init().