I am writing a Gmail Contextual Gadget,
Is there way to pass domain name using gadget xml
e.g
<Extension id="HelloWorldGadget" type="gadget">
<Name>Hello World Gmail contextual gadget</Name>
<Url>_http://example.com/gadgets/hello_world_gadget.xml?domain=${DOMAIN_NAME}</Url>
<Container name="mail"/>
</Extension>
domain=${DOMAIN_NAME}
any other way get domain name using API?
We have multiple CRM client and want to connect client DB based on domain name.
I currently get the domain name by using this in the content section of the Module xml. Not my code, but I can't remember where I found the example.
var googledomain = gadgets.util.getUrlParameters()['parent'].match(/.+\/a\/(.+)\/html/)[1];
Related
I'm building a website with different users that belongs to different "accounts"
Is there a way when using Contentful CMS or similar headless CMS service to restrict contents based on user and their accounts?
e.g. This document can only be accessed by users that belongs to account 1234
Thank You!
I don't know about Contentful, but with Content Chef (https://contentchef.io)
you can create different "spaces" and have different users for each space, so you should be able to easily do what you need!
Full disclaimer: I'm working in Content Chef:)
I've implemented an application using Moqui Framework. I provided url:http://localhost:8080/fvl-plus-runtime/rest/s1/example/examples
It is getting error like:
User [null] is not authorized for View on AT_REST_PATH [/example/loginexamples/{username}]
You can add ArtifactAuthz records for all users, like the ones already in place for admin users for the REST APIs. In general it is best to secure all API access, and that is how things are setup by default. There are various examples you can follow to see them in action, see the extensive comments in the rest.xml file (the XML Screen for the /rest path).
This feature as been added in commit #44272ba. You are now able to create a new REST service and set require-authentication=anonymous-view or anonymous-all.
See How to create a publicly accessible REST API in Moqui for more details.
I am creating an app in ai2 that connects to one of my fusion tables as a high score datastore.
If I use traditional Oauth2 flow then each user would be presented with an oauth login for their fusiontable, which is not what I want.
I have set up a
Client ID for Android application
in the google developer console which gave me
Client ID xxxxxxxxx.apps.googleusercontent.com
Redirect URIs
urn:xxx:xxx:xxx
http://localhost
Package name appinventor.ai_xxxxxxxx.xxxxxxxx
Certificate fingerprint (SHA1) 12:34:56 etc
Deep linking Disabled
What I want is for my app to connect to my fusiontable using my credentials regardless of which device or which user. How do I do that?
Thanks
This document is a very simple and straight-forward guide to creating a fusion table for your app.
https://docs.google.com/document/d/1HifuZqz5xu0KPS-e4oUv-t-nQoUQ8VMNyh_y6OjZkc0/pub
Steps:
First, you have to create a project at console.developers.google.com.
Then go to the API manager in the menu. Search for and enable the fusion tables API.
Now create a service account key. You may have to look in the credentials menu for this setting. Choose "enable Google apps-wide delegation". A service account is a localized email address that your app can use when you share the fusion table with that account. It provides more security than the anyone with the link can edit setting.
Now go to New Credentials > Service account key. Select P12, and the file will automatically download. If the name of the file has spaces, remove them.
Next, create a google fusion table.
Now share the table with the service email you created. Set the permission to Can Edit. Uncheck the notify box and hit Share.
Now, go to App Inventor. You need:
Your Service Account Email address (also called service account ID)
Service Account key file (.p12)
Fusion Table ID code (don't worry about this yet)
First, upload the key file.
In the fusion tables component property menu, set the KeyFile property to the key file. Copy the email address you created earlier and paste it in the ServiceAccountEmail property. Check the Use Service Authentication box.
Last thing: In the fusion table, go to File > About This Table. Copy the table Id. When you do operations with the table, you will need this id. You can store it in a variable if you want.
This property means that you can share and use multiple different tables with the same service account. Just share the other table(s) you will use with the service account and use that table's id when you do operations with that table.
I would like to know if there is an api to find out if the Liferay system is configured for ldap or not. Is there any api exposed by liferay which can give me this information ?
Any help is appreciated
thanks
Lokesh
This is a double ended blade.
1 . If the portal is setup with ldap via configurations in portal-ext.properties then use
Boolean ldapAuthEnabled = Boolean.valueOf(PropsUtil.get("ldap.auth.enabled"));
The above line returns true if ldap auth property is set to true in the ext props file.
2 . If the portal ldap properties are set in the GUI (Control Panel) then you have to retrieve it via Portal/Portlet Props. This can be done via any of the following:
com.liferay.portal.model.PortalPreferences portalPrefs = com.liferay.portal.service.persistence.PortalPreferencesUtil.fetchByO_O(ownerId, ownerType);
com.liferay.portal.model.PortalPreferences portalPrefs = com.liferay.portal.service.persistence.PortalPreferencesUtil.fetchByO_O(ownerId, ownerType, retrieveFromCache);
com.liferay.portal.model.PortalPreferences portalPrefs = com.liferay.portal.service.persistence.PortalPreferencesUtil.fetchByPrimaryKey(portalPreferencesId);
But liferay advices against using the PortalPreferencesUtil:
The persistence utility for the portal preferences service. This
utility wraps PortalPreferencesPersistenceImpl and provides direct
access to the database for CRUD operations. This utility should only
be used by the service layer, as it must operate within a transaction.
Never access this utility in a JSP, controller, model, or other
front-end class.
For a clearer idea, try running this query and inspecting the XML result in the PREFERENCES column:
select * from PORTALPREFERENCES where lower(preferences) like '%ldap%';
You will have to use both of these solutions with an OR condition to get a definite solution.
I'm currently using openAM to protect a small webapp of mine using a Java EE web agent. Someone tries to access the app, they get redirected to the openAM instance, they login, they go to the app. Simple stuff.
What I'd like is for openAM to pass the username that was successfully used to the web app. It's my understanding that "session attributes" should be used for this. When in the admin, I go to my Java EE webagent and open up the "Application" tab to see the "Session Attributes Processing". I see that HTTP_COOKIE is a choice for fetching.
1) is it the case that I should expect to see the username, if properly set up, as plaintext in the cookie?
2) what value do I enter in the session mapping to get the username? How do I find what value in the data store corresponds to this?
Thanks
We are using HTTP_HEADER with our agents. So if you are already using agents (which sounds like you are), then the following should work for you. In OpenAM web console:
Access Control > Top Level Realm > Agents > Web / J2EE / etc. > click on an agent
Application tab > Profile Attributes Processing section > Profile Attribute Fetch Mode:
Click on the "HTTP_HEADER" choice
Profile Attribute Mapping:
Map Key: [uid] ... Corresponding Map Value: uid
Click Add. It should look like [uid]=uid once you've added it. Add any other mapping you need that matches attributes to your backend authentication system. Ours is ldap.
In your web application, retrieve the HTTP Header elements and look for the token. It should look something like this: AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.AAJTSQABMDE.
You can then use the OpenAM REST interface to validate and retrieve attributes associated with the token such as user name, password, cn, etc. To retrieve all attributes, the URL would be like this:
http://<OpenAM_Host>:<Port>/<deploy_uri>/identity/attributes?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.*AAJTSQABMDE.*
You can also specify attributes you want like this:
http://<OpenAM_Host>:<Port>/<deploy_uri>/identity/attributes?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.*AAJTSQABMDE.*&attributenames=uid&attributenames=userpassword
References:
https://wikis.forgerock.org/confluence/display/openam/Use+OpenAM+RESTful+Services
http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html
1) yes, the agent will create plaintext cookies (and if the user sends malicious ones it will recreate them just fine), however using HTTP_HEADER method to pass on attributes is considered as a better solution (since it's not stored on the client side).
2) Session Attributes Processing only works if you actually stored something in the session. For that you can either use the "User Attribute Mapping to Session Attribute" feature in Authentication All Core Settings or write some custom module to save derivative values. Otherwise if you just want to get the uid of the user, then use Profile Attributes Processing (uid key HTTP_UID value and your app will see a HTTP_UID cookie/header).