I am using Deadbolt 2 with Playframework 2.1.
In the getSubject() function of my DeadboltHandler I check the user password and retrieve the user from the database.
Is it possible to access this user in my controllers to avoid retrieving the user twice per request?
Steve, the developer of Deadbolt, suggested me the following:
the trick is to store the user in the context, and then have your controller or deadbolt handler to access it. This allows you to store the user by the actual class, and not have to use getSubject() and cast the resulting Subject to your actual User class.
So I decided to save the User object in the args-Field of Http.Context.current() and it works like a charm!
Related
I'm new to Cuba-platform version 6.10.3. I have a problem where I am stuck.
I have a User entity where I create a new user which has parameters identical to those of the sec$User system entity. Now, I would like to pass the values entered in the User entity (name, password, lastname, email) and also the access group created specifically for the users (customers). Then register the attributes directly in the sec$User system entity and then log into the app with the credentials of the users created with their respective permissions.
I hope someone can help me. Thanks a lot to everyone.
In order to create a new sec$User entity, invoke the Metadata#create() method of the com.haulmont.cuba.core.global.Metadata bean.
Fill necessary fields.
To save new user to the database, use DataManager bean: com.haulmont.cuba.core.global.DataManager#commit(user)
If you need to login to the application automatically without having user password, you can use the "trusted login" feature.
When in web client, user com.haulmont.cuba.web.Connection bean to login.
When in web service (e.g. portal module) - use the com.haulmont.cuba.security.auth.AuthenticationService service.
And call its login method with TrustedClientCredentials:
#Inject
com.haulmont.cuba.web.auth.WebAuthConfig webAuthConfig;
// ...
authenticationService.login(new TrustedClientCredentials("username", webAuthConfig.getTrustedClientPassword(), Locale.ENGLISH);
See also
https://doc.cuba-platform.com/manual-6.10/login.html#login_additional_eatures
https://doc.cuba-platform.com/manual-6.10/web_login.html
Note that web client is working under the anonymous user until other user logs in. So you will need to add additional permissions to the user (write access to the User entity).
Thanks for the support, very helpful !
I am working on an ASP.Net MVC 4 application where it uses SimpleMembership and I have two types of user one is normal user and an admin. I am trying to add a feature where an admin can reset a normal user's password just by entering a username and type in a new password and then he can manually send the new password to the user.
Is there a good way I can use SimpleMemberShip to get this feature?
Well, you can certainly change the password for a user account to whatever you'd like in code.
To change the password for an account using the any sub class of the MembershipProvider (I.e. WebMatrix.WebData.SimpleMembershipProvider), you must first retrieve (or be supplied) the current password. Assuming you have a way to query the Database, one way is to to get the stored password from the DB. If it is stored as an encrypted value, you can use the provider Decrypt method and convert that resulting byte array to a string value.
How convert byte array to string
Then, using the SimpleMembershipProvider method ChangePassword, supply the username, oldpassword, and the new password. The result of this method is a boolean that indicates if the change was successful.
From a security standpoint, if you are going to make an MVC form view for the Admins to use, I'd make sure the controller action that handles the processing is secure and only allows authenticated Admins to use it. If you've not already done so, you'll need to implement the use of Roles or at least designate specific user names in the [Authorize] attribute of that action.
If you need the code for all this, I suggest starting a bounty.
I simply need the name of the currently logged in user. The same that gets displayed in gsp with <sec:username/>. I'm at a loss as to what to do.
Here's previous answers and questions - they all seem to require some import and none of the solutions works for me:
Grails Spring Security (get current user)
How to get id of the current user logged in grails?
How to get current_user by using Spring Security Grails plugin in GSP
Grails and Spring Security: How do I get the authenticated user from within a controller?
Specifically, I want to access the username insides a controller and put it into a variable of a domain instance in order to persist it (alongsides other information) into the database for logging purposes. Insides that controller, there's nothing to be seen that even remotely refers to Person/User classes, spring security or any other thing that sounds like it might do what I intend.
You can access the domain object corresponding to the logged-in user using springSecurityService.currentUser, and then fetch the username (or whichever other properties you require) from there. Due to Groovy's dynamic nature you don't need to import the domain class or the SpringSecurityService class to do this, simply using an untyped dependency injection
def springSecurityService
and you can access springSecurityService.currentUser?.username (or whatever).
Though as Burt points out in a comment, if it's only the username you want then it is more efficient to use springSecurityService.authentication.principal.username as this does not need to load the user object from the database. You only need currentUser if you want other properties of the user object aside from the ID or username.
Just figured it out: In the controller, def springSecurityService comes just after the opening bracket of the controller class (that's class YourController {) and the variable assignment looks like this: def username = springSecurityService.authentication.principal.getUsername() - apparently playing around with some code posted here has helped me.
I am working on a Titanium Alloy project where in I am creating custom objects using ACS. I also have different users in the Users ACS. I wish to associate a particular custom object to a particular logged in user.
For example, If user A is logged in the custom object created by that user should be associated to user A. Same for user B and so on. How do I create this association? Currently my Custom objects get created but they are not associated to the logged in user.
After a little discussion, I realised I should add my scenario too.
My scenario is, a user changes a few settings using the toggle switch. This information should be stored for a user and later on push notification for selected settings should be sent to the user.
Any help in this regard is greatly appreciated.
Regards,
Shreerang
So i think you should store custom object in database with its user name so whenever you want you can get back with user's name.
I have MVC4 application which uses SimpleMEmbershipProvider for authentication mechanism.
Everything works fine, apart of when I return to the application and authenticate using persistant cookie.
I am authenticated fine, but cannot access roles that I am assigned to. Effectively, cannot access roles at all:
string.Join(",", Roles.GetRolesForUser(User.Identity.Name))
returns empty string
What might be causing that?
This can happen when the SimpleMembershipProvider hasn't been initialized. The example MVC forms authentication template assumes that you'll be allowing anonymous access to your site and doesn’t initialize the membership provider until you go to the login page. However, a more common security technique is to require a login for any site access and to define menu choices in the _layout page to be determined by roles. But, if you use the persistent cookie, you don’t revisit the login page so the roles for the authenticated user aren’t loaded from the membership database.
What you want to do is initialize the provider when the user enters the site so that values get loaded. To do this, you want to add the following filter in the RegisterGlobalFilters method of the FilterConfig class in the App_Start folder
filters.Add(new YourAppNameSpace.Filters.InitializeSimpleMembershipAttribute());
This will cause the user data to be loaded from the database when a cookie authenticated user enters the site.
Another alternative technique is to add the [InitializeSimpleMembership] decorator to any controller method that cookie autheticated users might enter directly. This is kind of messy though if you have to put it on a lot of controllers. Therefore, putting it in the global filter is better in most cases.