I have a JSF application running on glassfish 2.1 with a EJB 3 backend. For authentication I use a custom realm. The user authenticates using the e-mail-address and password he specified on registration. Everything is working quite well.
Now I have two related problems:
1) The user can edit his profile and -- naturally -- he can also change his e-mail-address. Unfortunately when I perform operations based on the current user's identity using ExternalContext.getUserPrincipal().getName(), I will receive the previous e-mail-address the user used on login. At the moment I handle this by forcing the user to reauthenticate after he changed his e-mail-address, but is there another more graceful possibility?
2) Same for user roles. E.g. I have the user roles MEMBER and PREMIUM_MEMBER. A MEMBER may become a PREMIUM_MEMBER during his current session. Unfortunately the role seems to be only determined at login. Is there any possibility, that JSF and EJB recognize the new user role without the need for the user to re-authenticated?
Consider using Seam with JSF. There you can change the logged in users credentials without needing to re-login.
Related
I want to auto-assign a few of the Projects to the user who is logging in using the LDAP credentials. Currently, if LDAP user logs in, I have to go in Report Portal using super admin credentials and assign Member Role and Projects to that specific member.
I have recently tried this LDAP feature and facing this issue of the new user gets creating and assigning projects and members to each one of them. I wan some auto-assignment (like can we passed while setting LDAP setting in Report Portal)
Below is my LDAP user nperiwal with which I logged in Report Portal. But as you see this got created a new user and no project got assigned to it automatically. I want some process or code or settings which can fulfil my requirement.
FYI, see the below snapshot where I manually assigned projects and admin role.
Please help.
Simple way:
It can be done via scripting, see which requests are send to server in browser Network tab and put the same into the bash/shell script. Parametrize according to username and required access.
Long way: wait until our team will implement it within ReportPortal as feature, based on regular priority
Best way: request payed support from our team, and we will implement this capabilities for your company with highest priority. Drop mail at support#reportportal.io
I am creating a web application which will be used by App's Administrators and for security reasons we don't want to allow multiple active logins from a single user at any point of time.
I am storing session data in the web browser's cookie and want backend to have active user's information who are currently logged in to the application so that on successful login request I can find out if this particular user already has an active session. If that is possible then I can block the login for that user.
One way to do that is storing IsLoggedIn in the Database with LastLoginTime and on each login, I can use this two flags to identify if an active session exists.
Open to other better solutions if any
I think a more robust solution than checking last login times would be to generate and store an id for each new login and then include a middleware to make sure the session's id for each user matches what you expect. That way every time the user logs in on another device the previous one will be invalidated and only one session will be valid at a time. You may even just be able to use express-session's req.session.id.
I guess this question basically boils down to some misunderstanding that I have about how the SonarQube LDAP plugin works in general. We have integrated the LDAP plugin and our users are authenticating against our corporate LDAP server. When we we want to create a new group and add users to that group for a new project, we have assumed that the users themselves must authenticate into SonarQube first so they get added as a user to SonarQube. After that, then we are able to put them into the appropriate groups that they belong to. This is a pain for our administrators since the people that need to be added are logging in at differing times or forgetting to log in at all. What we would like is something that Nexus provides where we can do a lookup of that user's account id, then add them and place them into the appropriate group(s). In that way, the user is not bothered by having to login first and then the administrator has to give the privileges and then the user logs out and logs back in. Is this a misunderstanding on my part? I ask because when I go to the users page and click on 'Create New User' it not only asks for the user's id but also the user's password which I obviously don't know so this is telling me that this will be a local account.
By default SonarQube's LDAP plugin works like you think it does. You can configure LDAP group mapping so that when the user enrolls, he/she is automatically added to the appropriate group.
In other words, create the group for the project in SonarQube, and then create the same group in LDAP and add users to it. Then when users login for the first time they will be in the appropriate group, and on each subsequent login any group changes will be reflected in SonarQube.
This, in my opinion, is infact better than adding users manually.
Weblogic contains a lot of security providers. It's feasible to make more than one authentication provider active at a time. The problem is we need to assign a different role to the user whenever he is authenticated through one of the providers. Is it possible to assign a specific role to the user each time he got authenticated through one of the providers?
A user can only have a given set of roles at any given time. Roles can be changed in the admin console but can not be done dynamic and for good reason. One would not want an unauthorized user to be able to become the Admin to a server. You can assign all the roles the user requires but you cannot dynamically, using code, perform such compromising tasks.
In short, a user can only perform tasks to the ability that the role provides him at any given time.
I seem to have coded myself into a corner. First let me tell you what my end goal is: I have a GWT app that will have features available to users who are not logged in, and other features only available to authenticated users. When an unauthenticated user clicks on something that requires authentication, I would like a login box to pop up in a modal window, and ask the user to authenticate. (if this is unclear go to digg.com and try to "digg" a story without being logged in, you'll see what I mean)
I have code to add a user and save their username and password (hashed with jBCrypt). I also have an RPC that accepts a username and password and can validate if the password is correct.
My problem is validating the session. I can get the JSESSIONID, but that's the part where I get lost. How do I associate the user's ID with that session, and how do I check that it's still valid?
I know glassfish can manage the session, users & roles for me, but I don't know how to make that work smoothly with GWT. Are there any examples with GWT and authenticating users in a Java EE environment? I've been googling for hours and I've come up with nothing.
Your question is a bit confusing, since I have the impression that you are going in 2 directions at the same time :-).
If you want to use Java EE authentication then you will need to use some plain HTML pages that you can configure in the web.xml. Using RequestBuilder you can actually do the interaction with these pages from GWT code (as we do).
If you want to know more about the user that is authenticated then use the Principal object that comes with the HttpServletRequest. The Principal object has a name attribute.
Using Java EE authentication is very limiting so in most cases we tend to implement our own instead.