I'm using grails spring-security-core and spring-security-ui plugins, but no matter what I do, I can't get switch user to work, I always get:
Error: Page Not Found (404) Path: /login/impersonate
I've got this in my application.groovy:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
......
[pattern: '/login/**', access: ['permitAll']],
[pattern: '/logout/**', access: ['permitAll']],
[pattern: '/login/impersonate', access: ['permitAll']],
[pattern: '/logout/impersonate', access: ['permitAll']]
}
(Very open permissions I know, but just trying to get it working.) I've tried to add this also:
grails.plugin.springsecurity.interceptUrlMap = [
[pattern: '/login/impersonate', access: ['permitAll']]
]
I've got this set in application.groovy:
grails.plugin.springsecurity.switchUser.useSwitchUserFilter = true
grails.plugin.springsecurity.ui.switchUserRoleName = 'ROLE_SWITCH_USER'
and to be doubly sure I put this in my application.yml:
grails:
plugin:
springsecurity:
switchUser:
useSwitchUserFilter: true
ui:
switchUserRoleName: 'ROLE_SWITCH_USER'
I've tried logging in with a user with roles ROLE_ADMIN as well as ROLE_SWITCH_USER and clicking the standard "Login as user" found in the spring-security-ui gui plugin. I've tried just going to http://localhost:8080/login/impersonate in the browser. I've tried adding this to a page:
<sec:ifAllGranted roles='ROLE_SWITCH_USER'>
<form action='/login/impersonate' method='POST'>
Switch to user: <input type='text' name='username'/> <br/>
<input type='submit' value='Switch'/>
</form>
</sec:ifAllGranted>
and trying to switch users that way. But no matter what I do, I get page not found 404.
I tried looking at the source code to spring-security-core plugin, but the LoginController.groovy doesn't have an impersonate() method. I'm guessing it uses some magic to arrive at Spring's SwitchUserFilter. I've tried putting break points in there, but it didn't seem to stop.
In all other respects, grails spring security plugin seems to be working fine and as expected. But I'm stumped.
Using grails 4.0.9, org.grails.plugins:spring-security-core:4.0.3, org.grails.plugins:spring-security-ui:4.0.0.M1
Try to use:
grails.plugin.springsecurity.useSwitchUserFilter = true
not:
grails.plugin.springsecurity.switchUser.useSwitchUserFilter = true
Related
I am new to Phoenix and actually working on my first project in it.
When deploying the project on production server, I am getting a Database Connection error for mySql. For some reason, it is not considering the username/password values provided in config/prod.exs
import Config
config :g_plus, GPlusWeb.Repo,
username: "root",
password: "Somepassword",
database: "db_name",
hostname: "localhost",
load_from_system_env: true,
pool_size: 20
I also tried with environment variable (DATABSE_URL), but it is still not working.
ecto://root:Somepassword#localhost:3306/db_name
Am I missing any setting/config somewhere?
I couldn't find anything in Google search as well.
Most deployment guides are for apps without DB.
I found the issue. I was using GPlusWeb instead of just GPlus in the following line.
config :g_plus, GPlusWeb.Repo,
I changed it to config :g_plus, GPlus.Repo, and it worked.
What I Want to Achieve
I pasted a Kibana dashboard's iframe code in my webapp, which works fine. I'm trying to skip the sign-in screen.
What I Have Tried
Since I already have the user's credentials in memory, I figured an AJAX call to /api/v1/auth/login before loading the embedded visualization should set the appropriate cookie and skip the sign-in screen.
The issue is, Kibana will only accept the request if it has a kbn-version header. But if I add a kbn-version header to the AJAX request, the pre-flight OPTIONS request fails with:
"CORS error: Some headers are not allowed"
I have tried adding kbn-version to some Hapi configuration settings such as server.cors.additionalHeaders, server.cors.headers, server.cors.exposedHeaders, and server.cors.additionalExposedHeaders but none of them seem to work.
This is my custom-kibana.yml file:
$ cat custom-kibana.yml
---
# Default Kibana configuration from kibana-docker.
server.name: kibana
server.host: "0"
server.cors : true
server.cors.origin: ['*']
server.cors.additionalHeaders: ['kbn-xsrf', 'kbn-version']
server.cors.headers: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"]
server.cors.exposedHeaders: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"]
server.cors.additionalExposedHeaders: ['kbn-xsrf', 'kbn-version']
# server.ssl.enabled: true
# server.ssl.key: kibana.pem
# server.ssl.certificate: kibana-key.pem
elasticsearch.url: https://localhost:9200
elasticsearch.ssl.verificationMode: none
elasticsearch.username: kibanaserver
elasticsearch.password: <pw>
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opendistro_security.multitenancy.enabled: true
opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
My Question
How do I skip the sign-in screen, either by solving the issue I encountered or in any other way.
I have Jekyll site hosted on GitHub Pages. The file _config.yml has this content (excerpt):
# Defaults
defaults:
# _pages
- scope:
path: "_pages"
type: "pages"
values:
layout: "single"
read_time: true
So when the site is built, I can open a page by its URL like this:
https://repo.github.io/_pages/some-page/
I read all the docs for Jekyll but it is not clear to me how to turn this URL to be https://repo.github.io/some-page/ or maybe https://repo.github.io/pages/some-page/.
_pages can be seen as collection directory.
Therefore by simply having the following config:
collections:
pages:
output: true
will give you URLs like https://repo.github.io/pages/some-page.html
To get custom URLs you may add a permalink sub-config:
collections:
pages:
output: true
permalink: /:collection/:path/
will give you URLs like https://repo.github.io/pages/some-page/
For more possibilities, refer the official docs
My problem is very common. I read almost all topics on stackoverflow about this issue, but still can not do thing work. My code is :
ini_set("soap.wsdl_cache", "0");
ini_set("soap.wsdl_cache_enabled", "0");
$proxy = new SoapClient('http://Myhostname/api/soap?wsdl');
I had this error :
Error WSDL: SOAP-ERROR: Parsing WSDL: Couldn't load from
'http://Myhostname/api/soap?wsdl' : failed to load external entity
"http://Myhostname/api/soap?wsdl"
In the browser the URL
http://Myhostname/api/soap?wsdl
works great (returns an xml response)
I try this code to see if PHP can reach this URL :
if (file_get_contents('http://Myhostname/api/soap?wsdl') === false) {
echo "ERROR: file_get_contents <br/>";
}
It displays me my error "ERROR: file_get_contents", so it does not work. On the forums I saw that to solve this problem I must add hostname into OS "hosts" file. So I did it. In my hosts file I added this line
127.0.0.1 Myhostname
But it still does not work. Then I changed URL in my code to
http://localhost/Myhostname/api/soap?wsdl
but it does not work either.
I tried another solution I found on the internet. For some people it worked. In my URL I changed '?' character to '.'. So my new URL became
http://localhost/Myhostname/api/soap.wsdl
but it does not work either.
I saw official SOAP doc! And tried to create SoapClient object in different way (with options like 'proxy_host' and 'proxy_port'). But this did not help me.
It's my second day I try to solve this problem, but I can not. I am doing my internship, I do not have a lot of experience, so maybe I did not try solutions I found correctly. Maybe someone can help. I would be very pleased.
Few steps to check
Have a ping to Myhostname. It would give the ip. Use ip instead and see
Check if the services are enabled
S0AP,
php_openssl,
openssl,
curl
Hope you would get it :)
I have the similar problem, I solve it uncommenting -MultiViews from .htaccess file, and later from Apache configuration of local website.
My working Apache configuration is:
<Directory /var/www/>
Options Indexes FollowSymLinks -MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
You can try also url:
http://localhost/Myhostname/api.php?type=soap&wsdl
if you use community edition.
instead of $proxy = new SoapClient('http://Myhostname/api/soap?wsdl');
try $proxy = new SoapClient(WSDLFILENAME);
where WSDLFILENAME is the OS name of the WSDL file.
This has the additional benefit of making one client-server roundtrip less.
I tried the SOAP Web Services on my local host and it was working fine. The reason why the Magento was not able to give a response to the request was because it was not able to verify SSL Certificates enabled on the site.
The way I resolved it was to allow self signed SSL verification:
$opts = [
'http' =>
[
'header' => "Authorization: Bearer ".$token
],
'ssl' => [
'allow_self_signed' => true ,
'verify_peer' => false,
'verify_peer_name' => false]
];
$context = stream_context_create($opts);
I hope it helps. ;)
Generally when I try to search for the solution they direct me to security.yml in the config folder. But whenever I change it to my module name lets says "user"
user:
is_secure: true
it doesn't work while....
all:
is_secure: true
locked up all the page so what should I do to handling on specific modules or files if possible. Thanks for the valuable time and comment.
Edit:
My path
<!-- apps/frontend/modules/user -->
originally under user folder doesn't have config folder...
If you want to secure an specific module you have to define it in its config folder at security.yml file (like you said but in the desire module). For example, if I have a clients module with index, new, create, etc actions and want to secure the new and create actions, you have to add to the
<!-- /app_name/modules/clients/config/security.yml -->
new:
is_secure: true
credentials: [...] //if you defined credentials
create:
is_secure: true
credentials: [...] //if you defined credentials
If you want to secure all clients module just set
<!-- /app_name/modules/clients/config/security.yml -->
all:
is_secure: true