LibreOffice Online - multiple users with access_header - multi-tenant

I'm trying to integrate LibreOffice Online with a cmis repository and for that I need to use the "access_header" for my requests.
When I try to use with multiple users only the first user appear in all instances.
Example:
access_header:xxxx - user1
http*//libreoffice.docker.localhost/loleaflet/dist/loleaflet.html?WOPISrc=http*//docker.localhost/alfresco/service/wopi/files/0503eed5-6a0e-4267-9c1f-a27806bf7b4a&access_header=xxx"
access_header:yyy - user2
http*//libreoffice.docker.localhost/loleaflet/dist/loleaflet.html?WOPISrc=http*//docker.localhost/alfresco/service/wopi/files/0503eed5-6a0e-4267-9c1f-a27806bf7b4a&access_header=yyy
The request from cmis is returning the right user, but In both instances the users "logged" are "user1".
I tried with access_token and works well (I need access_header because I need a basic authentication).
Anyone can help me?
Thanks

Related

ServiceNow API - How to get all users and all their attributes

I am trying to use the ServiceNow API for the first time and I need to get a list of all the users in the sys_user table with all of their available fields/attributes like date created, updated etc.
I tried GET request to this URI:
https://myinstance.service-now.com/api/now/table/sys_user
But the response only returns the Users and some of their attributes but not all of the ones I can see in the portal.
What is the correct URI to make the REST call to get all users and their fields/attributes?
I'm assuming you want to access SN API from another application? Cause if you want to do that from within SN, there is the GlideRecord server API you can use.
Now when you access the table API from external source, you do that through a registered user - depending on this user and their roles, you might see all or only some of the user attributes. Also, if you add specific Query Parameters to your request like sysparm_query or sysparm_fields, this will limit what you get.
ACLs (Access Control Lists) is the mechanism in ServiceNow restricting access to Table API. So I would encourage you to check there. Perhaps you will need to create a technical user with sufficient roles to access the data you need.
Also the REST API Explorer which is found in SN Navigator can be of help to quickly test your table queries.
Hope that helps a bit!
In general table api returns all the columns associated to the table unless until if you have specified the specific column list in sysparam_fields, can you please try in post man or try the same api call from rest api explorer in Servicenow to understand the behavior. H

How to authenticate users with an integer such as account number as the username

I have a problem authenticating users in my banking application. I want super users to be created and authenticated using email. However, I want that normal users be registered and assigned account numbers. The normal users would then use the account numbers to login. How do you achieve authentication of these different kinds of users with different username fields in one django project.
I have tried overriding the USERNAME_FIELD to account numbers so that normal users would use that to login. It doesnt help to login normal users. For superusers, it prompts for account number when I run
python manage.py createsuperuser
Kindly assist in understanding how to handle this kind of custom authentication.
Django is ready to support your requirement. AUTHENTICATION_BACKENDS support multiple backend as list. For normal user you have to write custom backend and Add that in AUTHENTICATION_BACKENDS.
This link will help you.

SonarQube plugin - users access management

I would like to develop a custom plugin restricting access to certain parts of SonarQube (Deletion of project, Modification of permissions etc) depending on their assignment to different groups.
I was able to implement a filter which will redirect a user in case he tries to access page which is restricted to him.
There are 2 problems I am facing.
I am not able to get the logged in user (I am able to get his ID via request session but I am not able to get any more information about him.).
I am not able to get information about groups the user belongs to.
There might be an api for this however I am not able to find any examples or the documentation that might help me.
SonarQube version: 5.6.6
Security Realm: Crowd
Thank you,
Jakub
Sorry, but it's not possible to customize pages access of SonarQube.

Parse authorization in mvc5 - login issues

I'm writing an app that's supposed to run with MVC5 and using parse as a backend.
I'm using the new Identity feature of the MVC5 to login an user. I also tried to use this solution but I couldn't make it work.
What is happening is that when I login with the user A and then login with the user B in a different session (a incognito windows or a new browser) whenever I try to insert something related with a ParseUser object using the first user that was logged in I get an exception: UserCannotBeAlteredWithoutSessionError.
I'm not sure if I'm doing the implementation in a wrong way, or if it is a limitation of the Parse (I think it was designed to run using one user per device).
If you have a workaround for this situation please help me.
There is a good answer which may help: Parse Database Authorization - Security For User Objects.
So, it's a kind of Parse SDK limitation, when you can work with only one user per device (as ParseUser is cached locally). The only workaround that I can see is to perform SignOut/Login explicitly, when you need to do something from other user's context. There is no way to have two users work simultaneously from the same device.

Google Admin SDK [Directory - API] check User password

I am using Google Admin SDK Directory API to create users and using Service account I am able to perform CRUD operations on them.
I have a requirement whereby I have to check the credentials of users created using SDK.
When you fetch the users the password is not returned, hence comparison cannot be done.
I'll really appreciate if someone lets me know what would be effective way of approaching the checkCredentials function.
Thanks.
Google does not ever return the value of the password. That would be a monumental security risk.
See their documentation in regards to the user resource used in the directory API. It specifically states that the password field is never returned. It can only be used for setting the password.
If your requirement is too check creds on a newly created user, you should look into trying to login as the user with the password you just sent, using the google auth Apis
At the moment, the only solution I've found is to simulate the user login flow with a fake browser (Apache's httpcomponents-client for Java for example) pointing to Google Account ServiceLogin.

Resources