I have a application with various controllers..I need to apply Authentication to only one controller while I am trying to add Authentication attribute, I am getting error because Its a parameterised constructor. Please help me anyone.
[Authorize]
class Example : ApiController
{
// class related stuff
}
Using the build in auth feature
Related
I have implemented the SAML configurations as mentioned in https://github.com/vdenotaris/spring-boot-security-saml-sample but its not populating the '#CurrentUser User user' in the landing controller method. loadUserBySAML() of SAMLUserDetailsServiceImpl gets SAMLCredential properly.
I have XML based MvcConfig,whereas the WebSecurityConfig(for SAML) is Java based Config. Have added 'bean class = "CurrentUserHandlerClass' in 'mvc:argumentresolvers'. So while invoking the landing Controller method below exception is thrown
please help me out and comment it if you require something
Its now solved as the controller URL was missing in the securitychainfilter
I'm having some trouble regarding the authorization endpoint of my Spring based OAuth2 provider. I need more information from the client than there is currently possible. This is what I want to achieve:
I need the custom parameter in the authentication process later on. Is there any simple way to extend the default parameters with my custom one or do I need to implement a certain class myself?
Did some research on how the authentication endpoint works in the current Spring code. I found that the Authorization Endpoint uses a method named authorize that takes all the parameter that are being set and converts then into an AuthorizationRequest. While looking further into the AuthorizationRequest class I found that it holds a map with extensions that is being filled throughout the authorization process. But it does not seem to get filled with my custom parameter (as shown above). This is in fact by only looking at the code, so I might be wrong.
Would it be a good idea to extend the AuthorizationEndpoint with my custom implementation or is there a better and cleaner way to do this?
Update #1 (07-10-2015)
The place where I'd like to use the custom parameter is in my own implementation of the AuthenticationProvider. I need to information to be available inside the authenticate method of this class.
Update #2 (07-10-2015)
It seems that the AuthorizationProvider gets called before the AuthorizationEndpoint. This means that the custom parameter is obtained after the class where I need it (so that's too late).
Maybe I can get the referral Url by either extending part of the Spring security classes or by obtaining it in the HTML through JavaScript. Is this a good idea or should I use another approach?
So I managed to fix the problem myself by searching some more on Google.
What you need to do is speak to the HttpSessionRequestCache to get the referral URL. This is how I solved it in my own implementation of the AuthenticationProvider
#Component
public class CustomProvider implements AuthenticationProvider {
#Autowired
private HttpServletRequest httpRequest;
#Autowired
private HttpServletResponse httpResponse;
#Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(httpRequest, httpResponse);
logger.info("Referral URL: " + savedRequest.getRedirectUrl());
logger.info("Parameters: " + savedRequest.getParameterMap().keySet().toString());
}
}
This will print out the URL of the request that was called before heading to the login page of spring security. The second log method prints out the parameters that where found in this URL. This question and answer helped me in creating a solution for my problem.
I have a controller that I want to generate documentation for using ASP.NET Web API Help Pages.
When I directly inherit from ApiController the documentation appears:
public class ExampleController : ApiController
But when I inherit from a base controller, it is omitted:
public class ExampleController : ApiBaseController
...
public class ApiBaseController: ApiController
I have switched to delegation rather than inheritance, but I wanted to know how to make it work with inheritance.
Here is a tip I picked up in my experimentation.
The documentation leans heavily on the routes in your API config. If your controller isn't covered by a route, it won't show up. Additionally, the order of the routes in your API config is the order of the operations in your documentation.
To cover both of these points I have created named routes for each controller. This has the added benefit of making each route specific, rather than a single route with lots of optional bits. This ensures all my operations appear in the documentation, in a good order.
I have also added the API tester so the API can be called directly from the documentation.
Check the permissions in your base class. I had the same issue and is was a result of methods that should have been set as internal being protected.
Make sure that all your methods that need to be accessed by the parent item are set to internal and any methods that override the ApiController are set to protected.
Post your code if it still doesn't work.
Works like Gravy :)
Our MVC3 application is using Fluent NHibernate and requires implementation of user login, authentication and authorization.
I've seen articles using the [Authorize] method in the controller classes. However, I'm not sure how this all works in our situation given that Fluent NHibernate is in use.
Can anyone share some suggestions as to how to make this work?
You could write a custom role provider implementing the RoleProvider class. In your custom implementation you of the RoleProvider class you could use whatever database access technology you want - FluentNhibernate or whatever. Basically you are interested in implementing the IsUserInRole method.
Then decorate your controllers/actions with the Authorize attribute:
[Authorize(Roles = "Admin")]
public ActionResult Foo()
{
return Content("Only administrators can see this message");
}
And here's another blog post that covers writing a custom role provider in more details.
Dear All,
I am using the membership provider of MVC framework, Now i want to implement the Role and Right on My project, All the Role and Right is available on database so how can i implement the Role and Right? is there is any built in function which can i use? also i am using the Ado .net Data Entity Framework..
If I'm understanding what you want to do correctly, you have to annotate your Controller class or ActionResult with the Authorize attribute like this:
[Authorize(Roles="Domain Admins", Users="testuser")]
public class TestController : Controller {
}
Then as long as your membership provider is setup you should be good to go.
It may be worth mentioning that you can always check if a user is in a role with the following code.
User.IsInRole("Domain Admins");
If your using MVC2 then the default project template makes it easy. You should check out the AccountController and AccountModels in a default MVC2 template.
It sounds like you need a custom role provider:
http://davidhayden.com/blog/dave/archive/2007/10/17/CreateCustomRoleProviderASPNETRolePermissionsSecurity.aspx
http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx
http://www.codeproject.com/KB/aspnet/WSSecurityProvider.aspx