I'm using WebSphere 8.5
I've found out how to create JAASAuthData with username and password using jython script:
objServerAttrs = AdminControl.completeObjectName('WebSphere:type=Server,*')
cellName = AdminControl.getAttribute(objServerAttrs, 'cellName')
sec = AdminConfig.getid('/Cell:%s/Security:/' % cellName)
jaasAttr = [['alias', jaasAlias],['userId', jaasUser],['password', jaasPass]]
jaasAuthData = AdminConfig.create('JAASAuthData', sec, jaasAttr)
and how to create dataSource:
dsAttrs = [['name', 'myDS1'], ['jndiName','jdbc/MY/DS1']]
newDs = AdminConfig.create('DataSource', provider, dsAttrs)
Now I need to bind that JAASAuthData with my DataSource as 'Container-managed authentication alias', unfortunatelly I can't find anything in API, inspecting attributes of existing DataSources or any example for that task. How to create such binding?
You need to specify authDataAlias attribute:
dsAttrs = [['name', 'myDS1'], ['jndiName','jdbc/MY/DS1'], ['authDataAlias',jaasAlias]]
newDs = AdminConfig.create('DataSource', provider, dsAttrs)
The recommended way of configuring container-managed authentication alias is to set it on a resource reference during your application deployment.
It is still allowed (although deprecated) to configure it on DataSource level:
newDs = AdminConfig.create('DataSource', provider, dsAttrs)
mapping = AdminConfig.showAttribute(newDs, 'mapping')
AdminConfig.modify(mapping, [['mappingConfigAlias', jaasAlias], ['authDataAlias', jaasAlias]])
BTW: Your script would be more maintainable if you used WDR library http://wdr.github.io/WDR/ (I'm one of the main contributors).
jaasAlias = 'TheAuthAliasName'
provider = getid1('/JDBCProvider:TheProviderName/')
security = getid1('/Cell:/Security:/')
security.assure('JAASAuthData', {'alias':jaasAlias}, userId = 'user', password = 'password')
ds = provider.assure('DataSource', {'name':'myDS1'}, jndiName = 'jdbc/MY/DS1')
# component-managed authentication:
ds.authDataAlias = jaasAlias
# ... and container-managed authentication:
ds.mapping.mappingConfigAlias = jaasAlias
ds.mapping.authDataAlias = jaasAlias
save()
sync()
The above script can be safely re-run without failure or duplicate objects.
Related
I have been using the Hl7.org tool org.hl7.fhir.validator.jar file to validate my messages but I would like to add this function it to my .Net project. Once I parse the message is there a class I can call to validate the Structure.
Is there a validate FHIR class in fhir-net-api that will display the same results has org.hl7.fhir.validator.jar?
string HL7FilePath = string.Format("{0}\\{1}", System.IO.Directory.GetCurrentDirectory(), "Sample.xml");
string HL7FileData = File.ReadAllText(HL7FilePath)
var b = new FhirXmlParser().Parse<PlanDefinition>(HL7FileData);
FHIR Validator Build ??
Arguments: C:\HL7Tools\validator\REC78_1.xml -version 3.0
.. connect to tx server # http://tx.fhir.org
.. definitions from hl7.fhir.core#3.0.1
(v3.0.1-null)
.. validate [C:\HL7Tools\validator\Sample.xml]
Terminology server: Check for supported code systems for http://www.nlm.nih.gov/research/umls/rxnorm
Success.
Yes, there is. You need to add the Hl7.Fhir.Specification.STU3 package, and can then use the validation methods like this:
using Hl7.Fhir.Specification.Source;
using Hl7.Fhir.Validation;
... your code, reading the PlanDefinition from file and parsing it ...
// setup the resolver to use specification.zip, and a folder with custom profiles
var source = new CachedResolver(new MultiResolver(
new DirectorySource(#"<path_to_profile_folder>"),
ZipSource.CreateValidationSource()));
// prepare the settings for the validator
var ctx = new ValidationSettings()
{
ResourceResolver = source,
GenerateSnapshot = true,
Trace = false,
EnableXsdValidation = true,
ResolveExteralReferences = false
}
var validator = new Validator(ctx);
// validate the resource; optionally enter a custom profile url as 2nd parameter
var result = validator.Validate(b);
The result will be an OperationOutcome resource containing the details of the validation.
I'm trying to use an existing Consul cluster as the membership provider for a test Orleans application.
I get this error when connecting my client app to the Silo
Could not find any gateway in Orleans.Runtime.Host.ConsulBasedMembershipTable. Orleans client cannot initialize.
Digging into the ConsulUtils class, the entries being retrieved have no ProxyPort defined - and are discarded - hence the empty result set.
I initialize the silo like this:
var clusterConfiguration = new ClusterConfiguration();
clusterConfiguration.Globals.DataConnectionString = "http://localhost:8500";
clusterConfiguration.Globals.DeploymentId = "OrleansPlayground";
clusterConfiguration.Globals.LivenessType = GlobalConfiguration.LivenessProviderType.Custom;
clusterConfiguration.Globals.MembershipTableAssembly = "OrleansConsulUtils";
clusterConfiguration.Globals.ReminderServiceType = GlobalConfiguration.ReminderServiceProviderType.Disabled;
var silohost = new SiloHost("Fred", clusterConfiguration);
silohost.InitializeOrleansSilo();
startup = Task.Factory.StartNew(() =>
{
return silohost.StartOrleansSilo();
});
return true;
And I set my client app up like this:
var config = new ClientConfiguration();
config.CustomGatewayProviderAssemblyName = "OrleansConsulUtils";
config.DataConnectionString = "http://localhost:8500";
config.DeploymentId = "OrleansPlayground";
config.GatewayProvider = ClientConfiguration.GatewayProviderType.Custom;
GrainClient.Initialize(config);
Looking at the code in ConsulUtils I can see that the ProxyPort isn't set (i.e. is 0) when the entry is saved. So I'm assuming I have a problem when initializing the silo - but I can't figure out what it is!
Without digging deep in, does sound like a bug. Please repost on GitHub and we will try to help you.
I'm having trouble getting direct manipulation of sessions working properly.
Using some code from the source and a tip from Demis, I've put together something in our unit test client to auth the user and then recover the session.
The AuthResponse I'm getting from the service has a SessionId of 533, which results in a constructed urn of "urn:iauthsession:533", whereas the urn in the Redis cache is "urn:iauthsession:sbQBLwb1WpRj8DqQ7EdL", so obviously, the thing being passed to the urn builder in the running code is not simply the session id (or the overload being used is not what I think it is).
Here's the code we're using in our test base class to try to recover the session from the auth call:
var client = new JsonServiceClient(ServiceTestAppHost.BaseUrl)
{
UserName = userName,
Password = password,
AlwaysSendBasicAuthHeader = true
};
var response = client.Post<AuthResponse>("/auth/basic", new Auth() { UserName = userName, Password = password, RememberMe = true });
var sessionKey = IdUtils.CreateUrn<IAuthSession>(response.SessionId);
var session = _appHost.TryResolve<ICacheClient>().Get<SsoUserSession>(sessionKey);
Any idea why the constructed urn is not matching?
This should now be fixed with this commit which is available in v4.0.22 that's now available on MyGet.
I have several DC in my LDAP(like DC=Ny, DC=Oh) and would like to authenticate the user from LDAP through grails spring ldap plugin.
Initially I have used following parameters in the config.groovy file and was able to authenticate the users from newyork but now I have to authenticate the users from both newyork and Ohio.
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.test.SecUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.test.SecUserSecRole'
grails.plugins.springsecurity.authority.className = 'com.test.SecRole'
// LDAP config
grails.plugins.springsecurity.ldap.context.managerDn = 'CN=P8,OU=P8,OU=Weblogic,OU=PR,OU=Groups - Application,DC=NY,DC=GWL,DC=com'
grails.plugins.springsecurity.ldap.context.managerPassword = 'test'
grails.plugins.springsecurity.ldap.context.server = 'ldap://NY.GWL.com:389/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
grails.plugins.springsecurity.ldap.search.base = 'DC=NY,DC=GWL,DC=com'
grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}" // for Active Directory you need this
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName'] // extra attributes you want returned; see below for custom classes that access this data
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider'] // specify this when you want to skip attempting to load from db and only use LDAP
What kind of changes needs to be done in groovy.config file or does I need to do any code changes.
Any help on this will be really helpful.
Thanks
How to control direct url access in jsf 2.0, struts 2 and spring 3 ? I mean not login user type url and display always home or login page.
You can either use a project like spring-security to integrate with your application, or write your own servlet-filter
The stackoverflow servlet-filter tag has a good overview of servlet filters. For most servlet compatible web frameworks you can integrate a filter to intercept requests and redirect invalid or unauthorized requests to where they belong.
I suggest you to use Apache Shiro filter for control direct access for a certain url.
Look at the Apache Shiro configuration ini file where are the control of url access shown.
[main]
logout = org.apache.shiro.web.filter.authc.LogoutFilter
roles = org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
authc.loginUrl=/faces/login.xhtml
authc.successUrl=/faces/index.xhtml
roles.unauthorizedUrl = /faces/unauthorized.xhtml
logout.redirectUrl = /faces/login.xhtml?status=loggedOut
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealm.permissionsLookupEnabled = true
jdbcRealm.authenticationQuery = SELECT PASSWORD FROM USERS WHERE USERS.USERNAME = ?
jdbcRealm.userRolesQuery = SELECT ROLE_NAME FROM ROLES, USER_ROLE, USERS WHERE ROLES.ROLE_ID = USER_ROLE.ROLE_ID AND USERS.USR_ID = USER_ROLE.USR_ID AND USERS.USERNAME = ?
jdbcRealm.permissionsQuery = SELECT PERMISSIONS.PERM_NAME FROM ROLES, PERMISSIONS_ROLE, PERMISSIONS WHERE ROLES.ROLE_ID = PERMISSIONS_ROLE.ROLE_ID AND PERMISSIONS.PERM_ID = PERMISSIONS_ROLE.PERM_ID AND ROLES.ROLE_NAME = ?
ds = com.mysql.jdbc.jdbc2.optional.MysqlDataSource
ds.user = maqraa
ds.password = maqraa
ds.databaseName = maqraa
ds.serverName = localhost
ds.portNumber = 3306
jdbcRealm.dataSource = $ds
securityManager.realms = $jdbcRealm
[urls]
/faces/login.xhtml = authc
/faces/admin/** = authc, roles[admin]
/faces/teacher/** = authc, roles[teacher]
/faces/reports/** = authc, roles[admin]
/faces/officer/** = authc, roles[officer]
/faces/manager/** = authc, roles[manager]
/faces/roles/** = authc, roles[admin]
Looking at the previous url(s) you will find out that any access for /faces/login.xhtml must be done by authenticated user in addition to access some of url(s) you must be a playing for a specific role(s).
Review Shiro tag on stackoverflow or see the Apache Shiro site.
I hope that help you.
Thanks.