Hy.
Im continuing a spring web flow, using execution key. (an order paypal payment)
and would need to read query strings from get. &TokenID and &PayerID
this is how the URL looks like where Paypal redirects user after confirming payment:
/sampleflow?execution=e1s1&_eventId=approved&token=EC5D7416956W8431713&PayerID=TN2RE8ZTH67JN
if eventID is approved, my flow redirects to a payment confirmed state. This part is working.
I just need to get the query string parameters somehow.
Any way to do this?
I'm assuming you are trying to access the request parameters in the flow definition xml file. You can access the params using the EL variable requestParameters.
<evaluate expression="someService.doSomething(requestParameters.TokenID, requestParameters.PayerID)" />
http://docs.spring.io/spring-webflow/docs/2.3.x/reference/html/el.html#el-variable-requestParameters
The link above didn't work for me, but I was able to find the relevant page at this address:
4.4.6. requestParameters
Related
Let's say when you send a request to this url: ...?query=something&filter=another_thing, I am returning a web page with model attribute let's say model.addAttribute('result', resultList) then just for loop the result and print the values. (Template resolver could be jsp or thymeleaf, but there is no option to load resultList without model fashion - I mean there is no ajax request - )
What I want to do:
before loading the result (or loading the page), I just want to load google recaptcha.js first and
recaptcha will return a token,
then I will send token to the backend via ajax request.
After all if request is not bot, I will print the resultList
Is this requirement possible to implement inside the Spring boot application itself?
NOTE: I could not find anyway to do this. I just though that I could intercept the original get url then redirect to the another page, and this page will load recaptcha and send the token to my backend. If it is not bot then redirect to the original get url. However I do not know how to preserve original request
You're framing it slightly wrong, which may make all the difference.
When making a request, you want to make sure that request is authorized, before you handle
it.
That is where a recaptcha comes in.
To prevent unauthorized access, look into spring-security and recaptcha for that.
Once sufficient authentication has been achieved, your request will then enter your controller, and you can serve the page.
(of course, you could look into it doing it dynamically, but that will be a bit harder)
Before adding, yes it works when I give the entire url like http://localhost:8080/onedrive/oauth2/success/1 in the list of uri in azure uris. I am using code flow to authroize these tokens.
But as per the docs, it should work with me just mentioning the domain name there, like http://localhost:8080. Which it doesn't.
I want to do something like send the user id along with every request for me to keep track of which user I should link this accees token to, and have no idea to do so, if this issue is there. My current application logic is, when my application sends the user details and calls my spring API, I want to handle all these transfer of tokens in the server side, so I want to transfer this userId as my path variable. How do I go about doing this? Has anyone done this, can they explain to me any other different solution?
You can't add custom details to OAuth redirects and it is best practice to always register the full redirect uri.
In terms of tracking the user, after login the token has a user id and you can also get fields such as user name and email - so both the UI and API will know which user each token is for. I can provide further details on mechanics if needed.
The user id in a token is often a generated value, whereas the user id you want to use in API path segments is maybe a user id from your app's back end database - if so you will need to map between token details and database details.
If you provide redirect uri as http://localhost:8080/ then it means you are handling the api response in
/
endpoint and not
/onedrive/oauth2/success/1
To get to know the user to whom you are linking, few ideas which you can use are
1) Use security to obtain the logged in user credentials (Ex: Principal if you're using Spring security in java)
2) After successful authentication, use the user id you have and send one more request to backend and store it database with userid as a key
I am trying to pass on a URL as RelayState in the SAML request from SP to IDP so that I get it back once the authentication is complete. But, I am not able to figure out how to do so. I am using sustainsys.saml2 for the saml configuration in my ASP.NET WebApi application.
Question 1: Currently, I have a URL something like this: http://example.com/tmwebapi/saml2/signin?http://www.okta.com/hgdhsg324234jhsdf. When I enter this in address bar, it redirects me to the IDP interface. How to pass the RelayState here?
Question 2: Once the RelayState is passed successfully, I want to be able to extract it in the ACS endpoint. How can I do that?
Please let me know if anyother information is required.
Thanks in advance.
Using the /Saml2/Signin endpoint it is not possible to preserve custom information across the authentication call. You can preserve a return url by adding a ReturnUrl parameter to the query string.
If you use the API instead, you can put any state you want to preserve in the AuthenticationProperties dictionary. It will then be available after the authentication is completed. This is how the ReturnUrl is implemented.
I want to add a user to a group through the API. The proper endpoint should be:
https://www.yammer.com/api/v1/group_settings/process_additions , but keep getting a 404.
I found this, describing my exact problem, but no answers:
I want to join users except current login to yammer group. or I want to invite them to join yammer group using javascript sdk by yammer. I found one way of doing that by following
Makes a POST to: same call as above
id: GROUP_ID
invites[ids][]: USER_ID
invites[emails][addresses]:
I don't know how to call it. I tried to call that URI but it gave me error like
"No 'Access-Control-Allow-Origin' header is present on the requested resource" can any one tell me how to pass that data to request call ?
So: How to call https://www.yammer.com/api/v1/group_settings/process_additions ?
Looks like there is an authenticity_token param missing in your URL. You must supply that parameter.
This URL works, but note that it is not documented / supported, and could potentially change at any time:
https://www.yammer.com/insert_yammer_network_name/group_settings/process_additions/isert_groupID.json?id=isert_groupID&invites[ids][]=&invites[emails][addresses]=insert_email#domain.com&auto_add_invitees=true&authenticity_token=insert_oauth-token
Modify the above format with your details, copy it into a browser URL, hit enter, and you should get the following response {"status":"ok"}, or {"already_member":"true"} if the the user is already a member of the group.
Note that you can't make REST calls to https://www.yammer.com/* as it will result to CORS error. Use https://api.yammer.com/api/v1/ as your base URL instead.
===========================
The above solution is no longer valid. Use the impersonation method instead as it is supported/documented by yammer.
I am testing some api for our product using jmeter. To test the api to verify the user's email address I need to login to the mail account. I have the email and password of a test user. How can I login using an api or any other way in jmeter?
Is it possible at all?
Yes that is possible. You'll have to create a test plan with multiple steps but these depend on the concrete implementation of the login.
First you must identify the following two locations:
The GET request that gets the initial login form (if this is required).
The POST request that posts the login credentials.
If your service has a stateless login form you can even skip the first step.
Otherwise the response of the GET request will contain stuff which needs to be extracted (e.g. the JSESSIONID if you are using JSF) and sent as a parameters in the POST request. You can use the Regular Expression Extractor of JMeter to extract these values and provide them as variables for use in the subsequent requests.
Here is an example screenshot of a HTTP Request element configured to POST login data to the url /common/j_security_check
You might also need to intercept an authentication token from the server response and then pass that into following requests.
Here is a blog entry with a couple of video tutorials on logins with JMeter:
http://community.blazemeter.com/knowledgebase/articles/80479-how-to-use-jmeter-for-login-authentication
You can use jmeter to login,
two ways:
parameterization using csv file(for more users)/user defined variables(UDV)
Login config elements(for single user)
Now that I understand you want to automatically click on a confirmation link from an email using JMeter, here is a blog entry that explains exactly how to do that:
http://blazemeter.com/blog/how-create-jmeter-script-check-email-during-registration-and-grab-confirmation-url
Ophir