Currently anyone can able to pull the artifacts from artifactory using rest api without using credentials,is there anyway to block the pull access to anonymous users to pull the artifacts using rest api without credentials?Please advise.Thank you.
Yes, You can. Got to Admin -> Security Configuration -> General Security Configuration. Uncheck Allow Anonymous Access to disable anonymous access.
https://www.jfrog.com/confluence/display/RTF/Configuring+Security#ConfiguringSecurity-AllowAnonymousAccess
Related
I am looking to find a way how to enable Sulu (Admin?) API accessible outside admin area.
To be more specified, to be accessible without account (session).
For example route "/admin/api/snippets"
This url works when you are logged in as admin, but I need it to work even if guest is visiting it, without account.
You can configure the symfony firewall the way you want it currently all behind is /admin is behind a login but you can change the access control the way you like it. Be aware that the API is build for admin users and you maybe better to create your own API endpoint to not leak any unwanted informations.
Background:
In my company, we have one firebase project which is linked to our iOS application and an internal tool(purely for our use and not the consumers). Now since the database is common to both the website and the iOS app, all the users who create an account on the iOS application automatically have access to our internal tool. I wish to allow only a handful of people or one person to have access to the internal tool.
Question:
Is there a way for me to give certain users access to the internal tool? (If it involves manually giving them access from the firebase console?)
Is there a way to make the user authentication check different for the internal tool?
Firebase Custom Claims let you specify custom access to database or tools.
You can specify an admin role to those users who should have access to the admin tool and make sure they have this role in your app's route (or route guard)
We are working on an application that uses firebase for authentication purposes. We implemented the authentication mechanism in our angular application and everything works fine. what we want now is to add custom claims to the JWT tokens generated once the user is authenticated. We know about the Admin SDK here:
https://firebase.google.com/docs/auth/admin/custom-claims
but this requires the addition of a web service. is there a way to configure firebase via the portal to add a default custom claim for all existing users and new users. what we want is to add an "id" field with random GUID. is it possible to use the Admin SDK to configure this behaviour once and for all?
Thanks in advance.
There is no way to add custom claims without using the Admin SDK. This requires that you run a script on a trusted environment, such as your development machine, a server you control, or Cloud Functions for Firebase. The latter is probably your best option if you want to do this regularly, and don't have your own server.
I've trying to find the answer but after reading a bunch of documentation I think it's not possible, but I would be a nice feature. The problem is I want anyone to access the cached repositories but I don't want them to access the web user interface.
The only way I have figured out is tweaking the nginx configuration to allow access only to certain endpoints like raw repository view. Anyway it has some problems which I've not totally resolved.
You could set up a SAML SSO redirect that forces a user to login, and if they fail they are not redirected back to the Artifactory instance. That's the only way I know of that won't let users even look at the front page of Artifactory.
They would get caught on step 3 after an automatic redirect: SAML SSO Login Process
The obvious downside with this is that you need to have a SAML SSO setup in the first place.
I'm not sure which approach is best but my situation is something need to tie the admin login with external source. I mean, WP normally is:
wp-admin ---> Check with WP Database ---> Authenticate
Now i need to put an additional tier, in between:
wp-admin ---> Check with WP Database ---> Check with External API (true/false) ---> Authenticate
Means, i need to put an additional Authentication Layer in between (similar logic like, we apply LDAP Authentication Module) which in this case is my own API in-between.
So now in WP, where/which user/core file is handling the final true/false call returns in its traditional login concept?
Where do i need to go and make the core hack or modification please?
You can use Wordpress SOAP Authentication plugin.
However, to make it work, you will need to convert your external auth service to be SOAP-compliant.
Alternatively, you can create your own WP plugin based on this one, but it would check your external source using something else than SOAP.