For active directory configuration I need to give our IT admin password
ldap.synchronization.java.naming.security.principal=
ldap.synchronization.java.naming.security.credentials=
He feels that its a big security concern as other developers working on alfresco has the access to the global property file.
Is there any possibility to encrypt the global property file ?
Alfresco version 4.2e
Unfortunately there is no such functionality in the Community Editon.
Alfresco introduced property encryption in a later enterprise version but in the CE there is no such thing even in the latest version.
Maybe you also read the Alfresco forums thread alfresco-global.properties file encrypting?
Instead of trying to encrypt the alfresco-global.properties, you should be adding a new user to your AD for alfresco instance(s) let's say alfresco:$3creT and grant read permission on your AD users and groups for that user !
Related
I´m developing an app that is reading jpeg and pdf files from a configurable location on the filesystem.
Currently there is a running version implemented in WPF and now I´m trying to move to the new Windows Universal apps.
The following code works fine with WPF:
public IList<string> GetFilesByNumber(string path, string number)
{
if (string.IsNullOrWhiteSpace(path))
throw new ArgumentNullException(nameof(path));
if (string.IsNullOrWhiteSpace(number))
throw new ArgumentNullException(nameof(number));
if (!Directory.Exists(path))
throw new DirectoryNotFoundException(path);
var files = Directory.GetFiles(path, "*" + number + "*",
SearchOption.AllDirectories);
if (files == null || files.Length == 0)
return null;
return files;
}
With using Universal Apps I ran into some problems:
Directory.Exists is not available
How can I read from directories outside of my app storage?
To read from an other directory outside the app storage I tried the following:
StorageFolder folder = StorageFolder.GetFolderFromPathAsync("D:\\texts\\");
var fileTypeFilter = new string[] { ".pdf", ".jpg" };
QueryOptions queryOptions = new QueryOptions(CommonFileQuery.OrderBySearchRank, fileTypeFilter);
queryOptions.UserSearchFilter = "142";
StorageFileQueryResult queryResult = folder.CreateFileQueryWithOptions(queryOptions);
IReadOnlyList<StorageFile> files = queryResult.GetFilesAsync().GetResults();
The thing is: It isn´t working, but I get an exception:
An exception of type 'System.UnauthorizedAccessException' occurred in TextManager.Universal.DataAccess.dll but was not handled in user code
Additional information: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I know that you have to configure some permissions in the manifest, but I can´t find one suitable for filesystem IO operations...
Did someone also have such problems/a possible solution?
Solution:
From the solutions that #Rico Suter gave me, I chosed the FutureAccessList in combination with the FolderPicker. It is also possible to access the entry with the Token after the program was restarted.
I can also recommend you the UX Guidlines and this Github sample.
Thank you very much!
In UWP apps, you can only access the following files and folders:
Directories which are declared in the manifest file (e.g. Documents, Pictures, Videos folder)
Directories and files which the user manually selected with the FileOpenPicker or FolderPicker
Files from the FutureAccessList or MostRecentlyUsedList
Files which are opened with a file extension association or via sharing
If you need access to all files in D:\, the user must manually pick the D:\ drive using the FolderPicker, then you have access to everything in this drive...
UPDATE:
Windows 10 build 17134 (2018 April Update, version 1803) added additional file system access capabilities for UWP apps:
Any UWP app (either a regular windowed app or a console app) that declares an AppExecutionAlias is now granted implicit access to the files and folders in the current working directory and downward, when it’s activated from a command line. The current working directory is from whatever file-system location the user chooses to execute your AppExecutionAlias.
The new broadFileSystemAccess capability grants apps the same access to the file system as the user who is currently running the app without file-picker style prompts. This access can be set in the manifest in the following manner:
xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
...
IgnorableNamespaces="uap mp uap5 rescap">
...
<Capabilities>
<rescap:Capability Name="broadFileSystemAccess" />
</Capabilities>
These changes and their intention are discussed at length in the MSDN Magazine article titled Universal Windows Platform - Closing UWP-Win32 Gaps. The articles notes the following:
If you declare any restricted capability, this triggers additional
scrutiny at the time you submit your package to the Store for
publication. ... You don’t need an AppExecutionAlias if you have this
capability. Because this is such a powerful feature, Microsoft will
grant the capability only if the app developer provides compelling
reasons for the request, a description of how this will be used, and
an explanation of how this benefits the user.
further:
If you declare the broadFileSystemAccess capability, you don’t need to
declare any of the more narrowly scoped file-system capabilities
(Documents, Pictures or Videos); indeed, an app must not declare both
broadFileSystemAccess and any of the other three file-system
capabilities.
finally:
Even after the app has been granted the capability, there’s also a
runtime check, because this constitutes a privacy concern for the
user. Just like other privacy issues, the app will trigger a
user-consent prompt on first use. If the user chooses to deny
permission, the app must be resilient to this.
The accepted answer is no longer complete. It is now possible to declare broadFileSystemAccess in the app manifest to arbitrarily read the file system.
The File Access Permissions page has details.
Note that the user can still revoke this permission via the settings app.
You can do it from UI in VS 2017.
Click on manifest file -> Capabilities -> Check photo library or whatever stuff you want.
According to MSDN doc : "The file picker allows an app to access files and folders, to attach files and folders, to open a file, and to save a file."
https://msdn.microsoft.com/en-us/library/windows/apps/hh465182.aspx
You can read a file using the filepicker through a standard user interface.
Regards
this is not true:
Files which are opened with a file extension association or via sharing
try it, by opening files from mail (outlook) or from the desktop...
it simply does not work
you first have to grant the rights by the file picker.
so this ist sh...
This is a restricted capability. Access is configurable in Settings > Privacy > File system. and enable acces for your app. Because users can grant or deny the permission any time in Settings, you should ensure that your app is resilient to those changes. If you find that your app does not have access, you may choose to prompt the user to change the setting by providing a link to the Windows 10 file system access and privacy article. Note that the user must close the app, toggle the setting, and restart the app. If they toggle the setting while the app is running, the platform will suspend your app so that you can save the state, then forcibly terminate the app in order to apply the new setting. In the April 2018 update, the default for the permission is On. In the October 2018 update, the default is Off.
More info
I am novices to the field of Identity and Access management.
Till now I know, Sail point has provided the some direct connectors to integrate the known systems like LDAP, HR systems, OIM, Databases..
And sailpoint also provided the support for disconnected applications with the use of Custom connectors.
Here, My question is how to develop a custom connector..?
I do not have jar file provided by sailpoint which contain "AbstractConnector" class.
So that I can write my own class and develop..?
I also so not understand, what to do with that class?(if i have a jar)
How sailpoint will refer to that class..
Do we need to deploy that class to somewhere...
Here I am expecting the complete flow to develop and deploy the custom connector..
If anyone is working please help..
If you unzip your identityiq.war, you'll find a JAR file called WEB-INF/lib/connector-bundle.jar. This is the JAR where you'll find AbstractConnector. Once you've written your connector code, you will need to compile it and bundle it into a JAR file, which you will place into WEB-INF/lib.
Finally, you will need to update the ConnectorRegistry object (under Configuration on the debug screen) to reference the new class, which will make it available as an Application type. If it has custom connection parameters (as most do), you will also need an xhtml page that will be embedded into the Sailpoint UI to prompt the user configuring the Application.
If you have Compass access, they have a whitepaper called Custom Connectors that you will find helpful.
All that said, I encourage you to try to find a way to use an out-of-box connector if possible.
Most of the times it will be better if you use the DelimitedFile connector, you can import a CSV of identity data, and make it work within Sailpoint's workflow. You will be able to map fields, correlate accounts and create multi-valued group memberships rapidly. Of course, this means that Sailpoint will not be connected directly to the application, and you will have to develop a workflow to extract the identities and upload them. But at least, you can integrate without going the Custom Connector way.
I'm currently trying to migrate one of my customer's ECM system from FileNet to Alfresco.
Since they are using Filenet Image Services 4.0 SP4, I cannot take advantage of CMIS (only available from 4.5.x).
According to this blog in more or less similar conditions :
http://blog.tsgrp.com/2010/08/24/filenet-migration-findings/
http://blog.tsgrp.com/2010/02/09/migrating-from-filenet-to-documentum-could-openmigrate-possibly-do-that/
The best practice seems to be reading the database to find all documents (data + link to image) :
Does anyone know how to achieve that (retrieving the document from system tools) ?
Does anyone know how to read directly MSAR surface (.dat) files that already contains all information ?
I think the best practice is to use standard FileNet Image Services Resource Adapter (ISRA) if you can.
Product Documentation for FileNet Image Services Resource Adapter
For content migrations to Alfresco you can use migration-center. You can download a free evaluation copy of migration-center on http://www.migration-center.com/free-evaluation-copy/
I'm reading a book that suggests that you try to configure the Services module, you should see 3 tabs: Browse, Settings, and Keys. I'm working with the latest release and all I see is Browse and Settings. Anyone knows what happened to the Keys tab? Has the module logic changed?
If you enable Key Authentication within Services, Keys will present itself.
I have an application that must be accessed for many users.
To optimize the performance I intend to store each user profile information at a independant database file.
I need everytime a user login the application, to setup a new provider linked with his own database.
All databases have the same structure. So while querying user the commom generated DAL classes must switch for the database file relative the the user.
Is there a way for configure SubSonic for doing that switch at runtime?
Thanks.
Well, assuming we 're talking about SubSonic3:
I have made a patch for this and logged it as an issue in the SubSonic Templates project on github, where the source is available. You can find the issue (and a link to the code) here.
After you apply the patch, you will have a new DefaultDataProvider property which does exactly what you want. Use it like this (e.g. after a user logs in):
YourSubSonicGeneratedNamespace.YourDatabaseName.DefaultDataProvider =
SubSonic.DataProviders.ProviderFactory.GetProvider(
"your connection string here",
SubSonic.DataProviders.DbClientTypeName.SqlLite);
And you 're good to go.
For SubSonic 2, this answer sounds like what you want.
With subsonic 2 I use an approach where I inject the provider at runtime rather than loading it from the app.config file.
Look at my answer here: Subsonic in a VS2008 Add-In woes
Instead of just using one provider you could create one for every user who starts the application and change the default provider as needed.