I'm trying to fetch all the roles for the current user who has been authenticated and show them in a JSP page.
I notice that there are some built-in expressions listed here: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html but I don't see any that would list all the roles.
You can use SecurityContextHolder.getContext().getAuthentication().getAuthorities() to obtain a collection of the currently logged in user's roles.
Related
At the moment we're asking users to enter role names when restricting APIs by roles. Users (API publishers) have to know the roles beforehand. If it's LDAP then they have to use an LDAP browser or ask an admin to provide a list of roles.
After typing a role we're doing a validation check to make sure role is valid. If we can extend this to list out / browse all available roles and let the user to select a subset, that'll provide a better user experience
Currently, WSO2 APIM publisher rest API does not have such resource to get the list of roles. It only has a role validation endpoint.
Actually I am getting all the users list in JSON response but not getting the user role in that listing.
What I have to do for user role?
As long as you are authenticated you should just have to add ?context=edit to the request.
/wp-json/wp/v2/users?context=edit
Edit: This may only work if you query each user separately though as I believe you can only filter the user list by role, not list all the roles.
I work with alfresco 5.0.d
I want some users (who have a particular role) can create other user.
I don't want to add these users to the Administrators group.
I realize that the user can enter to create page (http://localhost:9090/share/page/console/admin-console/users) only if he is admin.
So how can I authorize a user with a particular role to enter the user management page? and create , delete or modify user ?
thank you
There are multiple ways of doing this,One way is too manipulation of permissions.But that will become more difficult.Instead of that do below things.
1.Create a webscript and pass required parameter for creating user.From that webscript create a user.
2.Create one dashlet or page in alfresco share and call the webscript, pass userName as parameter(along with the data of new user) and validate that user inside webscript(for identifying that user have access to create user or not).
Above approach is less secure.But if you don't have issue of confidentiality than you can go with that.If confidentiality is an issue.Than you need to find something which validates your user.Like creating another webscript which validates user.
I need to give roles (including the Member role), memberdata, and user folders to certain OpenID users before they first log in to my Plone site. That is, I need to programmatically add OpenID users to my Plone site. portal_registration.addMember cannot add an OpenID user. plone.openid has its own PAS plugin which does not create member objects. What do I do that is replicable in a setuphandler? The usual way to do this is to manually log in the OpenID user, then add roles, memberdata, and sharing after the login. Howwever, that user story is not programmatically replicable.
The only thing that should matter is the user id generated for each user. It should be possible to just create regular members beforehand with user ids matching the open id identity urls, assing them roles and then use openid (only) as an alternative authentication method for those users.
Update: As Chris commented below, it's not possible to add users with URL as their id through Plone UI, but they must be created directly into PAS users folder through ZMI (Zope Management Interface).
I'm trying to create a custom login for my flex web app with spring-security.
I have an working version where we use the channelset.login with blazeds.
The problem i have is that i would like to split the authentication and the authorization.
I would like to ask the user to make some choices after the authentication to determine its roles.
Since the roles the user is authorized to are determined by this choices.
This means the user has to be authenticated and then the client needs to do a service call to the service and then the authorization process needs to take place.
Does anyone know if this is possible and have some tips of how this can be done?
Thanks in advance,
Arjen
Yes, that doesn't sound too far-fetched.
You can store the user roles in the database, make each role for new users something like SIGNUP which will only allow the user to signup, once his new role is determined, simply update that role and restrict the new role from being able to update the role again, unless you're admin.
You can also override the authentication process to do whatever you want to do: http://mark.koli.ch/2010/07/spring-3-and-spring-security-setting-your-own-custom-j-spring-security-check-filter-processes-url.html
The session object might need to be refreshed if you're using some form of ORM.