authorization

I have an existing Wordpress site. The plan is to rebuild the site using the cakePHP framework. Due to time restrictions, I want to replace individual sections of the Wordpress site one at a time. This will mean that both apps will be running side by side for a certain period of time. I need to control access to the cakePHP app using the authorization provided by Wordpress. I'm not sure the best way to go about doing this. I've seen similar questions asked a lot, but I have not yet found a clear solution. I'm thinking about two approaches: Plan A: Configure Cake to look for Wordpress's

Let's say that you have a .net web api with a GetResource(int resourceId) action. This action (with the specified id) should only be authorized for a user associated with that id (the resource could for instance be a blogpost written by the user). This could be solved in many ways, but an example is given below. public Resource GetResource(int id) { string name = Thread.CurrentPrincipal.Identity.Name; var user = userRepository.SingleOrDefault(x => x.UserName == name); var resource = resourceRepository.Find(id); if (resource.UserId != user.UserId) { throw new HttpResponseException

I am using the spring-security-core plugin in my grails app. I need to know the current user's role in a controller action. How can I retrieve that? Mike Sickler You can inject springSecurityService into your controller: def springSecurityService and then in your action, call: def roles = springSecurityService.getPrincipal().getAuthorities() See the docs here . From a controller you can use two methods the plugin adds to the metaclass, getPrincipal and isLoggedIn : def myAction = { if (loggedIn) { // will be a List of String def roleNames = principal.authorities*.authority } } If the action is

I am using a custom authorization filter on my ASP.NET MVC controllers that redirects the user to a url other than the login screen if they fail authorisation on a particular action. This is ok for actions that return views, but many of my actions return other result types such as PartialResult or JsonResult. My current filter looks like this: <AuthorizeWithRedirect(Roles:="ServerAccess", Controller:="Home", Action:="Unauthorised")> This indicates that if the user is not in the ServerAccess role then they should be redirected to /Home/Unauthorised/ I am curious how other people are handling

I'm trying to do some custom authorization so I created a controller overriding the OnAuthorization method. I also applied the Authorize attribute to this controller. The question is why is the OnAuthorization method called BEFORE the basic forms authentication process? I would like to authorize the user after he is authenticated. Am I missing something? Here is the code: [Authorize] public class AuthorizationController : Controller { protected override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext == null) { throw new