authorization

问题 I am looking for a good role based authorization solution to use alongside Authlogic. Anyone have any good suggestions? Please list some pros and cons from your experience if possible please. 回答1: Acl9 works great with AuthLogic: http://github.com/be9/acl9/tree/master 回答2: At RailsConf, I saw a lightning talk on Lockdown and was very impressed. Anyone with a modest amount of db and rails experience can roll their own ACL system, but Lockdown looks nice because it tries to keep the permission

问题 My question is "Can I use @RolesAllowed on RESTful Resources implemented on CXF ?" . First of all, I explain the context causing this question. I'm working at some projects in which developers have to remake one part of the some web systems into RESTful WEB Apis.This present system has server system built by Spring and Hibernate . And its client application as UI is developed by ActionScript through FLEX framework . Now I'm surveying the proper way to design and remake our present system into

问题 I want to be able to Get a list of roles of the current authenticated user. Filter the data provided to that user based on their role. I see ways to check if the user is in a particular role, but I don't care what role they participate. The database will know what roles are allowed to see what data. I need to submit a collection of these roles to the data service to filter the data based on those roles. So first step is how do I get all roles associated with the current user in a controller

问题 I'm building a MVC4 application for internal use in a corporate enviroment. I use windows authentication, which works fine, but I'm having troubles using Active Directory groups as roles for authorization. My Web.config looks like this: <authentication mode="Windows" /> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <clear /> <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> <

问题 I am building an app in PHP Lumen which returns a token upon login. I am not sure how to proceed beyond this. How am I supposed to maintain a session using these tokens? Specifically, how do I store the tokens on the client side if I am using reactjs or vanilla HTML/CSS/jQuery and send them in every request I make for the secure part of my web app? 回答1: What I usually do is to keep the token in the local storage, this way I can persist the token even if the user leaves the site. localStorage

问题 Let's say that you have a .net web api with a GetResource(int resourceId) action. This action (with the specified id) should only be authorized for a user associated with that id (the resource could for instance be a blogpost written by the user). This could be solved in many ways, but an example is given below. public Resource GetResource(int id) { string name = Thread.CurrentPrincipal.Identity.Name; var user = userRepository.SingleOrDefault(x => x.UserName == name); var resource =

问题 I am using the spring-security-core plugin in my grails app. I need to know the current user's role in a controller action. How can I retrieve that? 回答1: You can inject springSecurityService into your controller: def springSecurityService and then in your action, call: def roles = springSecurityService.getPrincipal().getAuthorities() See the docs here. 回答2: From a controller you can use two methods the plugin adds to the metaclass, getPrincipal and isLoggedIn : def myAction = { if (loggedIn)

问题 I am using a custom authorization filter on my ASP.NET MVC controllers that redirects the user to a url other than the login screen if they fail authorisation on a particular action. This is ok for actions that return views, but many of my actions return other result types such as PartialResult or JsonResult. My current filter looks like this: <AuthorizeWithRedirect(Roles:="ServerAccess", Controller:="Home", Action:="Unauthorised")> This indicates that if the user is not in the ServerAccess

问题 I have a question about custom authorization in MVC. I have a site that I want to limit access to certain pages, depending on their group membership. Now I have seen tons of examples on how to do this if there is a single admin group and a single user group, for example, but not any examples for a third level. For example, only users of a company can view orders for their own company (and each company has its own admins, etc). These companies are stored in a DB. So I have seen ways to do

问题 I have some created web forms and I need to check whether the user is authenticated or not, before displaying the other web forms. All the users can access Default.aspx and About.aspx pages. And I have three types of users namely- Admin,User and Super User . Also, I keep the authentication details in my own SQL server db. How can I do this? Thanks in advance! 回答1: First establish membership and role provider. There is whole story about it. I will give a help here. Here is link to