authorization

We would like to hide some code features based on user login in Tomcat. We are using the basic authentications. Any suggestions? informatik01 IF what you meant was just hiding some resources depending on whether the user is logged in or not then it is just a matter of restricting access to some pages (see the references below). IF you want to hide some feature based on the who is logged in , then one of the solutions is to check the user role right inside JSP and output the content accordingly. Primitive example: sample.jsp <%@ page language="java" contentType="text/html; charset=UTF-8"

I'm working with WCF at the moment and attempting to implement a custom security model based around an API key and signature (similar to how Facebook/Flickr/OAuth etc. work). There are a while bunch of classes like ServiceAuthorizationManager, SecurityToken, SecurityTokenValidator, IAuthorizationPolicy and so on, but I can't seem to find any documentation about how these work together or what the conceptual security model is for WCF. I'm really looking for something that details how these classes fit and work together, so I can understand where to extract credentials, where to validate they

I have a WCF service that is using a custom ServiceAuthorizationManager . The custom auth manager is already set up to handle Windows and Forms authentication. However, if I connect with a client that is set to UserName auth, I can't seem to find the username anywhere. The client code looks like this: this.ClientCredentials.UserName.UserName = "user"; this.ClientCredentials.UserName.Password = "pass"; this.Open(); this.MyMethod(); // my actual contract method this.Close(); Then on the server, I have my custom auth manager: public sealed class AppAuthorizationManager :

We want to setup ADFS 3.0 to enable OAuth2 based authentication. I have read lots of documentation, but am still unclear if this is supported. Can ADFS be used as an authorization server for oauth, or is oauth2 support in ADFS only meant to work as a client to another authorization server? Any help for setting up adfs as oauth provider/server is appreciated. in ADFS 2012R2 (aka ADFS 3.0), we only support the authorization grant flow. The only scenario is for public clients (say a mobile app on iOS/Android/Windows) to access a RESTful service and authorizing via JWT tokens. You can see this at

Some time ago I stumbled upon an explanation on how to set up git authentication via the web server somehow. That way no ssh key swapping would be needed on client side. Shame on me, I did neither bookmark its link nor can remember the technique. I just miss throwing out a username:password combo to give access to some throwaway repositories. When prototyping some VM setups it was the last time I felt this need, snapshots were not an ideal solution. Is it possible to use git just with password-based authorization? Another example use case I heard of would be in university, where this approach

Hi guys I have some code in my grails 2.3.4's controller's action that uses google java client libraries to access the OAuth2 api. But when I create an instance of GoogleAuthorizationCodeFlow I get redirect_uri_mismatch error. The url google gives me is this http://localhost:60720/Callback , while I have defined the callback url in the google api console as this http://localhost:8080/<myAppName>/<controllerName>/<actionName> . When I copy paste my redirected url manually in the address bar replacing the one google gave me, my application works well. I've registered the application as web

I am trying to use an authorization header in order to use the vimeo API. It tells me to do this 'Authorization: basic ' + base64(client_id + ':' + client_secret) , which is something I can do. But nowhere on the internet does it tell me what I actually do with this code? It is not PHP, but does it go in a PHP file? If so then what function do I use on it after storing it? Does it go in an htaccess file? It is really sad how terrible any and all online documentation is on this. To summarize, basically what I'm saying is SHOW ME THE CODE $api_url = 'http://myapiurl'; $client_id = 'myclientid';

I am using MVC3/4. But it is just a general question in authorization. One of the role I have is named "Trip Leader" in the database, which contains a space. I tried [Authorize(Roles="'Trip Leader', Administrator")] but it failed to work. Can anyone help? Create your own attribute and derive from AuthorizeAttribute. Then override the AuthorizeCore method and implement your own logic with validation on a role that contains a space. An example could be something like this: public class CustomAuthAttribute : AuthorizeAttribute { private readonly IUserRoleService _userRoleService; private string[]