Skip to main content

Home/ SoftwareEngineering/ Group items tagged user

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

TH01-EP03-US004 - Property Mgmt, Edit Location & Directions, Content Mgmt - Projects - ... - 0 views

confluence.visualfrenzy.com/...viewpage.action

shared by kuni katsuya on 06 Dec 12 - No Cached
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • ...18 more annotations...
  • Property Mgmt
  • Property Mgmt
  • Property Mgmt
  • As a user
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      with what granted roles? from which organization?
  • ability to see
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permissions required: retrieve these resource types
  • Location Type
  • Description
  • Airports
  • belonging to other organizations
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      content (license) owned by organization different than user's
  • clone this information
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      clone = retrieve, then create ie. required permissions: {retrieve,create:}
  • have the rights
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      generally speaking, there can be a few independent but overlapping mechanism that will control who is allowed to do what with content: 1. any subject's access to the content itself can be controlled via authorization rules (ie. required vs granted permissions) enforced via system-wide resource-based access control 2. content licensors (~content owners) can restrict the usage of their content by: * whom - ie. content licensee (legally/commercially represented by an organization) * how - eg. reuse as unmodified, create derivatives, composite, redistribute, etc * where - ie. distribution channels their content can be used (eg. only on hotel's vbrochure site, but not in any ids/gds channels) * when - temporal restrictions may limit scope of content license grant by: start, end, duration, season, etc 3. content licensees can further filter or funnel content available to them (resulting from a combination of license granted to them and access control) based on their own criteria (eg. generate a templated hotel presentation only if: at least 1 textual description, 5 photos and 1 video for a hotel is available with a license to combine them (composite content)
  • see how other organizations describe the property
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      permission required: retrieve hotel descriptive content(?) owned by independent organization
  • Property Mgmt
  • which textual information
  • displayed
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      displayed where? on specific channels?
  • ECM will ask user to confirm that the user has rights to use that content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      if ecm/vfml is to manage content licensing as a third party between organizations (content licensors & licensees) shouldn't ecm *know* if the user('s organization) has rights to use the content in question? is this question posed to the user (with required explicit acknowledgement) purely to absolve vfml from liability issues that may result from licensing disagreements?
  • property’s
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this being the user's (organization's) 'version'or 'view'of the hotel, since this user normally wouldn't/shouldn't be granted permissions to replace content for a hotel on a different organization's 'view'or 'version' of the same hotel
  • to see the user’s original content
    • kuni katsuya
      kuni katsuya on 06 Dec 12
       
      this implies that *at least* one version of such (temporarily) replaceable content needs to be managed/maintaned to allow reverting what if, deliberately, ignorantly or maliciously, a user replaces the same piece of--textual or any type, really--content for this hotel n times? will all n versions be required to be managed as an undo history? the user's ''original content'' might have been version 1, but equally might have been 1 mean: - previous version of the content, regardless of which user - initial version of that content attached to the hotel regardless of which user created/updated it and ignoring which organization owns it?, or, -
kuni katsuya

Security Module Drafts - Apache DeltaSpike - Apache Software Foundation - 0 views

cwiki.apache.org/...Security+Module+Drafts

ApacheDeltaSpike

shared by kuni katsuya on 16 Aug 12 - No Cached
  • Authorization
  • Impersonalization
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      impersonation
  • authenticates “as a user” or access application imitating his identity - without knowing his password
  • ...36 more annotations...
  • elements of the user interface are displayed to the user based on the user's privilege level
  • assign permissions to individual objects within the application’s business domain
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      individual objects == instances
  • Permissions
  • Permissions assigned to user for a given resource in the tree are inherited by other resources
  • Permissions are inherited
  • persist user, group and role information in database. JPA implementation is his dream
  • Security Module Drafts
  • Identity
  • interface Identity
  • login()
  • logout()
  • getUser()
  • Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent
  • Object level permission
  • Grant or revoke permissions
  • Group management
  • User/Identity management
  • identity.hasRole
  • identity.hasPermission
  • Permissions model
  • Identity Management (IDM)
  • User, Group and Role
  • Events
  • hooks for common IDM or Security operations
  • Audit and logging for permission and IDM related changes
  • Event API.
  • Impersonalization
  • Impersonalization
  • control which elements of the user interface are displayed to the user based on their assigned permissions
  • ask for permission
  • without need to obtain object from DB
  • String resourceId
  • structure of resources
  • more advanced security resolution mechanisms
  • Rules based engine
  • external services - XACML
kuni katsuya

Access Tokens and Types - Facebook Developers - 0 views

developers.facebook.com/...access-tokens-and-types

Facebook login authentication AccessToken FacebookAPI

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Access Tokens and Types
  • Access Tokens
  • random string that provides temporary, secure access to Facebook APIs
  • ...27 more annotations...
  • token identifies a User, App or Page session and provides information about granted permissions
  • Types
  • User Access
  • generated in the login flow when a
  • Facebook Pages
  • on behalf of a user
  • use this token to perform API calls
  • Page Access
  • used to
  • manage
  • user grants permissions to an app
  • user who is the
  • App Secret or an App Access token should never be included in any code that could be accessed by anyone other than a developer of the app
  • must grant an extended permission called
  • manage_pages
  • use this type of token to make API calls
  • on behalf of a page
  • unique to each page, admin and app
  • App Access
  • useful to modify app settings, create and manage test users or read App Insights data
  • use app tokens to publish or delete content
  • on behalf of a user
  • unique to each app
  • Security Best Practices
  • extremely important that an App Secret is not compromised
  • Page admin
  • App Access Tokens should only be used directly from your app's servers in order to provide the best security
kuni katsuya

Permissions | Apache Shiro - 0 views

shiro.apache.org/permissions.html

security Shiro permissions authorization

shared by kuni katsuya on 07 Aug 12 - No Cached
  • Permission as a statement that defines an explicit behavior or action
  • lowest-level constructs in security polices
  • explicitly define only "what" the application can do
  • ...69 more annotations...
  • do not at all describe "who" is able to perform the action(s)
  • Multiple Parts
  • Wildcard Permissions support the concept of multiple levels or parts. For example, you could restructure the previous simple example by granting a user the permission printer:query
  • Multiple Values Each part can contain multiple values. So instead of granting the user both the "printer:print" and "printer:query" permissions, you could simply grant them one: printer:print,query
  • All Values What if you wanted to grant a user all values in a particular part? It would be more convenient to do this than to have to manually list every value. Again, based on the wildcard character, we can do this. If the printer domain had 3 possible actions (query, print, and manage), this: printer:query,print,manage
  • simply becomes this: printer:*
  • Using the wildcard in this way scales better than explicitly listing actions since, if you added a new action to the application later, you don't need to update the permissions that use the wildcard character in that part.
  • Finally, it is also possible to use the wildcard token in any part of a wildcard permission string. For example, if you wanted to grant a user the "view" action across all domains (not just printers), you could grant this: *:view Then any permission check for "foo:view" would return true
  • Instance-Level Access Control
  • instance-level Access Control Lists
  • Checking Permissions
  • SecurityUtils.getSubject().isPermitted("printer:print:lp7200")
  • printer:*:*
  • all actions on a single printer
  • printer:*:lp7200
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      note: wildcard * usage for 'actions' part
  • missing parts imply that the user has access to all values corresponding to that part
  • printer:print is equivalent to printer:print:*
  • Missing Parts
  • rule of thumb is to
  • use the most specific permission string possible
  • when performing permission checks
  • first part is the
  • domain
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      aka 'resource'
  • that is being operated on (printer)
  • second part is the
  • action
  • (query) being performed
  • There is no limit to the number of parts that can be used
  • three parts - the first is the
  • domain
  • the second is the
  • action(s)
  • third is the
  • instance(s)
  • allow access to
  • all actions
  • all printers
  • can only leave off parts from the end of the string
  • Performance Considerations
  • runtime implication logic must execute for
  • each assigned Permission
  • implicitly using Shiro's default
  • WildcardPermission
  • which executes the necessary implication logic
  • When using permission strings like the ones shown above, you're
  • Shiro's default behavior for Realm
  • for every permission check
  • all of the permissions assigned to that user
  • need to be checked individually for implication
  • as the number of permissions assigned to a user or their roles or groups increase, the time to perform the check will necessarily increase
  • If a Realm implementor has a
  • more efficient way of checking permissions and performing this implication logic
  • Realm isPermitted* method implementations
  • should implement that as part of their
  • implies
  • user:*:12345
  • user:update:12345
  • printer
  • implies
  • printer:print
  • Implication, not Equality
  • permission
  • checks
  • are evaluated by
  • implication
  • logic - not equality checks
  • the former implies the latter
  • superset of functionality
  • implication logic can be executed at runtime
kuni katsuya

Login for Server-side Apps - Facebook Developers - 0 views

developers.facebook.com/...server-side-login

Facebook login authentication AccessToken FacebookAPI

shared by kuni katsuya on 27 Mar 13 - No Cached
  • compare it to the same state variable stored client-side in the session
    • kuni katsuya
      kuni katsuya on 27 Mar 13
       
      cross-site request forgery defense mechanism
  • If the user decided to decline to authorize your app
  • YOUR_REDIRECT_URI
  • ...38 more annotations...
  • error_reason=user_denied
  • Handling Revoked Permissions to see how best to proceed
  • Step 6. Exchange the code for an Access Token
  • exchange it for a User access token that can then be used to make API requests
  • /oauth/access_token
  • server-side request to the following OAuth endpoint:
  • client_secret
  • code=CODE_GENERATED_BY_FACEBOOK
  • body of the response
  • access_token
  • USER_ACCESS_TOKEN
  • persist this User access token in your database or in a session variable
  • must have the same base domain as that specified in the App Domain property of your app's settings
  • URL of the form https://apps.facebook.com/YOUR_APP_NAMESPACE
  • scope=user_birthday,read_stream
  • Step 4. Add Permissions to Login Dialog request
  • comma-separated list of any of the Permissions available
  • Step 5. Handle the response from the Login Dialog
  • Step 5. Handle the response from the Login Dialog
  • Step 5. Handle the response from the Login Dialog
  • Step 5. Handle the response from the Login Dialog
  • YOUR_REDIRECT_URI
  • Step 3. Redirect the user to the Login Dialog
  • Login for Server-side Apps
  • Login for Server-side Apps
  • Login for Server-side Apps
  • Login for Server-side Apps
  • Login for Server-side Apps
  • Login for Server-side Apps
  • way to authenticate users in situations where the use of client-side Javascript is not appropriate.
  • Login for Server-side Apps
  • received an access token for them and can make API calls on their behalf
  • Step 5. Handle the response from the Login Dialog
  • include CSRF protection using the state parameter
  • if the user has authorized the app, they will be redirected to:
  • YOUR_REDIRECT_URI
  • code=CODE_GENERATED_BY_FACEBOOK
  • redirect_uri as the same URL that redirect the user to the Login Dialog
kuni katsuya

MySQL & Apache Derby as jdbcRealm for Apache Shiro | Nabil Hachicha - 0 views

nhachicha.wordpress.com/...-as-jdbcrealm-for-apache-shiro

ApacheShiro JdbcRealm example MySQL

shared by kuni katsuya on 03 Sep 12 - No Cached
  • http://localhost:8080/ShiroDemo/auth/secured.jsp
  • MySQL & Apache Derby as jdbcRealm for Apache Shiro
  • Step 1 creating a simple WebApp
  • ...36 more annotations...
  • Step 2 securing some content
  • create a database that will hold the list of the authorized users along with their password
  • Create a new directory “auth” and add a new JSP under it, let’s call it “BackOffice.jsp“
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      create directory 'auth' under webapps directory
  • enable Shiro into our project by adding a ServletFilter into our Web.xml
  •  <filter-class>05            org.apache.shiro.web.servlet.IniShiroFilter06        </filter-class>
  • 10    <filter-mapping>11         <filter-name>ShiroFilter</filter-name>12         <url-pattern>/*</url-pattern>13    </filter-mapping>
  • classpath:shiro.ini
  • shiro-core
  • shiro-web
  • create shiro.ini under resource dir
  • 07ds.jdbcUrl=jdbc:derby://localhost:1527/shiro_schema08ds.username = APP09ds.password = APP
  • 15/auth/** = authcBasic16/** = anon
  • jdbcRealm.authenticationQuery
  • jdbcRealm=org.apache.shiro.realm.jdbc.JdbcRealm
  • setup the jdbc realm, this is where Shiro will find the authorized users
  • map the URLs to be protected, all the url under /auth should be authenticated with basic HTTP authentication
  • All the other URLs should be accessed without authentication
  • Add a new directory under src let’s call it production we will create a new shiro configuration file compatible with MySQL
    • kuni katsuya
      kuni katsuya on 03 Sep 12
       
      create src/production/resources/shiro.ini with contents below
  • 06ds.serverName = localhost07ds.user = ADM08ds.password = secret12309ds.databaseName = shiro_schema
  • jdbcRealm which use a MySQL driver
  • jdbcRealm.dataSource = $ds
  • jdbcRealm.dataSource=$ds
  • added the appropriate dependency to maven pom.xml
  • mysql-connector-java
  • environment.type
  • staging
  • 13                <jdbc.user>APP</jdbc.user>14                <jdbc.passwd>APP</jdbc.passwd>15                <jdbc.url>jdbc:derby://localhost:1527/shiro_schema</jdbc.url>16                <jdbc.driver>org.apache.derby.jdbc.ClientDriver</jdbc.driver>
  • src/main/resources
  • derbyclient
  • production
  • environment.type
  • 45                <jdbc.user>ADM</jdbc.user>46                <jdbc.passwd>secret123</jdbc.passwd>47                <jdbc.ds>com.mysql.jdbc.jdbc2.optional.MysqlDataSource</jdbc.ds>48                <jdbc.serverName>localhost</jdbc.serverName>49                <jdbc.databaseName>shiro_schema</jdbc.databaseName>
  • src/production/resources
  • To build and run for staging
  • To build for production
  • -Denvironment.type=prod
kuni katsuya

Authentication Cheat Sheet - OWASP - 0 views

www.owasp.org/...Authentication_Cheat_Sheet

security authentication CheatSheet

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Authentication Cheat Sheet
  • Sessions should be
  • unique per user
  • ...26 more annotations...
  • computationally very difficult to predict
  • "strong" password policy
  • Secure Password Recovery Mechanism
  • Require re-authentication for Sensitive Features
  • Authentication and Error Messages
  • can be used for the purposes of user ID and password enumeration
  • Incorrectly implemented error messages
  • generic manner
  • respond with a generic error message regardless if the user ID or password was incorrect
  • give no indication to the status of an existing account
  • Authentication responses
  • Invalid user ID or password"
  • does not indicate if the user ID or password is the incorrect parameter
  • Transmit Passwords Only Over TLS
  • login page
  • all subsequent authenticated pages
  • must be exclusively accessed over TLS
  • unencrypted session ID
  • credentials
  • Implement Account Lockout
  • lock out an account if more than a preset number of unsuccessful login attempts are made
  • can produce a result that locks out entire blocks of application users accounts
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      somewhat of a denial-of-service attack, since legitimate users can no longer access their accounts/services
  • sensible strategy
  • is to lockout accounts for a number of hours
  • Password lockout mechanisms have a logical weakness
  • Session Management General Guidelines
kuni katsuya

Seam - Contextual Components - 0 views

docs.jboss.org/...html_single

java security framework SeamSecurity authorization

shared by kuni katsuya on 09 Aug 12 - No Cached
  • 15.6. Authorization
  • Seam Security is built around the premise of users being granted roles and/or permissions, allowing them to perform operations that may not otherwise be permissible for users without the necessary security privileges
  • 15.6.1. Core concepts
  • ...15 more annotations...
  • 15.6.1.1. What is a role? A role is a group, or type, of user that may have been granted certain privileges for performing one or more specific actions within an application
  • used to create logical groups of users for the convenient assignment of specific application privileges
  • 15.6.1.2. What is a permission? A permission is a privilege (sometimes once-off) for performing a single, specific action. It is entirely possible to build an application using nothing but permissions, however roles offer a higher level of convenience when granting privileges to groups of users
  • consisting of three "aspects";
  • a target
  • an action
  • a recipient
  • An empty @Restrict implies a permission check of componentName:methodName
  • implied permission required to call the delete() method is account:delete
  • equivalent of this would be to write @Restrict("#{s:hasPermission('account','delete')}")
  • @Restrict annotation may reference any objects that exist within a Seam context. This is extremely useful when performing permission checks for a specific object instance.
  • selectedAccount
  • selectedAccount
  •  Identity.instance().checkRestriction
  • If the expression specified doesn't evaluate to true, either if the user is not logged in, a NotLoggedInException exception is thrown or if the user is logged in, an AuthorizationException exception is thrown.
kuni katsuya

Introduction to Enterprise Architect, UML Modeling Tool [EA User Guide] - 0 views

www.sparxsystems.com/...9.3

enterprisearchitect user guide documentation

shared by kuni katsuya on 27 Jun 12 - No Cached
  • Introduction to Enterprise Architect
  • Enterprise Architect User Guide provides tutorials, guidance and reference material to help you use Enterprise Architect in: Modeling With Enterprise Architect Model Management Project Management Model Auditing Model Baselining and Differencing Model User Security Model Version Control Code Engineering Visualization and Analysis of Code Execution RTF and HTML Document Creation (Reports)
  • Introduction to Enterprise Architect
  • ...2 more annotations...
  • Enterprise Architect User Guide provides tutorials, guidance and reference material to help you use Enterprise Architect in: Modeling With Enterprise Architect Model Management Project Management Model Auditing Model Baselining and Differencing Model User Security Model Version Control Code Engineering Visualization and Analysis of Code Execution RTF and HTML Document Creation (Reports)
  • If you are new to modeling and UML as well as Enterprise Architect, or otherwise want a rapid review of the process of modeling with Enterprise Architect, go to the Quickstart Tutorial.
kuni katsuya

Edit Permissions - VFM Leonardo JIRA - 0 views

jira.vfmltech.com/...EditPermissions!default.jspa

shared by kuni katsuya on 18 Jan 13 - No Cached
  • Edit Issues
  • Administer Projects
  • Schedule Issues
    • kuni katsuya
      kuni katsuya on 18 Jan 13
       
      required for: - ranking issues (in backlog) https://confluence.atlassian.com/display/GH060/Ranking+an+Issue
  • ...25 more annotations...
  • Administer Projects
  • Administer Projects
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master)
  • Single User (anton.marinov)
  • Single User (felix.zhuang)
  • Single User (jason.ibele)
  • Single User (cuneyt.tuna)
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
  • Project Role (Scrum Master) (
  • Project Role (Scrum Master)
  • Single User (parth.upadhye)
  • Project Role (Scrum Master)
  • Project Role (Product Owner)
  • Project Role (Product Owner)
  • Project Role (Scrum Master)
kuni katsuya

cygwin permissions bug on Windows 8 » Vineet Gupta - 0 views

www.vineetgupta.com/...n-permissions-bug-on-windows-8

cygwin permissions group Windows8

shared by kuni katsuya on 19 May 13 - No Cached
  • cygwin permissions bug on Windows 8
  • Permissions 0660 for '/home/Vineet/.ssh/id_rsa' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /home/Vineet/.ssh/id_rsa Permission denied (publickey).
  • quick fix is to change the group on all existing entries:
  • ...12 more annotations...
  • chgrp -R Users ~/.ssh
  • 1) Check the group Id of the ‘Users’ group in /etc/group
  • -rw-------
  • Here’s how you can fix the root cause:
  • chmod 600 ~/.ssh/id_rsa
  • cat /etc/group | egrep '^Users:' | cut -f3 -d':'
  • value was 545
  • 2) Check the primary group for your user in /etc/passwd
  • cat /etc/passwd | egrep '^Vineet:' | cut -f4 -d':'
  • value was 513 (which was the value for the ‘None’ group in /etc/group)
  • 3) Change this value to the one found in the previous step for ‘Users’ (545 in this example)
  • 4) Exit cygwin and restart
kuni katsuya

TH03-EP01-US001 - Media Management, Media Upload, Media Item Fields (Groomed BE21, FE8)... - 0 views

confluence.visualfrenzy.com/...viewpage.action

UserStory ECM Cube MediaManagement

shared by kuni katsuya on 19 Dec 12 - No Cached
  • Media Management,
  • upload a new media item
  • syndication and encoding - not part of this user story
  • ...26 more annotations...
  • definition
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      ie. attach the following metadata to the uploaded media item
  • Owner
  • Rights of owner
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      dependent on implementation of licensing/rights management system which is tbd, so these will be best guess stubs for now
  • Rights expiry date
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      dependent on implementation of licensing/rights management system which is tbd, so these will be best guess stubs for now
  • Syndication
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      dumbed down, feature parity implementation is just a list of idss allowed distribution (i believe) use existing legacy infrastructure? ultimate syndication system will depend on: - licensing - explicit list of syndication channels (much like legacy) - rule-based routing
  • Caption
  • Category
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      ota category assumed
  • Seasonality display rules
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      this is one (simple) example of rule-based syndication: rule type: temporal (which could include: time range, recurrence, end time, etc) rule: syndicate while startDate>=now() and endDate<=now()
  • Short description
  • Long description
  • Search keywords
  • Associated with
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      huh?
  • in the media library
  • can be viewed by users
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      not only new ecm users, but legacy viewers as well ie. content uploaded via ecm must be available for display in legacy viewers, at least until legacy system is replaced and shutdown for good
  • Uploaded by
  • Date uploaded
  • Date modified
  • Last modified by
  • Status
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      TO DO: for new domain model, should define explicit content life cycle with state diagram
  • File type
  • Media type
  • Dimensions
  • Aspect ratio
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      aspect ratio doesn't need to be stored in db as metadata, since it can be calculated cheaply based on the dimensions
  • File size
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      units: bytes
  • File name
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      is this the original name of the file that was uploaded? if not, and it supposed to be the medlib file name, imho, should not be exposed. the medlib file name should be immaterial to the ecm user and generally, vfml should treat them as opaque to allow future changes without customer dependencies the only time an ecm user should care about a 'file name' is when they're uploading or downloading. but... once the file is uploaded, who cares what the original file name was? it will be recorded, but should be inconsequential to anything since it would never, ever be referred to again on download, (save as...) the original file name *could* be used, but any file name is just as good, since the downloader would also be given the option to rename the file
  • Media units consumed
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      calculated/cached value pull from legacy system in future sprints, could start to build phased shell of the marketing xxx system 1. getMediaUnits()
    • kuni katsuya
      kuni katsuya on 19 Dec 12
       
      TODO: confirm with david and/or henry.wu where/how to obtain 'media units consumed' for a media item
kuni katsuya

Realm (Apache Shiro :: Core 1.1.0 API) - 0 views

127.0.0.1/...Realm.html

security ApacheShiro Realm authentication authorization user Role Permission

shared by kuni katsuya on 03 Sep 12 - No Cached
  • Interface Realm
  • AuthenticatingRealm
  • AuthorizingRealm
  • ...7 more annotations...
  • JdbcRealm
  • A Realm is a security component that can access application-specific security entities such as users, roles, and permissions to determine authentication and authorization operations
  • security-specific DAOs
  • If for some reason you don't want your Realm implementation to perform authentication duties, you should override the supports(org.apache.shiro.authc.AuthenticationToken) method to always return false
  • does not require you to implement or extend any User, Group or Role interfaces or classes
  • Shiro tries to maintain a non-intrusive development philosophy
  • Most users will not implement the Realm interface directly, but will extend one of the subclasses, AuthenticatingRealm or AuthorizingRealm, greatly reducing the effort requird to implement a Realm from scratch
kuni katsuya

Java Persistence/Auditing and Security - Wikibooks, open books for an open world - 0 views

en.wikibooks.org/...Auditing_and_Security

jpa auditing security

shared by kuni katsuya on 25 Jul 12 - No Cached
  • Use a common database user id, and manage auditing and security in the application
  • managed in the application by having an application user, and a single shared database user
  • adding a AUDIT_USER and AUDIT_TIMESTAMP column to all of the audited tables and auditUser and auditTimestamp field to all of the audited objects
  • ...5 more annotations...
  • When the application inserts or updates an object, it will set these fields and they will be stored in the database. JPA events could also be used to record the audit information, or to write to a separate audit table.
  • Example AuditedObject class
  • @MappedSuperclass public Class AuditedObject {
  • @Column("AUDIT_USER"); protected String auditUser; @Column("AUDIT_TIMESTAMP"); protected Calendar auditTimestamp;
  • @PrePersist @PreUpdate public void updateAuditInfo() { setAuditUser((String)AuditedObject.currentUser.get()); setAuditTimestamp(Calendar.getInstance()); }
  • kuni katsuya on 25 Jul 12
     
    Use a common database user id, and manage auditing and security in the application
kuni katsuya

Application Security With Apache Shiro - 0 views

www.infoq.com/...apache-shiro

security ApacheShiro

shared by kuni katsuya on 08 Aug 12 - No Cached
  • previously known as the JSecurity project
  • The word Subject is a security term that basically means "the currently executing user"
  • Core Concepts: Subject, SecurityManager, and Realms
  • ...12 more annotations...
  • Subject
  • 'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
  • Subject currentUser = SecurityUtils.getSubject();
  • SecurityManager
  • SecurityManager manages security operations for all users
  • Realms
  • Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
  • Realm is essentially a security-specific DAO
  • Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
  • Authorization
  • A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
  • “Run As” support for assuming the identity of another Subject
kuni katsuya

Architecture | Apache Shiro - 0 views

shiro.apache.org/architecture.html

apache shiro architecture

shared by kuni katsuya on 15 Aug 12 - No Cached
  • Realm is essentially a security-specific DAO
  • 3 primary concepts:
  • Subject
  • ...51 more annotations...
  • SecurityManager
  • Realms
  • High-Level Overview
  • Subject
  • essentially a security specific 'view' of the the currently executing user
  • Subject
  • instances are all bound to (and require) a
  • SecurityManager
  • When you interact with a Subject, those interactions translate to subject-specific interactions with the SecurityManager
  • SecurityManager
  • 'umbrella’ object that coordinates its internal security components that together form an object graph
  • Realms
  • ‘connector’ between Shiro and your
  • application’s security data
  • Shiro looks up many of these things from one or more Realms configured for an application
  • Subject
  • SecurityManager
  • Authenticator
  • Authorizer
  • component responsible determining users' access control in the application
  • if a user is allowed to do something or not
  • SessionManager
  • knows how to create and manage user
  • Session
  • lifecycles
  • Shiro has the ability to natively manage user Sessions in any environment, even if there is no Web/Servlet or EJB container available
  • Shiro will use
  • an existing session mechanism
  • if available, (e.g. Servlet Container)
  • if there isn't one, such as in a standalone application or non-web environment, it will use its
  • built-in enterprise session management
  • SessionDAO
  • exists to allow any datasource to be used to
  • persist sessions
  • SessionDAO
  • performs Session persistence (CRUD) operations on behalf of the SessionManager
  • allows any data store to be plugged in to the Session Management infrastructure
  • CacheManager
  • creates and manages Cache instance lifecycles used by other Shiro components
  • improve performance while using these data source
  • Cryptography
  • Realms
  • ‘connector’ between Shiro and your application’s security data
  • Realms
  • Realms
  • Realms
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
  • ‘connector’ between Shiro and your application’s security data
kuni katsuya

graniteds - can newer web containers having Servlet 3 extend BlazeDS max # of simultane... - 0 views

stackoverflow.com/...-blazeds-max-of-simultaneous-u

graniteds AsynchronousServlets asynchronous servlets servlet3.0

shared by kuni katsuya on 20 Sep 12 - No Cached
  • GraniteDS &amp; Asynchronous Servlets
  • to handle many thousands concurrent users, you can even
  • create a cluster of GraniteDS servers
  • ...9 more annotations...
  • Asynchronous Servlets Performance
  • With a non NIO or non Continuation based server, this would require around 11,000 threads to handle 10,000 simultaneous users. Jetty handles this number of connections with only 250 threads.
  • Classical synchronous model: 10,000 concurrent users -&gt; 11,000 server threads. 1.1 ratio.
  • Comet asynchronous model: 10,000 concurrent users -&gt; 250 server threads. 0.025 ratio.
  • classical (synchronous) servlet model
  • request -&gt; immediate processing -&gt; response
  • Comet implementations rely on a different model:
  • request -&gt; wait for available data -&gt; response
  • With synchronous servlet processing, each request is handled by one dedicated server thread
kuni katsuya

Fiddler Web Debugger - Configuring clients - 0 views

www.fiddler2.com/...hookup.asp

https debug SSL ManInTheMiddle Fiddler proxy

shared by kuni katsuya on 20 Feb 13 - No Cached
  • Debug traffic from another machine (even a device or Unix box)
  • Allow remote clients to connect
  • kuni katsuya on 20 Feb 13
     
    "HTTP application to use Fiddler? You can either directly configure the WinHTTP application to point to Fiddler, in code, or you can use the following command at the command prompt to tell WinHTTP to use Fiddler: On XP or below: proxycfg -p http=127.0.0.1:8888;https=127.0.0.1:8888 ...or this one to force WinHTTP to use WinINET's proxy settings: proxycfg -u On Vista or above, use an Elevated (admin) command prompt: netsh winhttp set proxy 127.0.0.1:8888 Note: On Windows 7 and earlier, netsh is bitness specific, so you may want to run the above command twice: first using the 32bit NETSH and then using the 64bit NETSH. This blog has more information. This issue was fixed in Windows 8; you can call either NetSh just once to set the proxy for both 32bit and 64bit WinHTTP hosts. Capture traffic from a different account, like ASP.NET on IIS or from a Windows Service? Trying to capture SOAP calls coming from ASP.NET or some background service process?  By default, Fiddler registers as the proxy only for the current user account (ASP.NET runs in a different user account). To get a background process (like the ASP.NET or IIS process) to use Fiddler, you must configure that process to use Fiddler. Typically, this is done by editing web.config or machine.config for the ASP.NET installation, or the configuration for the code running within the Windows Service. Please see http://msdn.microsoft.com/en-us/magazine/cc300743.aspx#S4 or the section on .NET or WinHTTP, depending on which network stack the service is using. Configure Windows Phone 7 to use Fiddler? Please see http://blogs.msdn.com/b/fiddler/archive/2011/01/09/debugging-windows-phone-7-device-traffic-with-fiddler.aspx for actual device hardware, or http://blogs.msdn.com/b/fiddler/archive/2010/10/15/fiddler-and-the-windows-phone-emulator.aspx for the emulator. Configure Google Nexus 7 (Andoid 4.1 Jellybean) to use Fiddler? Please see this page. Configure Android Emulator to use Fiddler? Please see http://au
kuni katsuya

Fetching Client IP Address and Header information in JBoss AS7 access log « J... - 0 views

middlewaremagic.com/jboss

jbossas7 AccessLog

shared by kuni katsuya on 11 Oct 12 - No Cached
  • Fetching Client IP Address and Header information in JBoss AS7 access log
  • “org.apache.catalina.valves.AccessLogValve”
  • More informations about this Valve can be found in the following link: http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html#Access_Log_Valve
  • ...10 more annotations...
  • Some of the useful patterns
  • %h - Remote host name (or IP address if resolveHosts is false)
  • %a - Remote IP address
  • %u - Remote user that was authenticated (if any), else '-'
  • %r - First line of the request (method and request URI)
  • %s - HTTP status code of the response
  • %b - Bytes sent, excluding HTTP headers, or '-' if zero
  • %S - User session ID
  • %t - Date and time, in Common Log Format
  • %m - Request method (GET, POST, etc.)
  • kuni katsuya on 11 Oct 12
     
    "/subsystem=web/virtual-server=default-host/access-log=configuration:add(pattern="%h %l %u %t "%r" %s %b %{User-Agent}i %{JSESSIONID}c")"
1 - 20 of 117 Next › Last »
Showing 20 items per page