I'm using RDF4J to add RDF triples to a completely open (Security off) GraphDB instance. I use the RemoteRepositoryManager and it works fine:
RepositoryManager repositoryManager = new RemoteRepositoryManager(GraphDBInstanceURL);
Repository repository = repositoryManager.getRepository(graphDBrepoName);
RepositoryConnection repositoryConnection = repository.getConnection();
Now we need to add security to GraphDB, but it is not clear to me how to add the specific GraphDB user credentials in the above code. Any pointers are wellcome, thanks
Related
I'm currently playing around with gitlab-ce (omnibus, on an Ubuntu VM) in an environment with LDAP authentication.
The LDAP administrator recently reconfigured the OUs from something like
ou=temp, ou=users, ou=baseinfrastructure to
ou=users, ou=baseinfrastructure.
Now when I do something as simple as git pull with a regular user account, that user account will be set to ldap_blocked since gitlab queries for the user with the temp part in the cn string and obviously doesn't find it.
Is there a way to update the users or something else so gitlab no longer queries with the ou=temp, part?
After some search, I've found out the information is stored in the identities table.
In gitlab omnibus, you can start a database console using gitlab-psql.
In my case, the required query for verifying I'm doing the right thing was:
SELECT external_uid, replace(external_uid, 'ou=temp,', '') FROM identities;
and then actually replacing them by executing:
UPDATE identities SET external_uid = replace(external_uid, 'ou=temp,', '');
For a single user you can use gitlab-rails console.
Find your user:
user = User.find_by_email("user#email")
Get user extern_uid:
user.ldap_identity.extern_uid
the above should print result similar to: => "uid=username,ou=people,dc=example,dc=com"
Update values as neccesary:
user.ldap_identity.extern_uid = "uid=newusername,ou=newpeople,dc=example,dc=com"
Verify:
user.ldap_identity.extern_uid
=> "uid=newusername,ou=newpeople,dc=example,dc=com"
And finally save
user.save
I believe this script Gitlab rake task to mass update ldap dn may be useful for updating multiple users at once.
Is there a way to set the default application version in azure batch account using java sdk?
The sample script that they have in the git does not show how to set the default version(https://github.com/Azure-Samples/batch-java-manage-batch-accounts/blob/master/src/main/java/com/microsoft/azure/management/batch/samples/ManageBatchAccount.java).
Also I was trying to dig in the interface(https://github.com/Azure/azure-libraries-for-java/blob/master/azure-mgmt-batch/src/main/java/com/microsoft/azure/management/batch/Application.java) to get some clues but couldn't see anything that supports updating the default version.
UPDATE:
I was able to get the version update working following #brklein suggestion:
BatchApplication batchApplication = batchAccount.applications().get(applicationName)
ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(applicationId, tenantId, appSecret, AzureEnvironment.AZURE)
BatchManager batchManager = BatchManager.authenticate(credentials, subscriptionId)
ApplicationsInner applicationsInner = batchManager.inner().applications()
ApplicationUpdateParameters parameters = new ApplicationUpdateParameters(defaultVersion: DEFAULT_APP_VERSION)
applicationsInner.update(resourceGroupName, batchAccountName, batchApplication.id(), parameters)
It does not appear that default version is being surface at the client layer of the SDK.
To get around this you should be able to call the implementation methods manually, which have the full functionality of the REST API (as they are auto-generated).
To do this create either CreateApplicationParameters or ApplicationUpdateParameters and set the defaultVersion property. Then you can call the implementations create or update methods manually (https://github.com/Azure/azure-libraries-for-java/blob/78e8ff2940eba34bc63f8e7be6807a377500f5c7/azure-mgmt-batch/src/main/java/com/microsoft/azure/management/batch/implementation/ApplicationsInner.java#L474).
I am relatively new to IoC containers so I apologize in advance for my ignorance.
My application is a asp.net 4.0 MVC app that uses the Entity Framework with a Repository layer on top of that. It is a multi tenant application so the connection string that is used varies by the logged in client.
The connection string is determined by a 'key' that gets passed in as part of the route which indicates the client. This route data is only present on the first request of the user's session.
The route looks kind of like this: http://{host}/login/dev/
where 'dev' indicates we are using the dev database.
Currently the IoC container is registering all dependencies in the global.asax Application_Start event handler and I have the 'key' hardcoded as follows:
var cnString = CommonServices.GetDBConnection("dev");
container.RegisterType<IRequestMgmtRecipientRepository, RequestMgmtRecipientRepository>(
new InjectionConstructor(cnString));
Is there a way with Unity to dynamically register the repository based on the logged in client using the route data that is supplied initially?
Note: I am not manually resolving the repositories. They are getting constructed by the container when the controllers get instantiated.
I am stumped.
Thanks!
Quick assumption, you can use the host to identify your tenant.
the following article has a slightly different approach http://www.agileatwork.com/bolt-on-multi-tenancy-in-asp-net-mvc-with-unity-and-nhibernate-part-ii-commingled-data/, its using NH, but it is usable.
based on the above this hacked code may work (not tried/complied the following, not much of a unity user, more of a windsor person :) )
Container.RegisterType<IRequestMgmtRecipientRepository, RequestMgmtRecipientRepository>(new InjectionFactory(c =>
{
//the following you can get via a static class
//HttpContext.Current.Request.Url.Host, if i remember correctly
var context = c.Resolve<HttpContextBase>();
var host = context.Request.Headers["Host"] ?? context.Request.Url.Host;
var connStr = CommonServices.GetDBConnection("dev_" + host); //assumed
return new RequestMgmtRecipientRepository(connStr);
}));
Scenario 2 (i do not think this was the case)
if the client identifies the Tenant (not the host, ie http: //host1), this suggests you would already need access to a database to access the client information? in this case the database which holds client information, will also need to have enough information to identify the tenant.
the issue with senario 2 will arise around anon uses, which tenant is being accessed.
assuming senario 2, then the InjectionFactory should still work.
hope this helps
I'm working on a project where I'm trying to implement authentication against external user base for customers, this seems to be working correctly.
Recently there has been added another requirement that some people (not present in the aforementioned base) need to be able to edit parts of pages' content. First thing that comes to mind is to have separate ORM/File Auth driver enabled for those few editors to be able to authenticate them separately.
Is it possible to use two Auth drivers at the same time in Kohana 3.2?
Yes, you can use different drivers at once. Just create another instance instead of standard singleton:
// default Auth
$config = Kohana::$config->load('auth');
$auth = new Auth($config);
$user = $auth->get_user();
// special Auth for administration
$config2 = Kohana::$config->load('admin_auth');
$auth2 = new Auth($config2);
$admin = $auth2->get_user();
Restrictions:
You must use differ configs (driver and session_key values must differ). Note that some settings are defined in classes and cant be changed by config (for example, "remember" cookie named authautologin).
You cant share default ORM models (Model_User, Model_Token, Model_Role), because their names are hardcoded. But ORM driver & File driver can be used.
Kohana's Auth module does not natively support using two Drivers.
However, you can implement a new Driver yourself very easily. You can follow the instructions for creating a new Driver by copying the existing driver and modifying it, here: http://kohanaframework.org/3.3/guide/auth/driver/develop
The simple thing to do would be to put the following logic in your _login method:
Check the external user database for a valid login
If there is a valid user in the external user database, return true.
If there is no valid user in the external user database, check the local user database instead.
If the user exists in the local database, return true.
The security policy at our client's production environment requires that we use separate connection to execute writes and read to and from database. We have decided to use SubSonic to generate our DAL. So I am interested in knowing if it is possible and if yes how?
You can specify the provider SubSonic is using at runtime. So you would specify the read provider (using your read connectionstring) when loading from the database and then specify the write provider (using your write connectionstring) when you want to save to it.
The following isn't tested but I think it should give you the general idea:
SqlQuery query = new Select()
.From<Contact>();
query.ProviderName = Databases.ReadProvider;
ContactCollection contacts = query.ExecuteAsCollection<ContactCollection>();
contacts[0].FirstName = "John";
contacts.ProviderName = Databases.WriteProvider;
contacts.SaveAll();