I have already asked similar quesiton Observer pattern suggestion ,I have to implement a audit log for portal where i have make an entry in DB about the feature user is accessign it can go lot dipper in short most of action of user has to be audited basically captured in DB.
I came across portlet filter , can anybody suggested if this can be interceptor kinf of concept for portal or portlert filter.
I am using websphere portal , jsr286 and jsf1.2
Yes, a Portlet Filter should suit your requirement. You can create a single filter and access the Portal state information from the request to gather what kind of a request was made. This way you can apply the same filter across all your Portlets, but record what kind of a request was made in each case.
Remember you need to configure the filter for each Portlet, and apply it to specific life cycle phases. See: http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Fcport_portlet_filters.html
Related
I need a users calendar to have the property "allowedOnlineMeetingProviders" contain "teamsForBusiness". I am not able to add the calendar via the create user call (graph api) so I had to subsequently update the existing calendar but it wont let me update the property (only name seems to update). Anyone know how I can programmatically set this property?
Its because its not expected workflow ~ Microsofts response:
Hope you are doing good.
Apologies for the delayed response, I have tried to gather more details on this behavior internally, but unfortunately since this is an existing behavior in the system i.e. by design we can say since the new user needs to have some kind of interaction with the MS teams initially.
Unfortunately, we aren't much help on this scenario from MS graph api standpoint.
We request you to provide your feedback/ideas/suggestion https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/idb-p/Microsoft365DeveloperPlatform
We regret not being helpful to you on this case since this is a known issue.
Kindly let us know if you have any queries.
After I opened Auto Login function for my portal, it worked very well. That I visited any page will cause an autologin trigger.
auto.login.hooks=acn.autologin.login.MyAutoLogin
But I hope "Auto Login" will be triggered only when I visited specified url. When I visited other urls, I will still login with a normal login page.
Is it possible to change url pattern of Auto Login filter?
I have done this kind of thing in liferay 6.2 by update servlet-filter definition in hook xml file. But liferay 7 seems not suggest to use this way to define filter and update exited filter. Please give me some advice.
https://dev.liferay.com/de/develop/tutorials/-/knowledge_base/7-0/auto-login
should give you the info about registering your autologins as a DS component
the filter hook is described in here
http://www.javasavvy.com/liferay-dxp-filter-tutorial/
remember everything is now hidden in #component Annotations
is it that what your searching for ?
before write the question sorry for my english. My question is this:
I have an web application in jsf, the application have new, edit and delete Categories, outgoings, Budgets, users, etc.
When open the edit page i have the url like this:
http://localhost:8080/Practica3/faces/usuarios/edit.xhtml?id=2
the problem is if the user change the number 2 for another number, and the another number exists in the dababase, the page change the data of the id 2 to the data of the new id.
The problem is if the id number X is of a data of another user, and the user that change the id is not in conditions to see that data.
How disable the edit of the id, or denied to show the data to the another user?
Thanks, and i hope have a response.
Just check in service layer if the current user is allowed to edit the requested entity. If not, then throw some security exception for which you could if necessary configure a custom error page in web.xml.
The technical problem has nothing to do with HTTP/JSF. If you "fix" it alone in JSF side, then you still have a gaping security hole in service layer which would affect any other frontend using it. The frontend is not responsible for business restrictions in service layer itself.
The problem is not stopping the editing of the ID. That is on the client side/browser and you cannot stop this value from being edited.
You need to implement propery Access Security Controls. When you get any response back, you need to check if the user can perform the action they specified (read, update, delete, etc.) as well as checking to make sure they have permission to the data they want to perform the action on.
These two topics are on the OWASP Top 10:
A4-Insecure Direct Object References
A7-Missing Function Level Access Control
The pages will tell you what the problem is, mitigation stragegies, and different ways of testing for that in your application.
I would also become familiar with the other Top 10 categories (this is not an all inclusive list but a good starting point).
I am new to Liferay. Now I need to create the flow chart which has the Liferay table work flow in following scenarios,
1) What are the list of table will reflect/update if we create the site admin?
2) What are the list of table will reflect/update if we create the site?
I tried by opening database tables and noticed that USER_, CONTACT_ will reflect, But I need list of all the related tables which will reflect when we create the site and siteadmin? I am using Liferay 6.2 version.
Thanks in advance.
When you want to know the internals of any system it is always best to check the relevant source-code. So in this case you can check the source-code for those classes which are used for CRUD operations on User and Site.
1) What are the list of table will reflect/update if we create the site admin?
Site-administrator is a Role, which can be applied to a User created in Liferay.
So if you want all the tables that are created from User-creation till User is assigned the Site-administrator role for a particular site, there here are some which I can recollect:
User_ (Obvious)
Contact_ (not so obvious :-) )
Group_ (Users are also created as a record in this table since Users have public and private pages)
Address (if you add an address)
Phone (if you add a Phone)
Users_Roles (Power user role is assigned by default)
UserGroupRole (user and site-role relationship, Site-administrator is a Site-role)
Users_Groups (user and site relationship)
For others you should refer the source-code for UserLocalServiceImpl, RoleLocalServiceImpl and GroupLocalServiceImpl, check the relevant methods prefixed add, update etc.
The corresponding service.xml for these module would reveal the database tables being used.
2) What are the list of table will reflect/update if we create the site?
Sites are nothing but Groups in Liferay. So its obvious Group_ table is playing a big role.
Other tables also depend upon what configuration you are doing while creating a Site.
Then there would be other tables like Layout when you start creating pages for a Site.
I would strongly encourage to go ahead and explore the source code for the classes and you would understand the flow - when and what tables are affected.
Here is some convention which might help you traverse the source-code, almost every *LocalServiceImpl is associated with a *Model like UserLocalServiceImpl with UserModel and almost every *Model has a corresponding database table with the same name.
Also the name of the functionality would in most cases hints at what service classes are being used to connect to database, like adding a User would hint at using UserLocalServiceImpl.
Hope I have understood your question and have been able to give some proper direction.
If you want to know this because you also want to write to these tables: Don't go there! You should purely use the API to change the data that Liferay stores. Otherwise you will run into disasters some time in the future - promised.
For just getting the SQL commands that Liferay actually uses, configure portal-ext.properties and change this default value:
hibernate.show_sql=false
Then go to "Server Administration/Log Levels" and add a new category "org.hibernate.SQL", configure it to the level DEBUG. Then the results show up in the logs. Note that this log configuration is transient and will be reverted on next server start. If you want the setting to be persistent, you'll need to go into Liferay's log4j configuration files.
Remember: You don't want to write to the tables ever. Promise!
The administrator of the web application I am working on, asks for a 'I wanna know everything' log. He wants to track all what the other users did when they were connected (logged in) to the web app :
What pages he/she visited.
What actions he/she performed.
On what entities (JPA Entities) he/she performed actions.
At what exact time she/he performed a given action if successful.
What attribute of the a given record he/she modified.
The user principals of this user.
All I could do now, is export a CSV file where the administrator finds the user principals, the time this user logged in and logged out.
I also created an example history table in database populated by EclipseLink Customizer to track changes for a corresponding table. (The problem with this EclipseLink customizer is that it is not flexible, because database tables are changing with time (adding/removing attributes) and so are their corresponding entities. And the user does not want to modify things two times (one time in the main table and the second time in the history table)!
Could something like a third library 'log4j' do that?
Is there any alternatives, solutions, or better practices related to my issu!?
Best regards.
Look into Interceptors/Listeners - both for JSF to get page/action and JPA to get data accessed. In your interceptors/listener you could then log to file using log4j.
EclipseLink Listeners
Hibernate Interceptors (for comparison)
JSF Listeners