Can I change Ant Media Server application settings in <AMS_DIR>/webapps//WEB_INF/red5-web.properties folder from REST API.
Yeah it's possible however it's not documented officially. Let me tell how to do that.
The web panel REST Methods are available here. REST methods consume JSON objects and return JSON objects. I mean you can use any language for consuming REST methods. Let me give some more explanations for that.
First you should access to the REST services.
First way is authenticating user with your username or password that you use in web panel by calling authenticateUser(User user) method.
Second way is disabling authentication by removing the following lines below from /usr/local/antmedia/webapps/root/WEB-INF/web.xml and you can use IP filtering for accessing the REST API as documented here
<filter-name>AuthenticationFilter</filter-name>
<filter-class>io.antmedia.console.rest.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/rest/*</url-pattern>
</filter-mapping>
Get the application settings from the server by calling getSettings
public AppSettings getSettings(#PathParam("appname") String appname)
Change the settings and set it with changeSettings as follows.
public String changeSettings(#PathParam("appname") String appname,
AppSettings newSettings)
I hope it helps.
Related
I am new to Salesforce and I would like to get some expert advice on how I can expose the Sales force data as an Rest API so the external System can consume it. I was think if I can create a Apex Class like
below
#RestResource(urlMapping='/GetAccounts/*')
global with sharing class GetAccounts {
#HttpGet
global static Account doGet() {
RestRequest req = RestContext.request;
RestResponse res = RestContext.response;
String accountId = req.requestURI.substring(req.requestURI.lastIndexOf('/')+1);
Account result = [SELECT Id, Name FROM Account WHERE Id = :accountId];
return result;
}
}
And for the external user to consume the data I thought I can set up up a Connected App and provide them with the Username,password, Consumer Key,Consumer secret and they should be authenticating in to Salesforce to get the URI and session ID. Using the SessionID and URI the should be able to call the API that is exposed above. Is this the right approach, please let me know if I am missing anything here.
Also there is a requirement to use Swagger with the API, is it possible to use the Swagger within the Apex Class. Can you please help how I can leverage Swagger with my API here.
First of all you should try to use Salesforce standard REST API. You can check the full documentation from here.
https://developer.salesforce.com/docs/api-explorer/sobject/Account
You might be asking yourself, well when I should expose an APEX class as a REST API like the code you have provided?
You need to do that when you need custom logic to be performed and combined with the API call.
Exposing Salesforce REST API as OPEN API specification(Swagger) is not yet supported. You can vote for this idea if you need it.
https://success.salesforce.com/ideaView?id=0873A000000cQsxQAE
But the other way is supported. You can import a swagger specification file and invoke it using point and clicks from Salesforce.
Check this blog for more details:
https://andyinthecloud.com/2017/07/23/simplified-api-integrations-with-external-services/
I am developing a plugin using Java for SharePoint 2013, trying to update the list view using SharePoint REST web services, but could not find any way to go.
GetListAndView method fetches the view and field details but dont see anything to update those views.
As a work around , developing the a SharePoint solution in C# and exposing it as web service method to add, update, delete the fields in the view.
Any pointers to achieve using web services would be appreciated.
Using the MSDN help at the LINK
Tried to add/update/remove the fields using the urls as in MSDN
http:///_api/SP.AppContextSite(#target)/web/lists(guid'')/views('')/viewfields/removeviewfield('Jira_x0020_URL')?#target=''
Getting Error:
<m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
<m:code>-1, Microsoft.SharePoint.SPException</m:code>
<m:message xml:lang="en-US">There is no app context to execute this request.</m:message>
<m:innererror>
<m:message>There is no app context to execute this request.</m:message>
<m:type>Microsoft.SharePoint.SPException</m:type>
<m:stacktrace>
at Microsoft.SharePoint.SPAppContextSite..ctor(String siteUrl)
at Microsoft.SharePoint.ServerStub.SPAppContextSiteServerStub.InvokeConstructor(ClientValueCollection xmlargs, ProxyContext proxyContext)
at Microsoft.SharePoint.Client.ServerStub.InvokeConstructorWithMonitoredScope(ClientValueCollection args, ProxyContext proxyContext)
at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.GetObjectFromPathRoot(Boolean mainRequestPath, EdmParserNode node, Boolean resourceEndpoint, MethodInformation& methodInfo)
at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.GetObjectFromPath(Boolean mainRequestPath, String path, String pathForErrorMessage)
at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.Process()
at Microsoft.SharePoint.Client.Rest.RestRequestProcessor.ProcessRequest()
at Microsoft.SharePoint.Client.Rest.RestService.ProcessQuery(Stream inputStream, IList`1 pendingDisposableContainer)
</m:stacktrace>
<m:internalexception>
<m:message>There is no app context to execute this request.</m:message>
<m:type>Microsoft.SharePoint.Client.ClientServiceException</m:type>
<m:stacktrace/>
</m:internalexception>
</m:innererror>
</m:error>
Looking for REST api rather than web http url get/post.
I have REST api for accessing "parties" and the URL's look like this:
/parties
/parties/{partyId}
Using Spring controllers and #PathVariable I'm able to implement this interface. But to prevent users from accessing parties they don't have access to, I have to add checks to every method call which is kind of repeating myself and I might forget to add it everywhere:
#RequestMapping(value="/parties/{partyId}", method=RequestMethod.GET)
public #ResponseBody Party getParty(#PathVariable Integer partyId){
authorizeForParty(partyId);
...
Now what I would like to do is create a check that would be called every time that user enters url like this:
/parties/{partyId}/**
How would I do something like this? Do I have to create some servlet filter and parse the url myself? If I have to parse the url then is there atleast tools that would make it easy? I wish there was a way to add a method to controller that would be called before methods but could still use #PathVariables and such...
What I ended up with is using the Spring MVC interceptors and parsing the path variables in the same way that Spring does. So I define an interceptor for the REST url:
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/parties/*/**" />
<bean class="PartyAuthorizationInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
The PartyAuthorizationInterceptor has to implement HandlerInterceptor in which we have to implement preHandle. It has HttpServletRequest as a parameter so we can get the request URL but we still have to parse the partyId from the url. After reading how Spring MVC does it, I found out they have a class named org.springframework.util.AntPathMatcher. It can read the path variables from the URL and place the values in a map. The method is called extractUriTemplateVariables.
So the result looks like this:
#Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String partyIdStr = new AntPathMatcher().extractUriTemplateVariables("/parties/{partyId}/**", request.getPathInfo()).get("partyId");
...
That makes the parsing almost as easy as using #PathVariable in MVC Controller methods. You still have to do conversions yourself(e.g. String -> Integer).
Now I can implement authorization logic on all urls that access a party in this interceptor and keep that logic out of the individual controller methods. Not as easy as I would have hoped but it gets the job done.
Are you already using some kind of security library in your application, e. g. Spring Security?
Because the kind of logic you want to implement is a classic case for an AccessDecisionVoter in an authentication chain. You would just put your API behind Spring Security's protection and implement the custom check as part of the security chain.
If you are not using a security framework at all, your idea of implementing a HandlerInterceptor may be the best alternative, though. But it would require you (as you mentioned) to take into account all kinds of obfuscation the user may use in order to gain access to other URLs (e. g. %-encoding of letters, ../../ patterns etc.).
Using the new ASP.NET Web API beta. I can not seem to get the suggested method of authenticating users, to work. Where the suggested approach seems to be, to add the [Authorize] filter to the API controllers. For example:
[Authorize]
public IEnumerable<Item> Get()
{
return itemsService.GetItems();
}
This does not work as intended though. When requesting the resource, you get redirected to a login form. Which is not very suitable for a RESTful webapi.
How should I proceed with this? Will it work differently in future versions?, or should I fall back to implementing my own action filter?
Double check that you are using the System.Web.Http.AuthorizeAttribute and not the System.Web.Mvc.AuthorizeAttribute. This bit me before. I know the WebAPI team is trying to pull everything together so that it is familiar to MVC users, but I think somethings are needlessly confusing.
Set your authentication mode to None:
<authentication mode="None" />
None Specifies no authentication. Your application expects only anonymous users or the application provides its own authentication.
http://msdn.microsoft.com/en-us/library/532aee0e.aspx
Of course then you have to provide some sort of authentication via headers or tokens or something. You could also specify Windows and use the built in auth via headers.
If this site is mixed between API and actual pages that do need the Forms setting, then you will need to write your own handling.
All the attribute does is return an HttpUnauthorizedResult instance, the redirection is done outside of the attribute, so its not the problem, its your authentication provider.
Finally, I've found a solution at:
ASP.NET MVC 4 WebAPI authorization
This article shows how you can fix this issue.
You are being redirected to login page because forms authentication module does this automatically. To get rid of that behavior disable forms authentication as suggested by Paul.
If you want to use more REST friendly approach you should consider implementing HTTP authorization support.
Take a look at this blog post http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-membership-provider/
ASP.NET 5 Introduced the new Microsoft.AspNet.Authorization System which can secure both MVC and Web API controllers.
For more see my related answer here.
Update:
At that time 2 years ago it was Microsoft.AspNetCore.Authorization.
As #Chris Haines pointed out. now it resides on
Microsoft.AspNetCore.Authorization.
From .NET core 1.0 to 2.0 many namespaces have been moved i think.
And spread functionality between .net classic and core was obscure.
That's why Microsoft introduced the .net standard.
.net standard
Also, look at my answer for:
How to secure an ASP.NET Web API
There is a NuGet package I have created which you can use for convenience.
If you're using a Role, make sure you have it spelled correctly :
If your role is called 'Administrator' then this - for instance will not work :
[System.Web.Http.Authorize(Roles = "Administator")]
Neither will this :
[System.Web.Http.Authorize(Roles = "Administrators")]
Oops...
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Produces("application/json")]
[Route("api/[controller]")]
public class CitiesController : Controller
{
[HttpGet("[action]")]
public IActionResult Get(long cityId) => Ok(Mapper.Map<City, CityDTO>(director.UnitOfWork.Cities.Get(cityId)));
}
Use
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
Filter with authentication type
I have been put on to a project using Nuxeo, late in it's lifecycle and need to change a few things before it goes live.
I am having trouble finding out where I need to look to lock down a Nuxeo based application so that a user is redirected to the login page if they are unauthorised and access a restricted page.
Can someone please shoot my some direction on where this sort of logic is kept or defined?
This documentation should give you information about how Nuxeo authentication works:
http://doc.nuxeo.org/5.3/books/nuxeo-book/html/auth-users-groups.html#authentication-framework
A more direct answer to your question is: by default some URLs are protected (*.faces, .seam, /nxdoc/, /nxpath/*...), if you need to protect your own you should add to your deployment-fragment.xml file the following:
<filter-mapping>
<filter-name>NuxeoAuthenticationFilter</filter-name>
<url-pattern>/mypattern/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
And if this kind of URL is bookmarkable (e.g. it holds all the needed information for your application to restore the context), you can declare it as a valid start URL in a contribution to the PluggableAuthenticationService:
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="startURL">
<startURLPattern>
<patterns>
<pattern>mypattern/</pattern>
</patterns>
</startURLPattern>
</extension>
If you do so, people who type this URL and are redirected to the login page, will be re-redirected to the original URL after a successful login (instead of home page).
HTH, even after more than 1 year ;)
anahide.