i am having Set of API's having same backend Host for production and acceptance.
https://api.azurewebsites.net/vendor,
https://api.azurewebsites.net/session,
https://api.azurewebsites.net/api
https://api.acc.azurewebsites.net/vendor,
https://api.acc.azurewebsites.net/session,
https://api.acc.azurewebsites.net/api,
So, i want to create 2 products xyz-production & xyz-acceptance and route clients to respective ENV backend Host.
I tried to achieve same with "set-backend-service" policy. <set-backend-service base-url="https://<Host Name>/<Path>" /> But this policy allowed to change only serviceURL.
But my requirement is to change only Hostname. Could you please suggest, how to achieve it?
Answer for this question is below. By using "context.Api.Path" variable we can append API's base path dynamically with any Host you want.
<set-backend-service base-url="#("https://api.acc.azurewebsites.net" + context.Api.Path)" />
Related
How can the Dynamic Sub domain routing feature be implementing in NextJS?
Example: If a user comes with username abc in site xyz then he can access his
site on abc.xyz.com
Also, if the user have abc.com domain then he can point abc.com to abc.xyz.com
So in future if someone opens abc.com then abc.xyz.com is served. And in URL
also the abc.com is shown.
I have investigated few plugin in NPM like vhost and wildcard-subdomains but not sure that is right way to take on this issue.
The vhost requires changes in system hosts in local system and wildcard-subdomain solves the issue purely with routing.
The Local System Setting I have customized Server.js With Code Which Works Temporarily, but does't seems to be a solution which can be used in production :
Server.js
...
if (pathname === "/demo.demo.com") {
app.render(req, res, "/demo.demo.com", query);
}
...
And in _app.js
static async getInitialProps(appArgument) {
...
return {
...
renderFrom: "demo.demo.com"
};
}
Also in my host I have demo.demo.com point to localhost.
The site works for me in demo.demo.com:3000 but how to generalise it in production scenarios
with Database and CNAME Records and add/change CNAME Record automatically with User Action.
On Vercel (the creators of Next.js), we support Wildcard Domains out of the box. Within Next.js, you then only need to read the Domain from the headers of the incoming request, parse it and then respond with the right content.
I hope that was helpful!
I just found this blog post https://demo.vercel.pub/platforms-starter-kit, which was published 6 days ago.
It announces https://platformize.co/, a product that does just that.
Multi-tenant applications serve multiple customers across different subdomains/custom domains with a single unified codebase.
For example, this blog is a multi-tenant application:
Subdomain: demo.vercel.pub
Custom domain: platformize.co (maps to demo.vercel.pub)
Build your own: app.vercel.pub
Another example is Hashnode, a popular blogging platform. Each writer has their own unique .hashnode.dev subdomain for their blog:
eda.hashnode.dev
katycodesstuff.hashnode.dev
pit.hashnode.dev
Users can also map custom domains to their .hashnode.dev subdomain:
catalins.tech → pit.hashnode.dev
I want to configure Apereo CAS 6.0.x to perform X.509 authentication and then retrieve principal attributes from a database table.
Rudimentary X.509 authentication is working with these lines in application.properties (and appropriate reverse proxy setup):
cas.authn.x509.extractCert=true
cas.authn.x509.sslHeaderName=SSL_CLIENT_CERT
cas.authn.x509.principalDescriptor=SUBJECT_DN
The default "Log In Successful" page shows that it knows how to get my certificate's subject DN.
But I can't figure out how to tell CAS to then use that subject DN value to query my database for additional attributes.
This page explicitly mentions my need (though with LDAP instead of JDBC), but does not say specifically how to achieve it:
In many cases it is necessary to perform authentication by one means and resolve principals by another. The PrincipalResolver component provides this functionality. A common use case for this this mix-and-match strategy arises with X.509 authentication. It is common to store certificates in an LDAP directory and query the directory to resolve the principal ID and attributes from directory attributes. The X509CertificateAuthenticationHandler may be be combined with an LDAP-based principal resolver to accommodate this case.
What properties need to be set so that the X509 authentication handler resolves the principal against the database?
The missing ingredient was this line in application.properties:
cas.authn.x509.principalType=SUBJECT_DN
Without it, CAS does not attempt to query any attributeRepository settings that you may have.
i am facing issues in SSRS configuration:
A. i have two domain URL (https://xyz.domain1.com) and (ttps://abc.domain2.com).
B. i have certificate for each domain like
xyz.domain1.com - certificate one (*.domain1.com) -- 443
abc.domain2.com - 2nd certificate (*.domain2.com) -- 443
C. In SSRS - i have one virtual directory in web service URL
SSRS-> Webservice URL -> virtual directory name : "Report Service"
[enter image description here][1]
D. in advance setting
[enter image description here][2]
E. in Report manager URL, i am trying to bind two 443 domain but i cannot
while i bind both url and port 443 then i got this error
Microsoft.ReportingServices.WmiProvider.WMIProviderException: An SSL binding already exists for the specified IP address and port combination. The existing binding uses a different certificate from the current request. Only one certificate can be used for each IP address and port combination. To correct the problem, either use the same certificate as the existing binding, or remove the existing SSL binding and create a new binding using the certificate of the current request.
Question:
now i need to connect my report server using two different URL and unique SSL certificate each URL.
But i cant bind this two urls using 443 to connect report server.
I can bind one url and certificate then its working for one URL only.
How do i bind two URLS and certificate to one report server and make it work for two URL's
please help on this issue.
I suggest you try ignoring the error on the first URL ('Web Service URL') and proceed to bind the certs to the 'Report Manager URL' as well. You may have to manually edit the bindings in Advanced Settings, but once you get them looking right in Advanced Settings, SSRS should work.
And a second suggestion, though it looks like you already have done this: be sure the common name (CN) for the wildcard certs are *.domain1.com and *.domain2.com. SSRS will only accept host names that match the CN, and in your case, where you're binding 2 certs to same port, the CNs must be different.
Here's a related point for anyone trying to make the multiple hosts in a single subdomain case work: e.g, https://foo.localdomain/reports and https://bar.localdomain/reports.
Request your SSL cert with Common Name (CN) = *, not the server name or anything specific. Then list all the permutations of DNS names that you want to support in the Subject Alternate Name (SAN) field. The url looks funny in SSRS Configuration Manager (https:+:443), but it Works on the Wire(tm).
If you specify some non-wildcard for the CN, you'll get 'resource not found' error tryng to connect, although the SSL handshake will work.
To achieve the objective you need a Multi-Domain SSL or Wildcard SSL certificate, for example:
Multi-Domain SSL(Multiple Domains)
xyz.domain1.com
abc.domain2.com
Wildcard SSL(Sub-domains)
xyz.domain1.com
abc.domain1.com
Reference:
Multiple Domain (UCC) SSL
Secure multiple domains and
sub-domains on one certificate
I have connected Wso2 with an external LDAP. So, i want to handle the LDAP groups. However in Wso2 doc it states to use :
groupOfNames as our objectClass and
member as our MembershipAttribute
However my current LDAP server is not like that. This means that i use
PosixGroup as my objectClass and
memberUid for my MembershipAttribute
This leads me to the point that , when i add a user to a group, then Wso2 goes and puts this value uid=b1,ou=users,dc=transip,dc=nl inside memberUid. This is not compatible with my set up. What i need is Wso2 to just put the user's uid in the memberUid field and then the entry will be compatible with the rest of my setup.
How can i configure Wso2 to pass the uid when adding a user to a group instead of passing dn (Distinguished Name).
According to JIRA [1], this issue has been already fixed in WSO2 IS 5.1.0. According to the JIRA to get your setup working you need to configure GroupObjectClass as "PosixGroup" and MembershipAttribute as "memberUid" in the UserStoreManager configuration relevant to your UserStore.
[1] https://wso2.org/jira/browse/IDENTITY-3400
The same question has posted in https://wso2.org/jira/browse/IDENTITY-6295 as well. In order to achieve this its need to write custom user store manager, changing member attribute to add only uid, rather full DN.
I want to provide security one way or another for Sending and Getting JSON Data,but I don't know how to do this.
Our System has roles of users (System admin, General Members, etc.)
We decided send data as JSON using the Spring MVC URL pattern. I don't want everybody that outside from system to use this URL, only users can use the URL.
Example
www.example.com/services/"hereUserPass"/"hereUserName"/category/3
Each request time for different URLs, Should I control the username and password whether registered before? or What should I do for Security?
You want to implement security into your Spring Web application. You can do this at two ways:
Url Based Security
Method Based Security
Try to make another xml file as like applicationContext-security.xml Here is an example:
<http use-expressions="true">
<intercept-url pattern="/" access="permitAll"/>
<intercept-url pattern="/static/**" filters="none" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login />
<logout />
</http>
Here we see that permitAll means permit everybody who wants to reach that URL. filters = none has the same effect but it means that user will not go over Spring Security(Previous one goes over Spring Security but has access, filtering doesn't applied). isAuthenticated means that user can reach there if authenticated. You can also apply role based acces to urls.
Other security implementation base on middle tier security. You should add this line at your application context security file:
<global-method-security pre-post-annotations="enabled" />
so you can use method based security as like:
#PreAuthorize("hasRole('ROLE_SUPERVISOR')")
void storeVisit(Visit visit) throws DataAccessException;
You can start to reading with Spring Security implementation of Spring's Pet Clinic example: http://static.springsource.org/spring-security/site/petclinic-tutorial.html
Also I recommend you read here: http://www.mularien.com/blog/2008/07/07/5-minute-guide-to-spring-security/