Graphhopper obeys access restrictions like gates with attribute "access = no" (OSM). But additional attributes like "bicycle = yes" are ignored.
Question: is it possible to tell Graphhopper to pass a gate when bikes are allowed and routing is optimized for bicycles?
Related
After testing authentication in Orion with keycloak (Orion APIs authentication through Keycloak) with kong-pep-plugin, I'm interested in the authorization too; in particular, I want to give specific permissions (on path and verb) to users/groups like I used to do with AuthZForce.
Could you help me?
Thank you
sorry that I only see your request right now. This is very much tied to configuring Keycloak, but it is possible, yes. The kong-pep-plugin delegates all decisions to Keycloak's Authorization Serivces and just takes its decision. Thus, you should read the documentation on that: https://www.keycloak.org/docs/latest/authorization_services/index.html
An example (declarative)configuration for allowing different groups to access different paths can be found in the integration-tests:
https://github.com/FIWARE/kong-plugins-fiware/blob/main/it/src/test/k3s/keycloak.yaml#L518-L567
Another, better readable, example is our demo environment:
https://github.com/FIWARE-Ops/fiware-gitops/blob/master/aws/fiware/keycloak/templates/realmConfigMap.yaml#L139-L203
This combination of resources and policies allows the group "consumer" to access the path "/keycloak/ngsi-ld/v1/", while the group "admin" can also access "/keycloak/".
The authorization services allow for much more fine-grained and powerful configurations, so I really recommend the official documentation on it.
Best
As an addition for the GET/POST question:
Thats something you can implement with the javascript policies feature from Keycloak(keycloak.org/docs/latest/authorization_services/…). The kong-plugin forwards the http method as "http.method" claim(see github.com/FIWARE/kong-plugins-fiware/blob/main/kong-pep-plugin/…)
An example policy could granting access only for GET requests could look like:
var context = $evaluation.getContext();
var attributes = context.getAttributes();
var method = attributes.getValue('http.method').asString(0);
if (method === 'GET')
{$evaluation.grant();
Combining a resource policy with such a js-policy would give you the access-control you want.
Best(Standard) practice to send multiple parameters to REST get resource - Spring
What's the best practice to send multiple parameters on a REST GET resource call. Normally we can call GET call with path param &/ query. what is the best practice on how to achieve this(second and third).
Ex: /user/{username}/locaction} - Its a standard way
2. /user/{username}/{locaction}/{mobile_umber} - is it a standard way?
3. /user/{username}/{locaction}/{mobile_umber}/{age} - is it a standard way?
In terms of URLs, params tend to be more like RPC where you're invoking a function, e.g.:
/user?username=123
which is more like a traditional RPC call:
Object user = GetUsername(123);
REST represents a state of a resource which can be made up of many "states". Core information such as personal info, where 123 is the username:
/user/123 -> {"name":"Joe Bloggs"}
some aspects of the state of the user could change over time:
/user/123/location -> {"username":"123",lat:123456,lon:54568}
aspects of the user that are unlikely to change rapidly could be included in the core info /user/123 or if they're unlikely to be needed by a client, they can be requested separately:
/user/123/mobile -> {"username":"123",mobile:"345345"}
A User has a location and a User has a mobile and a User has an age. A location doesn't have a mobile or age so those aspects would never come under /user/location. They would come under the URL that represents the object that does have them:
/user/123/age -> {"username":"123", "age":100}
A location can have an accuracy which can either be requested separately:
/user/123/location/accuracy {"accuracy":"-1"}
or more likely included in the response to /user/123/location.
So the REST structure in this case mirrors the object hierarchy, the has parts.
The REST structure could also mirror the business structure:
/user/account
/user/contactinfo
/user/location
it just depends how you want to expose the data that represents a User and their states.
I have an account which I registered as an amazon developer. (Let's call this the developer account)
I have another account which I am treating as the seller account (also an amazon developer account). (Let's call this seller account)
I want my developer account to make requests to amazon on behalf of the seller.
So seller calls my developer app, which talks to Amazon.
According to the terms and conditions, I must use the developer's access and secret key.
I have given my seller the developer ID and I have a Seller Id, Marketplace Id, and a MWS Auth Token.
However, I'm not sure how to get a MWSConnection working since it appears boto doesn't have a parameter for entering the MWS Auth Token
I have tried.
access_key_id = developer_access_key_id
secret_key = developer_secret_key
seller_id = seller_id
MWSConnection(access_key_id, secret_key, SellerId=seller_id)
This results in a failure of AccessDenied
Is there a way to get this working, where I (the developer) can make a request on behalf of someone else (the seller)?
Some things that may not be your problem, but might be
A couple of stabs at what may be your problems before a more explicit solution:
boto3 doesn't support MWS. If you're using it, it will not work. Use boto
MWS in regions that are not North America (NA) require additional configuration that you may not be providing
What your problem probably is...
You're coming in and trying to set the SellerID in the args of MWS with:
MWSConnection(access_key_id, secret_key, SellerId=seller_id)
You should probably be doing it like this instead:
from boto import mws
from boto.mws.connection import MWSConnection
accessKey = developer_access_key_id # Python prefers camelCase
secretKey = developer_secret_key # Python prefers camelCase
merchantID = "XXXXXXXXXX" # You never specified this
mws = MWSConnection(accessKey, secretKey)
mws.Merchant = merchantID
mws.SellerId = merchantID
While it is possible to pass in the SellerId through a keyword argument I believe that you have to specify all the named arguments unless you know what their explicit order is.
Arguments to a python function are essentially a dictionary and python just does some convenience for you to line up the order of invocation with the order of declaration. That's why you can be explicit and use argumentName = argumentValue, ... in any order in the invocation and still have your function work.
Question
Is it possible to get rates for all possible ups services in the same request?
Background
Although the UPS rates documentation states that the service element is optional
Requests with the service element defined respond successfully while requests without the element defined result in the following error:
["Error"]=>
array(3) {
["ErrorSeverity"]=>
string(4) "Hard"
["ErrorCode"]=>
string(6) "111100"
["ErrorDescription"]=>
string(58) "The requested service is invalid from the selected origin."
}
Additionally, every example and library i've seen either only desired to create requests for one type of service or creates a request for each service the user specifies they want to receive:
// optional, you can specify which rates to look for -- performs multiple requests, so be careful not to do too many
In Summary
Is there a way to return rates for all services from UPS that I am missing or must we query UPS for each service we wish to get a rate for?
You should be able to receive rates for multiple services by setting the /RateRequest/Request/RequestOption to Shop and omitting the /RateRequest/Shipment/Service element.
This is outlined in UPS's documentation for the Rate Webservice endpoints:
Can a customer compare services for a shipment using the Rating API?
Yes. Use the “Shop” value, instead of the “Rate” value, in the RequestOption element of the ../Request container to retrieve the rates for all services for the stated lane pair. The API response will return a rate for each of the available services. This is known as the Shop option.
What is the "official" url I should use if I want to indicate just a resource that fails as soon as possible?
I don't want to use www.example.com since its an actual site that accepts and responds requests and I don't want something that takes forever and fails from a timeout (like typing using a random, private IP address can lead to).
I thought about writing an invalid address or just some random text but I figured it wouldn't look as nice and clear as "www.example.com" is.
If you want an invalid IP, trying using 0.0.0.0.
The first octet of an IP cannot be 0, so 0.0.0.0 to 0.255.255.255 will be invalid.
For more info, see this question: what is a good invalid IP address to use for unit tests?
https://www.rfc-editor.org/rfc/rfc5735:
192.0.2.0/24 - This block is assigned as "TEST-NET-1" for use in documentation and example code. It is often used in conjunction with domain names example.com or example.net in vendor and protocol documentation. As described in [RFC5737], addresses within this block do not legitimately appear on the public Internet and can be used without any coordination with IANA or an Internet registry. See[RFC1166].
Use .invalid, as per RFC 6761:
The domain "invalid." and any names falling within ".invalid." are special [...] Users MAY assume that queries for "invalid" names will always return NXDOMAIN responses.
So a request for https://foo.invalid/bar will always fail, assuming well-behaved DNS.
Related question: What is a guaranteed-unresolvable (but valid) URL?
if it's in a browser then about: is fairly useless - but it would be better if your service returned the correct HTTP status code - e.g. 200 = good, 404 = not found, etc.
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes