domingo, 15 de julho de 2018

The security context cannot be set in the request as it is already in the response processing phase.


Hello guys,
today i'll show how to resolve the "security context cannot be set in the request as it is already in the response processing phase." problem in a Jersey implementation, the stack trace  is intuitive, but you have no choices to resolve that if you don't read the documentation, I spent a lot time on the stackoverflow searching about, unfortunately not in the Jersey documentation,  then i resolved!

Take a look:


/**
 * @author Jhonatan S. Souza
 */
@Provider
@PreMatching
public class RequestFilter implements javax.ws.rs.container.ContainerResponseFilter, javax.ws.rs.container.ContainerRequestFilter {
The problem is that you r using the response implementation javax.ws.rs.container.ContainerResponseFilter instead the javax.ws.rs.container.ContainerRequestFilter do the change and the request will gonna work.

Indeed, very simple, but gave me a headache. Enjoy!!!
See ya!
Postado por às Nenhum comentário:
Marcadores: , , , ,

segunda-feira, 9 de julho de 2018

Angular 5 - Implement Role-based security


Hi everyone, today I'll show how to create a role-based security in Angular 5 easily, just 
following some steps.
I was searching something to do this kind of job, but unfortunately found only old jobs and broken libs, then I found it in a Microsoft developers page, look this article: Angular How-to: Implement Role-based security.
Sounds good? sure! but, if you get deep in this solution you can see that we have a security lack, in this case I even made a solution that resolves the lack, but I'wont rediscover the wheel and remake the solution showed by Microsoft, in this case we need to do these simple steps: 

1.Implement the solution 

Get the link: Angular How-to: Implement Role-based security and follow the instructions

If you have any questions don't hesitate to get in touch in the comments area.


2.Houston we've a problem!

 I'll give a chance to you discover the lack:
@Directive({
selector: '[myHideIfUnauthorized]'
})
export class MyHideIfUnauthorizedDirective implements OnInit {
@Input('myHideIfUnauthorized') permission: AuthGroup; // Required 
permission passed in
constructor(private el: ElementRef,
private authorizationService: AuthorizationService) {
}

ngOnInit() {
if (!this.authorizationService.hasPermission(this.permission)) {
this.el.nativeElement.style.display = 'none';
}
}
}

Did you found it?
Not? really?
Not yet?
Put in the comments if you have found, by the way, look:

When we using this kind of solution:

   this.el.nativeElement.style.display = "none";

 Users can use the browser developer tools and get some sensitive info, cause the elements still there,
them is only hidden, but if you key f11 + ctrl + f you'll found the data.


Some kind of users that can found your "secure"data.

3.SLAY!

To resolve this we just can change the behaviour of the nativeElementI did discover these reading the documentation : Angular native element documentation


3.SOLUTION!

/*
There's the solution, remove the element from the screen.
*/
this.e.nativeElement.outerHTML = "";


/*
Note: If you want only hidden the data (using only not sensitive data)
*/
this.e.nativeElement.hidden = true;


That's all folks!!!


Postado por às Nenhum comentário:
Marcadores: , , ,
Assinar: Comentários (Atom)