Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am writing a web service in JAVA which will expose a product's API.
What i cannot figure out for my Low level design is, how to authenticate and authorize within my web service.
For example :- Who can or cannot invoke methods on my web service.
I want to build something like, one user can add an account however shouldn't be allowed to add user while some other user can do vice versa.
Can anyone give me a direction for best practices, i can figure out the details.
Here is a leightweight howto:
You could implement a usertable and provide a login mechanism. Every time a user logs in you could store the userid in a session. If an arbitrary request is received you check whether a session exists. If not you force the user to login otherwise you read the userid from the session. Then you can determine which functions the user is allowed to access.
Also this link about similar question on stackoverflow might help:
Servlet user authentication
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I am trying to use the pre-built embed code in COVID-19 tracking US sample to create a customised report, but can't publish on the web. Need some advise/help please.
Since January 2020 Publish to web by default is disabled. You need to get a permission from the admin of your tenant to be able to use it.
In Tenant settings they can change the option Choose how embed code work:
From there, your admin can allow you to generate new embed codes. If you don't have admin rights, you can't do anything else except asking for permission.
See: Heads up: The Publish to web default is changing and it affects who can create public embed codes
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am not an expert in Django and learning it by doing. I am making an application and it has two kind of users-
User who offers services
User who uses services
So my query is how to manage these two types of users? One possible approach i am thinking of is make two separate profile models for both these users and have different login pages for these users. And still I want to have upper layer of Django admin which can manage both these users. So my problem is-Is there any particular way to implement this kind of scenario or i can go with my approach? These users will have different privileges like offer-er of service can add his service while simple user can only use that service by logging in himself. So i want to have a secure separation between these users.
I would suggest using django's built in Groups and custom Permissions. Also another interesting tidbit I would consider is implementing two versions of the django admin.
How to have 2 different admin sites in a Django project?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I need to retrieve the list of friends who have visited a particular place using graph api javascript sdk.
For example: Sam, Nike and 7 others have been to this place.
Is there any API call which I can use for this?
You can only get data of users who authorized your App. There is no way to get any data of friends who did not authorize the App. Check out the API reference to find out what data you can get from authorized users: https://developers.facebook.com/docs/graph-api/reference/v2.4/user
As #luschn already said, this is not possible with the current version of the Graph API.
You might have a look at what IS possible concerning social context here:
https://developers.facebook.com/docs/facebook-login/social-context/v2.4
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I want to build a Django app that allows users to sign up using their Facebook account (but isn't necessary). However, I don't feel like dealing with the social auth stuff from the get go because I'd rather focus on the meat of my app. So, can I make an app without social authentication and just "plug it in" at the end or is it something I should set up from the beginning?
It is fine to plug it in later. However, one decision you must make at the start and stick to is the user model you're going to use.
Whether users register/login to your site with a social account or not, a local account will need to be created. Social accounts are linked to that local account.
If you are happy for the local account to use the default user model and have users log in to your site with a username and password, then go right ahead.
If you'd like the local account to use an email instead of a username then you've a bit of work to do.
The Django docs explain your options and provide a working example at the bottom .
Assuming you're going to use django-allauth, this tutorial will get you started and this demo will give you most of the templates you need.
The demo gives an example of customizing the user model to use email instead of a username but it is not quite complete.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a Facebook app and would like to change the permissions on it. These were straightforward to set when I created the app, but when I login to the app and go through the settings, I can't find any mention of permissions. Where do I go to update the permissions on an existing app?
If you are user using another app: you cannot modify existing permissions. The best you can do is deauthorize the app.
If you are the owner of the app, and you want to ask for additional permissions: then you simply need to redirect your present users to the app authorization link requesting them to authorize the new permissions.
This assumes that you are referring to the API permissions. http://developers.facebook.com/docs/reference/api/permissions/