I use log4j2 in my application and have an xml configuration file. There are multiple loggers configured in this file. I would like to set the level for those loggers based on the value of some system property. I know that I can access system properties like this ${sys:property}. But I guess I also need to add some conditional logic to the configuration, as I want something like this:
if (${sys:property}=="value") {
<Logger name=logger.name level="ERROR">
} else {
<Logger name=logger.name level="INFO">
}
How can I add such conditional logic to the log4j2 configuration?
Related
When I run my MVC 5 site locally, I want to use these ninject bindings. When I run it in production on azure, I want to use those bindings (which are almost the same, except for a couple different bindings).
How should I detect this, and where should this conditional code go?
To prevent you from having to have separate compilations for each environment, you should drive your DI configuration from web.config. This will keep the door open for a compile once, deploy everywhere strategy.
<appSettings>
<add key="UseSpecialDI" value="true" />
</appSettings>
In your DI config:
bool useSpecialDI = ConfigurationManager.AppSettings["UseSpecialDI"].ToLower() == "true";
if (useSpecialDI)
{
// Use "those settings"
}
else
{
// Use "these settings"
}
Much like your DI configuration, it is best to use fine-grained configuration settings that do specific things rather than broad settings that change large swaths of the DI configuration around.
How Struts2 controller check, we need to check our action mapping in Struts.xml file. Which Interceptor check, we need to search for our action in Struts.xml?
I mean to say, why we need to provide its name as Struts.xml? Beacuse suppose if we are gonna change its name, then we have to override cofig init-param. But for this we need to provide Struts-default.xml in param-value as first parameter. then only, I will be able to change struts.xml name.
For Example:-
<init-param>
<param-name>config</param-name>
<param-value>struts-default.xml,test.xml</param-vale>
</init-param>
So I want to ask why it don't work without struts-default.xml.
in our app, we have the following:
<intercept-url pattern="/app/**" access="ROLE_ADMIN,ROLE_USER,ROLE_CUST_ADMIN" />
but, in our app, we can create custom roles too, and, when a user of a custom role, for ex, ROLE_LIMITED_USER tries login, the access is denied.
how can I secure the app without listing the roles ? or how can I make it accept a pattern ROLE_* ?
I tried the following :
<intercept-url pattern="/app/**" access="IS_AUTHENTICATED_FULLY" />
but, this is causing the session time out and user is required to login. Before the change, the user login was remembered.
Appreciate any solution
thanks
A couple things:
The roles that you are requiring to access functionality in your app should not change - think of them more as "permissions" instead of "roles". (The Spring Security default here may be a misnomer.) Then you can map sets of permissions to roles (via your own code), allowing custom roles to be created as a different bag of permissions, but the actual permissions that you are coding/checking against are static - they don't change. When a user is authenticated, the set of GrantedAuthoritys you populate in the UserDetails should be a merged collection of permissions based on the user's assigned roles.
That said, I think you can still do what you want without changing the security model by using Expression-Based Access Control. Assuming you're using the security namespace (i.e. xmlns="http://www.springframework.org/schema/security"), then you need to set use-expressions="true" on the <http> element and change your access attribute values to SpEL expressions, such as:
<http use-expressions="true">
<intercept-url pattern="/app/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_CUST_ADMIN')" />
<intercept-url pattern="/other1/**" access="isAuthenticated()" />
<intercept-url pattern="/other2/**" access="authentication.authorities.?[authority.startsWith('ROLE_')].size() != 0" />
</http>
Note that this code snippet has not been tested, and I'm pretty sure the 3rd intercept-url example won't work as is but should be pretty close. (It's attempting to filter the Collection<GrantedAuthority> to authorities that start with ROLE_ and make sure the filtered list isn't empty.)
My guess is that it will be easier to use the 2nd intercept-url and do any further custom checking in code, where you can get access to the current SecurityContext / Authentication / principal via:
SecurityContextHolder.getContext()
Hope this helps.
Note similar question here as well:
Spring Security Authorize Access Role with a Wildcard
Use Spring's #PreAuthorize annotations in your classes, and reference a custom permission evaluator via SpEL. Don't worry about building an expression parser, as you can simply reference a boolean method from within the annotation:
#PreAuthorize("#myCustomClass.booleanMethod(param1, param2, #passedParam) and isAuthenticated()")
myMethod(passedParam) {
//do something
}
Then, in the custom class, define the boolean method, and it can handle your roles (permissions) however you like -- including accessing a database to discover your newly added roles.
You won't be able to add new roles to the XML configuration on the fly, so if your question pertains to new role creation (which seems to be the case), you'll need something like the above to make it happen. Using SpEL and a custom boolean method gives you access to a potentially limitless set of restrictions and requirements you can add to your application.
My Example
Relatively simple layout.xml.php:
<?xml version="1.0" encoding="<?php echo sfConfig::get('sf_charset', 'UTF-8') ?>"?>
<example>
<?php echo $sf_content ?>
</example>
Simply isn't being used by any XML templates e.g. indexSuccess.xml.php
The Symfony documentation states:
The layout is automatically disabled for XML HTTP requests and non-HTML content types, unless explicitly set for the view.
Yet gives no documentation on how to set explcitly? Elsewhere obviously leads to:
all:
layout: layout
has_layout: true
But this seems to make no difference for XML templates?
Other sources mention sfAction having a hasLayout method, which clearly has been deprecated.
Evidently seems this isn't something that can be set globally via YAML (which is sad).
You can set it as stated in the documentation per view, i.e. in view.yml:
indexSuccess:
layout: layout
has_layout
But this is pretty laborious if you have many actions and against DRY concepts.
Note: Setting the values for all takes no effect.
$this->setLayout('layout')
Does work within an action, but again in my scenario this would need to be set in every action, again not particularly DRY.
Thus, I chose to extend sfActions and bind it into the preExecute method.
class myActions extends sfActions {
public function execute($request) {
if($request->getRequestFormat() == 'xml') {
$this->setLayout('layout');
}
return parent::execute($request);
}
}
Sorts the problem globally if you make sure all your actions extend myActions instead of sfActions, if you want to do it for all formats you could make use of the preExecute method instead, but I wanted to make use of the sfWebRequest to ensure I don't try and force layouts onto prospective other formats I may add such as JSON.
Might this be part of "setting it explicitly for the view"?
$response = $this->getResponse();
$response->setContentType('text/xml');
http://www.symfony-project.org/gentle-introduction/1_4/en/07-Inside-the-View-Layer
I have a problem with my Authentication HttpModule. The problem is that it obviously runs for every single request I get on my web server (IIS7). Because it also uses Session variable, it fails to work properly on CSS, JS files and similar.
I tried to use:
<add name="AuthModuleName" type="..." preCondition="managedHandler" />
but to no avail. It still runs on every request regardless of its extension or mime type. I should also add, there's a setting
<modules runAllManagedModulesForAllRequests="true">
that seemed suspicious to me and actually disabled preConditions on modules. But changing it to false, breaks the application in a completely different way and with a different exception (The SessionStateTempDataProvider requires SessionState to be enabled).
Can anybody help me how to force IIS7 to exclude my HttpModule when requests are made for static content files?
runAllManagedModulesForAllRequests attribute has to be set to false to actually configure any module the way you want. You will have to also correctly reconfigure Session and others as needed, but the main thing is handlers pipeline execution order that handles requests.
The answer was provided in one of my other questions:
Thanks to Peter that provided the answer that worked correctly.
I don't know about an IIS7 setting for that but you can do this.
The session object will be available only for non-static content :
void yourEventHandler(object sender, EventArgs e) {
HttpApplication app = (HttpApplication)sender;
if (app.Context.Session == null) {
return;
}
// then your code here...
}
This will ensure your code won't be run for files like CSS, JS etc. But keep in mind the session object will also not be ready before PostAcquireRequestState event. (For the order of the HttpApplication events, see this page.)
Edit : Also, it appears with ASP.NET Development Server (though I know you said IIS7 in your question), your HttpModule will still run even for static files.