I have route like below
fromF("file:~~")
....
.toD("file:someotherlocation/")
the file is initially owned by userA but it is changed to be owned by tomcat user(code is deployed on external tomcat).
Is there a way, either keep owner or provide proper permission for the group.
Regards,
No it is not possible to change owner, but with the newer Java versions there is a way to change the owner of the file. You can create a JIRA ticket at Apache Camel to ask for such a functionality.
However there is a chmod option on the file component to change permissions. See the Camel documentation for more details.
Related
Has anyone figured out how to verify a Salesforce domain with Apple Pay?
Basically, Salesforce does provide a way to verify a domain by going to Setup - Domains and clicking Verify. That prompts you to upload the verification file but Salesforce seems to place it under
https://your.domain/.well-known/apple-developer-domain-association.txt
whereas Apple is looking for it at
your.domain/.well-known/apple-developer-merchantid-domain-association.txt
(note the extra merchantid- in the file name).
The main issue is that Salesforce's multi tenant platform doesn't allow for direct access to the file that's placed in .well-known directory and there doesn't seem to be any way to control the file name. Is there any alternative way to verify domain ownership in this case?
Picked up an existing project built on Composite C1 version 4.3, and I'm trying to install a package. All the information online says to go to System -> Packages -> Install Local Package, but I don't even see a Packages option on the System page at all.
I've tried to see if this option was disabled or not available in this version, but nothing definitive so far.
EDIT:
I do have direct access to code, so if there's a config file I could edit it directly, but haven't found anything that indicates where this might be.
It looks like the account that you are logging in with isn't the main admin account. It's probably a developer account to which the admin has added the ability to make backups and tweak Google Analytics settings. You'll need to contact the admin and ask them to give you full privileges, in order to install packages yourself.
If you have FTP access to the website, there is a way to move an account from one group to another:
Open: ~/App_Data/Composite/DataStores/Composite.Data.Types.IUser.xml
Find the user account for the user you want to change group membership for, and make a note of the Id GUID value.
Open: ~/App_Data/Composite/DataStores/Composite.Data.Types.IUserGroup.xml
Find the group you want that account to have membership of (ie: Administrator or Admin), and make a note of the Id GUID value.
Open: ~/App_Data/Composite/DataStores/Composite.Data.Types.IUserUserGroupRelation.xml
Make a backup copy of this file, just in case it doesn't work!
In the origional, find UserId GUID matching your account Id, then ammend the UserGroupId to the group Id. Save the file.
I've tried this out on my local copy of C1 and it appears to work. You should now have access to everything the admin has access to.
i downloaded the old version of C1 4.3 from github and started a new site, and looks like something is wrong with your site, because this version have package manager.
Something error on Log's Folder? (no Console Log item found in your capture)
I tested on this version (see the image uploaded), so, wich especific version have you?
The two files I needed to change were IUserActivePerspective, and IUserGroupActivePerspective. The perspectives for what I was missing were removed from the admin account, so I just needed to add them back there.
I hit the below error when trying to insert the permission
"code": 403,
"message": "The authenticated user has not granted the app xxx write access to the child file xxx, which would be affected by the operation on the parent"
Here is what I am doing
We have two Google Account,
1. API Account - we used to create folder and change the ownership to Business account
2. Business Account - upload a file
now we try to share to folder to customer and we hit the above error
And here I using OAuth 2.0 Installed Applications to get the access token.
Please advise what is wrong I am doing here
I had the same issue but I realize that its because of the scope for credential wasn't setup properly. I only had DriveScopes.DRIVE_METADATA set which was not enough for downloading files. Once I added DriveScopes.DRIVE_FILE, DriveScopes.DRIVE, and DriveScopes.DRIVE_APPDATA, I was able to download the file without any problem. Hope this helps.
P.S. if you are changing credentials, you have to delete the previously saved credential file.
Based on the Official Google Documentation you received '403: The user has not granted the app' because the request is not on the ACL for the file. The user never explicitly opened the file with this Drive app.
It is highly recommended to use Google Open Picker and prompt the user to open the file or direct the user to Drive to open the file with the app.
For the CQ5 environment I work on we have a farm of publisher servers. Some of the content on these servers is restricted so only users who belong to certain groups can see the content. I'd like to script the setting of permissions for the folders (nodes) that are to be secured so I don't have to manually repeat the steps of applying security using the Access Control Editor of Content Explorer (This Adobe documentation has instructions for doing it manually via Access Control Editor). The scenario is that sometimes new folders are to be created to hold secure pages, and we want to apply permissions to the folders prior to activating any content into those folders.
Since the environment has several publishers, it is repetitive, manual, and error-prone work to open Content Explorer and set the permissions on each one. I'd like to do be able to automate this so I could roll out permissions to all the servers via a script--perhaps via a curl command or some other mechanism (perhaps a package?) that can be automated.
I found the Sling jackrabbit-accessmanager bundle that seems like it will facilitate automation of this, but it seems like it opens a security hole. If I put this bundle on my publishers, it seems like I would be providing an REST interface to let anyone modify the permissions and grant access to folders/nodes that should be secured or to add security restrictions on nodes that should have none.
How can I automate the creation/modification of node permissions via a script--and do so in a way that only allows an administrator to apply the permissions changes?
This tool lets you manage permissions in a centralised way, they can also be installed automatically at deploy time:
https://github.com/Netcentric/accesscontroltool
Regarding permissions applied to new folders, the solution is setting permission properly on their parent folder. CQ/AEM will automatically apply the same permissions to all children unless another rule break the inheritance.
I found one alternative I hadn't considered before: using the Day CQ ACL Setup Service. It is mentioned at http://dev.day.com/docs/en/cq/5-5/developing/security_model_changes.html.
AclSetupService allows one to add permission to a single path or a given user/group. This will be applied on each restart of CQ to guaranteed a certain permission state within CQ. For example, "allow;inherit;everyone;/" prevent everyone from accessing CQ (i.e. it forces all users to login first). As noted in the description of AclSetupService, you will need the following pattern per entry:
( "allow" | "deny" ) ";" ( privileges | "inherit" ) ";" principal ";" path
Choose either "allow" or "deny" for the first part.
Next enter one of the privilege below or set it to inherit permission from ancestor.
Then enter a single user/group.
Finally enter a single path to apply the permission to.
Using this will replace permission set within the repository when you restart CQ. These could be scripted by using the process outlined here and here.
Privileges can be:
jcr:read
rep:write
jcr:all
crx:replicate
imp:setComplete
jcr:addChildNodes
jcr:lifecycleManagement
jcr:lockManagement
jcr:modifyAccessControl
jcr:modifyProperties
jcr:namespaceManagement
jcr:nodeTypeDefinitionManagement
jcr:nodeTypeManagement
jcr:readAccessControl
jcr:removeChildNodes
jcr:removeNode
jcr:retentionManagement
jcr:versionManagement
jcr:workspaceManagement
jcr:write
rep:privilegeManagement
If you would like to use the Sling jackrabbit-accessmanager bundle on a publish instance it is possible. You would want to make sure your dispatcher which sits in front of the publish instance does not allow the permission requests (/.modifyAce., .deleteAce., etc) and the publish instances can only be accessed directly from inside your network. It's standard practice to deny all requests in the dispatcher and specify what is allowed.
Is there are reason you are not just replicating the permissions when the folder is activated? There should be a rep:policy node underneath the secure folder which gets replicated.
So I have a setup where clearcase and clearquest are integrated.
I.E. if I check in a file in clearcase clearquest will popup asking for a change request number.
Here's the deal, I don't have to "login" every time I start a new clearexplorer.
I have some other tools I have been writing that I would like to take advantage of that capability but I don't know where to start. Basically I want my tool to check the same place clearcase checks to see that I'm a valid user and create my object based on those credentials.
From the looks of things the ALDB server might have something to do with it but I don't know how to interact with it.
Anyone have any ideas on it?
UPDATE:
I guess What I mean is I don't have to login to Clearquest every time I open a new clearcase and check in files. That's what I'm really looking for. using the existing clearquest "authentication" object (If that's what its even called)
Update 2:
Based on Information I found here:
http://publib.boulder.ibm.com/infocenter/cqhelp/v7r0m0/index.jsp?topic=/com.ibm.rational.clearquest.apiref.doc/c_perf_user_admin.htm
You can use this method to obtain the Session object associated with the current user. See the description of the Session object for more information on how to use this object.
I look at Session Object and it doesn't seem to mention about how to use this object as it states.
Update #3
This has been a long time, but it's come up again, I think what I'm really looking to do is build something that shares the Session object since logging in takes quite a while my plan is to login once using a background process, and then I can query that running process for the object when I try to login with a second program, if it works all goes well and continues, if it doesn't then it will require a manual login, (or could spawn the process that logs in, and waits for a response).
If/When I make this I'll post some details on steps I took.
It is true the albd service (Atria Location Broker Daemon) requires a Windows account to function. But not yours. See Updating the Windows ClearCase ALBD Password.
The last one, the ALBD service, requires a Windows user account with ClearCase privileges to function properly.
In the definition of this service, during ClearCase installation, the ClearCase administrator must specify the name of this privileged account, the password, the Windows domain, and the Windows group for this account.
Any ClearCase-related operation will based the user identification on the
credmap informations (if you are with Windows clients and Unix server)
credmap registryServer
or the creds.exe informations
The clearcase objects (like a new version created after a checkin) will get those credentials.