Weblog Comment Author (force to be login ID from OD)?

Similar Messages

• Weblog Comment Author (force the loginID from OD)?

  Can you force the author of a comment to be the logged in loginID of the person who has authenticated into a secured weblog?
  Cross posted to Collaboration Services as well.
  We have successfully set up and installed the weblog piece of the collaboration services on our 10.4.5 OS X Server (a replica on an OD system) and authentications work great, staff can create blogs, students can't but they can read the blogs and supply comments (that's what we want). However, a student who has been required to log into the blog site to read the blogs can still create a comment to an entry and supply ANY name they want in the Author. I'd like to remove the option to type an Author (I've already removed the e-mail and URL boxes) and force the Author field to be the loginID of the user who has logged in to the blog site.
  Does anyone know how to do this? I've customized quite a bit on the weblog site so far, and everything is working exactly as we wanted but this is the one deal breaker we may have. We can't have 'anonymous' weblog comments posted by students. Too risky. We need the accountability of their own loginID being the Author. The weblog will be used for classes and is not accessible to guests or anonymous users so security of their name is already in place.

  Cross Posted to Collaboration Services as well...
  After extensive work with David Czarnecki, the author of Blojsom, we were able to get the userid provided by the logged in user included on the comment page. This required a new plugin by David (loggedinuser) which would store the logged in user's userid (the one they used to authenticate against our OD) and I can then use the variable it's assigned to in the Author field of the comments page, which I also set to read only so that students/staff cannot masquerade as another user in the Author field or submit anonymously.
  I would recommend that anyone who would like to have this capability (and I can't imagine a single school that wouldn't) contact David Czarnecki via his site (http://wiki.blojsom.com/wiki/display/blojsom/About+blojsom) about the availability of the loggedinuser plugin and instructions for configuring the plugin (also provided below). If there is interest I can post my instructions for setting the Author field to read only as well so that logged in users can't change the Author on their comment. I also have the .jar file and the .java source file for the plugin and can provide that to Apple engineers if they would like to include this in future distributions, or to any admin who would like to use this plugin.
  This will not stop masquerading via a stolen userid and password, but that's a different set of problems.
  Plugin Installation and Configuration:
  1. Copy the logged-in-user-plugin.jar file to blojsom's /WEB-INF/lib directory.
  2. In /WEB-INF/plugin.properties add:
     loggedinuser=org.blojsom.plugin.user.LoggedInUserPlugin
  3. In /WEB-INF/(blog-id)/plugin.properties, add " loggedinuser" to the end of the HTML plugin chain.
  4. Re-start Tomcat to re-start blojsom. This requires a restart of the server, unfortunatley, unless someone can show me how to restart tomcat and reload the plugins and config files without a full server restart.
  In the template (/library/tomcat/blojsom_root/webapps/root/web-inf/templates/html-comments.vm), you can then set the value of the 'author' text field to:
  #if ($LOGGED_IN_USER)$LOGGED_IN_USER#end
  Now users will see their shortname (userid) in the Author field and can't change it when they go to add a comment to a blog entry. This will only work if the user is required to log into the blog, and probably only with Apple's OD implementation.

• Enable edit/spell check for Weblogs comment

  Probable this was already addressed, just can't find the relevant post, but it would be great to have edit/spell check option for Weblogs comment just like in the forum.
  Recently my grammar/spell is getting even worse than usual;-)))
  Peter

  Hi Peter,
  Gregor is right. I am using iespell(sorry no firefox version available) even payed the nominal fee and then right-mouse-click spell check done.
  I use that even here in the forum because I have more control over which words are O.K.
  Best, Mark.
  P.S. Bummer I outed myself as the last nerd still using IE, or is it the final proof, that I am not really one

• Login changes from WLCS 3.2 vs WLCS 3.5

  I am upgrading my current prototype using WLCS3.2 to 3.5. I use the
  exampleportal demo and plug in a few JSP's from my web application.
  In 3.2, after you enter your login information the request object that all
  portlets have access to contains 3 parameters: loginAction, username and
  password. I use this information in order to log into my application which
  allows me to have a single signon.
  In 3.5, things have changed and the only parameter that I have access to
  through the request object is 'dest' which has the path to
  /something/loginSuccess.jsp. How do I now get access to login information
  from the portal similar to what was available to me in 3.2?
  thank you
  shane

  Peter,
  Thanks for the quick reply. I'll let you know how I make out.
  thanks
  shane
  "Peter Laird" <[email protected]> wrote in message
  news:[email protected]...
  >
  Shane,
  Excellent question. Let me point you to some reading:
  1. There is a brand new security guide for 3.5 athttp://edocs.bea.com/wlcs/docs35/secguide/index.htm
  >
  2. Read the Security chapter of the Servlet 2.2 spec, found athttp://java.sun.com/products/servlet/index.html
  >
  >
  Realize that the 3.2 portal's implementation of the security mechanismpredated
  the standard J2EE declarative security model. The 3.5 release of portalreimplemented
  security to adhere to the standard. So the missing attributes is aside-effect
  of this change.
  In 3.2, the portal was responsible for doing its own user authentication.Therefore
  the username and password was available to the portal code. In 3.5, theservlet
  container (WLS) performs the authentication on behalf of the portal. Asyou see
  in the Servlet spec, the methods available to a servlet afterauthentication allow
  you to get the username via request.getUserPrincipal(). But there is nostandard
  way to get the password. So if you require the password to propagate theidentity
  to another application, you are out of luck.
  All is not lost though. I can think of three avenues for you.
  1. Reread section 11.6 of the Servlet 2.2 spec. It declares that thecontainer
  must maintain authentication at the container-scope, and not the web-appscope.
  Know that the portal is deployed as a webapp. If your secondaryapplication can
  be deployed as a J2EE web-app on the same server, authentication can bemaintained
  across web-apps.
  2. If you cannot deploy your app as a web-app, there is still anotheroption.
  WLS supports an "Authentication Filter" which is invoked both immediatelyprior
  and immediately after the j_security_check authentication mechanism. Thisallows
  you to provide a callback which accepts the HttpRequest. Therefore, youshould
  be able to stash the j_password into the Session before WLS clears it outof the
  Request. I don't have time to try this today, but if you do please postyour results!
  Read here for more info on the AuthFilterhttp://e-docs.bea.com/wls/docs60//javadocs/weblogic/servlet/security/AuthFil
  ter.html
  >
  >
  3. If the above options don't work for you, you may wish to implement acustom
  WLS security realm which will provide passwords for users upon request.
  Post back to the newsgroup with your thoughts/results.
  PJL
  "Shane Daniels" <[email protected]> wrote:
  I am upgrading my current prototype using WLCS3.2 to 3.5. I use the
  exampleportal demo and plug in a few JSP's from my web application.
  In 3.2, after you enter your login information the request object that
  all
  portlets have access to contains 3 parameters: loginAction, username
  and
  password. I use this information in order to log into my application
  which
  allows me to have a single signon.
  In 3.5, things have changed and the only parameter that I have access
  to
  through the request object is 'dest' which has the path to
  /something/loginSuccess.jsp. How do I now get access to login
  information
  from the portal similar to what was available to me in 3.2?
  thank you
  shane

• [svn:bz-4.0.0_fixes] 21006: Merge Tomcat 7 login module from BlazeDS trunk to BlazeDS 4.0.0_fixes.

  Revision: 21006
  Revision: 21006
  Author:   [email protected]
  Date:     2011-03-31 13:00:11 -0700 (Thu, 31 Mar 2011)
  Log Message:
  Merge Tomcat 7 login module from BlazeDS trunk to BlazeDS 4.0.0_fixes.
  Checkintests: passed
  Modified Paths:
      blazeds/branches/4.0.0_fixes/modules/opt/build.xml
  Added Paths:
      blazeds/branches/4.0.0_fixes/modules/opt/src/tomcat/flex/messaging/security/Tomcat7Valve. java

  Dear Insaponata ,
  I dont understand what do you mean by oneoff but see the following:
  A patch is a one-off fix for a specific issue. The patch may be a manual process, or applied using the opatch utility. These changes may not result in an oracle version change, so it is only possible to tell that they have been applied by keeping a manual record, or by listing the patches applied via opatch, assuming that is how you applied them. Patches may have specific dependencies, so you must check you have the correct patch for your version.
  A patchset is a collection or bundle of patches. Typically, a patchset is a more major operation, and as such will include be applied using the Oracle Universal Installer. The patchset will typically result in a significant version change, like 10.2.0.1.0 to 10.2.0.2.0 etc. Patchsets are usually cumulative, so you can patch anything from the base version release to the latest patchset in one go. So the same 9.2.0.8.0 patchset will be used to patch 9.2.0.1.0 and 9.2.0.7.0.
  The word bundle implies a collection of patches, but a bundle may not be as big or important as a complete patchset. The bundle simply implies there are multiple patches bundles together.
  I get this from this link:
  http://www.araboug.org/ib/index.php?showtopic=25466
  Mohamed

• Could you please tell me why as a Brit resident in Japan therefore having a billing address that is Japanese is forced to only get service from the Japanese online store? Is there not some way of allowing me to select movies and music to buy and download

  Could you please tell me why as a Brit resident in Japan therefore having a billing address that is Japanese is forced to only get service from the Japanese online store? Is there not some way of allowing me to select movies and music to buy and download from other stores. Why do am i forced to try to nread Japanese when I have selected English as my language. The price for Downloads is no different and even if it was I am happy to pay. This also applies to Movie rental which is crazy and extremely restrictive. I a supposed GLOBAL community why does Apple do this.

  You can buy ONLY from the itunes store of your country of residence (As proven by valid billing address of credit card) and ONLY while inside the borders of that country.
  These are the terms of the itunes store.

• I had over 200 e-mails.  I went to my webmail and deleted most of them.  However, my iPhone still shows 200 e-mails.  How can I force my iPhone to update from the e-mail server?  Or will I have to delete each e-mail from my iPhone as well?  Thanks.

  I had over 200 e-mails.  I went to my webmail and deleted most of them.  However, my iPhone still shows 200 e-mails.  How can I force my iPhone to update from the e-mail server?  Or will I have to delete each e-mail from my iPhone as well?  Thanks.

  You may have to try deleting all the music from your phone (by going to Settings>General>Usage>Music, swipping All Music and tapping Delete), then sync it all back on with iTunes in order to fix this.

• Error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" on SQL Server 2008 R2 Enterprise Edition 64-bit SP2 clustered instance

  Hi there,
  I have a Windows 2008 R2 Enterprise x64 SP2 cluster which has 2 SQL Server 2008 R2 Enterprise Edition x64 SP2
  instances.
  A domain account "Domain\Login" is administrator on both physcial nodes and "sysadmin" on both SQL Server instances.
  Currently both instances are running on same node.
  While logging on to SQL Server instance 2 thru "Domain\Login" using "IP2,port2", I get error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication". This happened in the past
  as well but issue resolved post insatllation of SQL Server 2008R2 SP2. This has re-occurred now. But it connects using 'SQLVirtual2\Instance2' without issue.
  Same login with same rights is able to access Instance 1 on both 'SQLVirtual1\Instance1' and "IP1,port1" without any issue.
  Please help resolve the issue.
  Thanks,
  AY

  Hello,
  I Confirm that I encountred the same problem when the first domain controller was dow !!
  During a restarting of the first domain controller, i tried to failover my SQL Server instance to a second node, after that I will be able to authenticate SQL Server Login but Windows Login returns Error 18452 !
  When the firts DC restart finishied restarting every thing was Ok !
  The Question here : Why the cluster instance does'nt used the second DC ???
  Best Regards     
  J.K

• Why are Setup Assistant and Migration Assistant forcing me to copy everything from an old mac?

  Hi,
  I just bought a new Mac Mini (Late 2014, ships with Yosemite) to replace a defunct MacBook Pro (Late 2008, last ran 10.8.5).  I have a local administrative user account and some server and network data that I want to migrate from the latest Time Machine backup of the MacBook Pro to the Mini.  I don't want to copy anything else to the Mini.  Neither Setup Assistant nor Migration Assistant will let me deselect anything though.  All the check boxes are greyed out.  Clicking on them does not uncheck them.  This forces me to copy everything from the Time Machine backup to the Mini.  Then the Mini won't restart.   It won't even boot into safe mode.  It just gets stuck in a reboot-loop until I enter recovery mode, wipe the system drive, and reinstall Yosemite.  Does anyone know why those check boxes are greyed out and how to fix them.  Thanks in advance for any help.

  Since it's a new machine, contact Apple's Support and let them deal with it.
  27" i7 iMac (Mid 2011) refurb, OS X Yo (10.10.1), Mavs, ML & SL, G4 450 MP w/10.5 & 9.2.2

• How to call custom Login Module from JSP

  Hi,
  I am stuck with the following issue:
  1) Exactly as presented in help.sap.com (http://help.sap.com/saphelp_nw04/helpdata/en/3f/1be040e136742ae10000000a155106/content.htm) I created custom login module and deployed it as a library on J2EE server. When I configured it to be used for my applications in the Security provider but I am getting "No user name provided" exception everytime when my applications use this custom login module.
  2) I realized that I would need to call my custom module somewhere within my application (simple JSP) using LoginContext class and then use MyLoginContext.login() spec to initiate login process. But I am not able to pass CallbackHandler parameters from JSP application to my custom login module.
  So I have the following questions:
  1. Can I pass parameters using LoginContext and CallbackHandler from JSP to my custom login module (created as exact copy of HELP.SAP.COM example) or this module cannot be used this way.
  2. How to pass CallbackHandler correctly to my custom login module from JSP. When I am trying to use CallbackHandler, I am getting "Abstract Class cannot be called" error.
  I'd appreciate any little help on this matter.
  Thanks and regards,
  Mike

  You have two alternatives to do this:
  You can declare your JSP as a protected resource with the use of the deployment descriptors of the application (web.xml) and add the custom login module in the authentication stack of the application. This way, you will use container-based authentication, i.e. the Web Container will enforce the authentication and it will call the custom login module before it dispatches to the JSP. I recommend you this approach because it requires less coding and it makes the whole thing a matter of configuration. The configuration can be later on enhanced or changed runtime without the need to re-build and re-deploy the application. If you choose this approach you can go to the documentation of the server for help on how to modify the login module stack of the application.
  You can also use programmatic authentication by using JAAS API. To do this you need to create a custom security policy configuration with login module stack containing the custom login module, and then use the standard JAAS mechanism - new LoginContext(<configuration>, <callback-handler>).login(). This approach requires that you write your own callback handler and handle any LoginException.
  Let us know which approach you prefer and whether you have difficulties implementing it!

• Use stored login information from Safari/Firefox etc in Flash Player standalone? (Mac)

  I play a flash game called FFR (Flash Flash Revolution). It uses a login system to keep track of scores and ranks from the songs I play. On my late model eMac It's very laggy in-browser, even on low quality. I downloaded the Flash Player 9 stand alone and it runs smooth, however it doesn't use my stored login information from Safari/Firefox (or IE5 for that matter) Like Windows does. Is there any way to fix this?

  Anyone?

• I have a large number of photos I'd like to delete from my ipad 2 however from reading previous comments it seems I have to unsync from the original source computer. I'm in another country now and don't have access to it.  Is there another way?

  I have a large number of photos I'd like to delete from my ipad 2 however from reading previous comments it seems I have to unsync from the original source computer. I'm in another country now and don't have access to it.  Is there another way?

  You should be able to do this via the iPad directly.  Open the Photos application and the forward arrow, then select all of the photos you want to delete and click the red delete button.

• GNOME 3.2.1 login promt from the lock screen is ugly.

  The lock screen doesn't look nice... have i miss configured something?
  What i mean is that i don't get something like the nice login screen from GDM ... but i get a password promt similar to the old style GDM....
  Any ideas? is that the expected behaviour?
  Thanks!
  Juan.

  It's the expected behaviour, but there is an upstream task to change this: https://live.gnome.org/ThreePointThree/ … ScreenLock

• New Imac. I get rid off login password from security and account and restart. Now it asks for username and password and it's not acepting anything. Any ideas?

  New Imac. I get rid off login password from security and accounts and restart. Now it asks for username and password and it's not acepting anything. Any ideas?

  First, reset your password as follows.
  Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select Utilities ▹ Terminal from the menu bar.
  In the Terminal window, type this:
  resetpassword
  That's one word with no spaces. Then press return. A Reset Password window opens.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
  Select  ▹ Restart from the menu bar.
  You should now be able to log in with the new password, but you won't be able to unlock the Keychain. If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it. You’ll need to reset your keychain in the preferences of the Keychain Access application.
  If you're being prompted to authenticate when making changes to files inside your home folder, continue as follows.
  Back up all data now.
  This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. If none of this is meaningful to you, you don't need to worry about it.
  Step 1
  Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Drag or copy — do not type — the following line into the Terminal window, then press return:
  sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:20 ~ $_ ; chmod -R -N ~ $_ 2> /dev/null
  Be sure to select the whole line by triple-clicking anywhere in it. You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning. If you don’t have a login password, you’ll need to set one before you can run the command.
  The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.
  Step 2
  Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select Utilities ▹ Terminal from the menu bar. A text window opens.
  In the Terminal window, type this:
  resetpassword
  That's one word with no spaces. Then press return. A Reset Password window opens. You’re not going to reset a password.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Under Reset Home Directory Permissions and ACLs, click the Reset button.
  Select  ▹ Restart from the menu bar.

• Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

  Hello,
  I have gone through couple of posts regarding this issue but couldn't get the right solution. Could you please help what exactly we are missing here.
  Details:
  1) we have two SQL instances on one standalone machine (Default Instance (2008 SP3) + Named Instance (SQL 2012 SP1))
  2) Both instances are configured to accept SQL+ Windows authentication.
  3) when we give access to our users they are getting following exception if they connect with 'windows authentication'. (For both instances)
  Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
  Note: (Being a sys + windows admin I'm able to connect both the instances from same client machine without
  any issues)
  4) Also, we observed following error in windows application event log,
   SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.
  The logon attempt failed   [CLIENT: 192.168.xxx.xyx]
  5) If we create SQL login it is working fine without any issues.
  Could someone guide/help  me identifying and fixing this issue.
  Thank you

  Hello,
  Are those Windows Logins associated to domain Windows accounts? Windows Logins work for domain accounts and local Windows account created on the server where the SQL Server instance is installed (and used to login locally to the server).
  Could you try to delete one of the Windows logins that fail to login , and try to recreate them?
  The following resources may help:
  http://blogs.msdn.com/b/dataaccesstechnologies/archive/2012/12/19/error-message-quot-login-failed-the-login-is-from-an-untrusted-domain-and-cannot-be-used-with-windows-authentication-quot.aspx
  http://support.microsoft.com/kb/555332
  Hope this helps.
  Regards,
  Alberto Morillo
  SQLCoffee.com