Can someone please explain what is the difference between CreateUser(String) and CreateUser(User,Credential) in confluence. I want to create one user for confluence, if user is not there in the group. There is no information in confluence documentation. :(
I wrote code like this, but not sure whetehr it will accept createUser method twice in same line.
userAccessor.createUser(userAccessor.createUser(username), Credential.encrypted(password));
I am guesing, if inside createUser is executed,then it will throw an exception at outside parent createUser as it is trying to create same user again?
Please give me your thoughts
Thanks
Samuel.
The new createUser(User, Credential) method replaces the old createUser(String) method, so you should use the former and construct a user with all the details:
User user = userAccessor.createUser(new DefaultUser("mryall", "Matt Ryall", "matt#mattryall.net"),
Credential.unencrypted("secret"));
The reason for having this API was to reduce the number of calls needed to create a user, and fix the potential race condition where you're creating a user with a username but with otherwise empty fields (name, email, password).
This entire API is very poorly documented. I work on the Confluence team at Atlassian - so mea culpa! We'll try to get this fixed.
Related
So I have been working on JDA for a while now and I wanted to create a quiz system in which people can answer using reactions. The problem is: I am stuck on how to check who voted which reaction. I have my code here:
public void onMessageReactionAdd(MessageReactionAddEvent event) {
MessageReaction reaction = event.getReaction();
ReactionEmote emote = reaction.getReactionEmote();
//if user reaction = certain emote then ...
}
I am stuck on that because I can't seem to find any API regarding a user's reaction. Any help will be appreaciated!
You need to save every single vote with the voting user in a Database.
Use MongoDB or MySQL for example.
I am using the service account model and Google's Admin SDK Java API to retrieve and modify users.
The goal is to add an alias for an existing user.
Alias newAlias = new Alias();
newAlias.setId(userID);
newAlias.setAlias(alias);
Directory.Users.Aliases.Insert request = directory.users().aliases().insert(userID, newAlias);
request.execute();
execute() fails 100% of the time with the error message:
"Value set through a parameter is inconsistent with a value set in the request"
but of course does not identify the problem parameter or value, or provide a suggestion.
I tried all 8 combinations of scoped (or not scoped) userID and alias in newAlias, and userID in the request, with the same result. By all 8 combinations, I mean:
newAlias.setId(userID);
newAlias.setAlias(alias);
insert(userID, newAlias);
newAlias.setId(userID#domain.com);
newAlias.setAlias(alias#domain.com);
insert(userID#domain.com, newAlias);
and so on...
Any ideas greatly appreciated.
I think it is worth adding that, while I believe the above approach is correct (using Directory.Aliases.Insert) and that I am missing some critical information or made a mistake, I also attempted to add the alias by updating the User object instead of Aliases, something like this:
List<String> aliases = new ArrayList<String>();
aliases.add(scopedAlias); //userid#domain.com
User user = new User();
user = retrieveUser(uid); //Gets current record from Google
user.setAliases(aliases);
Directory.Users.Update request
= directory.users().update(uid, user);
request.execute();
That did not work either.
Anyone have an example of working code?
I've gotten aliases inserted using the following:
Alias alias = new Alias();
alias.setAlias(aliasString);
directory.users().aliases().insert(userId, alias).execute();
I don't have anything in the way of insight as to why your approach isn't working or why my approach works, but there you go.
S. McKinley's suggestion worked.
The key difference:
I had been including the call:
alias.setId(userId);
or
alias.setId(scopedUserId); //userId#domain
Either one resulted in the "parameter is inconsistent with a value" error. Leave it out and the alias gets created.
I was able to find the customerId as follows
Go to admin.google.com
Security -> Set up single sign-on (SSO)
You will see URLs like this:
https://accounts.google.com/o/saml2/idp?idpid=Cxxxxxxxx
That Cxxxxxxxx is your customerId
I am working on an existing Web based application.
Now, I need to secure the application against what I think is called url hacking. For instance, if the customer with customerId 1 is logged in and viewing his profile, the following http get variable will be visible in the address field: customerId=1.
I need to prevent a customer from being able to set customerId=2 and see the profile of another customer.
The problem is that, the application is already in production and in good working condition, so the changes should be minimal with respect to this change.
How is this best achieved?
Any sugggestions/comments?
why do you give the id in the URL when the user should only be allowed to change his profile? I don't see any need for this. Rather get the current user from SecurityConext and display its profile on an URL without the id.
with the new information you gave in the comments I suggest sth. like this:
just check if the given orderid in the URL belongs to the current user.
You're saying you use "normal web based Application" so I assume Servlet/jsp based. In your servlet you would do something like this:
int orderId = Integer.parseInt(request.getParameter("orderId"));
String username = request.getUserPrincipal().getName();
/*now you need to check if username match with the username of the order e.g. by using hibernate to get the order by id and check its user and if not throw PermissionDeniedException or similiar*/
95% agree with Korgen's answer above.
5% - if you want to allow administrator access to edit user profiles using the same functionality just switch to UUID to identify edited user.
I am looking for simple way to connect information about requirement/release and source code.
The case is that developer should be able to find any artifacts created given release or CR in easy way.
The idea I have is to introduce some new annotation to mark any new class ( I am not sure if it is good for any new method) for example:
#ArtifactInfo(release="1.2" cr="cr123")
Do you have any other ideas? Maybe you use already something similar?
Take care,
Marcin
IMO the code is the wrong place for that kind of information.
Take a look at the imaginary code below.
class Authenticator {
login(String username, String password){
User user = retrieveUserFromDatabase(username);
throwIfWrongpassword(user, password);
verifyUserAge(user)
}
void throwIfWrongpassword(User user, String password){
//throws AuthenticationException if password is wrong
}
void verifyUserAge(User user){
//verify that user is above 18 or account is authorized by a parent
}
void biometricLogin(String username, BiometricImage bioimg){
User user = retrieveUserFromDatabase(username);
verifyBiometricImage(user, password);
verifyUserAge(user);
}
}
This is the result of a few requirements:
Users must authenticate to have acces to the system
Users can use biometric authentication instead on password auth
Underaged users must be authorized be parents or something like that.
All those requirements were added in different poins of time, on different versions of the software.
A class-level, or even a method-level annotation won't suffice to effectively map requirements to code.
You'd have to use a "line of code"-level annotation.
Of course, that's impractical.
The right way to do that is to follow a few best practices when using the source code repository and the bug tracker:
1) Every requirement corresponds to one or more issues on the bug tracker
2) Every commit message starts with a corresponding issue key, like "PROJ-123 - a nice feature"
3) When you do a release (meaning, incrementing your software version), you tell the bug tracker that those issues were fixed in that version.
If you need to know what requirements were implemented in what version, ask your bug tracker.
If you need to know all the code that was produced for a given requirement, ask your source code repository (filter commits by log message)
If you need to know what is the requirement for a given line of code, ask your source code repository. GIT and SVN have a "blame" command that will tell you, for a given file, for each line of code, who commited it, when, and the commit message (which will have the issue number if everyone on the team is a good boy) - So this will work as that hypothetical "line-of-code"-level annotation.
Using "commit hooks" can help you enforce rule 2) in an organization.
Maven has some degree of integration with JIRA and other bug trackers, and maybe it can help automate #3. But I haven't really used it like that. But if it doesn't do what you need, you can always ask for more :-)
I ran into an interesting case where it seems to indicate that the documentation for Google Contacts API is incorrect.
What I'm trying to do is getting the contact information of authenticated user who has already given permission to the app using this URL:
https://www.google.com/m8/feeds/contacts/default/full/contactId
The result of the call is always status 404. However, when I'm trying to get full address book, it seems to be working fine.
https://www.google.com/m8/feeds/contacts/default/full
Is it documented incorrect or I'm doing something wrong? It makes no sense that I can get the whole address book without being able to get contact information of the authenticated user.
The scope I'm using is:
https://www.google.com/m8/feeds
Thanks,
Jack
Additional information. The API documentation shows the following:
public static ContactEntry retrieveContact(ContactsService myService) {
ContactEntry contact =
myService.getEntry(new URL("https://www.google.com/m8/feeds/contacts/default/full/contactId"),
ContactEntry.class);
// Do something with the contact.
return contact;
}
This seems to mean that "contactId" keyword should used as part of URL. It just doesn't work for me.
To clarify this question. The goal is to get information on current authenticated user without having to go through workaround of fetching data multiple times. Even with the workaround of fetching all contact first, I didn't see any contactId of authenticated user coming back with it.
It depends on what you are trying to get. If you call https://www.google.com/m8/feeds/contacts/default/full, then you are looking for all the contacts. Now, when you get back the contacts, you can request the data for a single contact by using https://www.google.com/m8/feeds/contacts/default/full/{contactID} where {contactID} is the last part of the field from the full contact list. It will look like http://www.google.com/m8/feeds/contacts/{user email}/base/{contact id}.
So, if you get back the full contact list, a single contact will have an ID field that looks like: http://www.google.com/m8/feeds/contacts/{user email}/base/{contact id}. If you take that last {contact ID} and append it to the end of the call (https://www.google.com/m8/feeds/contacts/default/full/{contactID} ), you will get back the contact information for just that contact.