Is it possible to control which attributes are returned in the forwarding form field? We need to reduce the number of displayed attributes (such as Last Name, Email, etc.) through the browser’s Developer Tools.
Is there a way to hide some attributes and make them not visible? I’m asking because our SecOps teams are concerned that all accounts and their sensitive information could be enumerated through scripting and used for malicious purposes.
Regards,
Pérsio
Hi Persio,
It is not possible out of the Box, but via plugin It can be achieved. What all attributes you wants to hide, and what to keep. I can write a small plugin which can control it
Hi Naveen,
We want to hide “email”, “lastname”, “managerStatus”, “displayName”, “name” and “id” attributes.
We can maintain “fistname”, “emailclass”, “managerstatus”, “icon”, “isWorkgroup” and “displayableName”.
Much appreciate for your help!
try these solution
Solved: Excluding specific Workgroup from forward suggestions for work item forwarding - Compass
This entry you need to add in “IdentitySelectorConfiguration” configuration file.
<entry key="ownerNameSuggestBoxWorkItemListForward">
<value>
<IdentityFilter name="ownerNameSuggestBoxWorkItemListForward" order="Ascending">
<FilterSrc>
<FilterSource>
<BasicFilter>
<CompositeFilter operation="AND">
<CompositeFilter operation="NOT">
<Filter operation="EQ" property="name" value="TestWorkgroup"/>
</CompositeFilter>
<Filter operation="IN" property="workgroup">
<Value>
<List>
<Boolean>true</Boolean>
<Boolean></Boolean>
</List>
</Value>
</Filter>
</CompositeFilter>
</BasicFilter>
</FilterSource>
</FilterSrc>
<OrderBy>
<String>firstname</String>
<String>lastname</String>
<String>name</String>
<String>id</String>
</OrderBy>
</IdentityFilter>
</value>
</entry>
You can change the Filter based on your need. let me if that works else i will do some tests in my lab.
thanks,
Pravin
Hi @pravin_ranjan,
This configuration does not control the attributes returned, right? Only filters for specific objects that match the filter?
My goal is to obfuscate/hide/limit attributes from the objects (which we can see via Developer Tools in internet browser).
Regards,
Pérsio
Hi Pérsio Hartmann,
Apologies for the late response.
I was working in it, and tries it via plugin, it did not work, as the details was still showing in developer tools, networks and responses.
Upon investigation, I found a solution to make changes at server side which worked, in my lab environment. Please find the below step which needs to be implemented to fix, you can hide as many attributes you want to hide. Please mark the post as solution, as it is able to assist you with your query.
1. Create a /com/custom directory inside a Web-Inf Directory
2. create a IdentityResponseFilter.java and put the below code
package com.custom;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
public class IdentityResponseFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
String path = httpRequest.getRequestURI();
if (path != null && path.contains("identityQuery")) {
// Capture the response
CharResponseWrapper responseWrapper = new CharResponseWrapper((HttpServletResponse) response);
chain.doFilter(request, responseWrapper);
String originalResponse = responseWrapper.toString();
// Remove name and email fields
String filteredResponse = originalResponse
.replaceAll("\"managerStatus\"\\s*:\\s*\"[^\"]*\",?", "")
.replaceAll("\"email\"\\s*:\\s*\"[^\"]*\",?", "")
.replaceAll("\"emailclass\"\\s*:\\s*\"[^\"]*\",?", "")
.replaceAll("\"lastname\"\\s*:\\s*\"[^\"]*\",?", "")
.replaceAll("\"firstname\"\\s*:\\s*\"[^\"]*\",?", "")
.replaceAll("\"displayName\"\\s*:\\s*\"[^\"]*\",?", "")
.replaceAll("\"name\"\\s*:\\s*\"[^\"]*\",?", "")
.replaceAll(",\\s*,", ",")
.replaceAll(",\\s*}", "}")
.replaceAll("\\{\\s*,", "{")
.replaceAll(",\\s*\\]", "]");
response.setContentType("application/json;charset=UTF-8");
response.setContentLength(filteredResponse.length());
response.getWriter().write(filteredResponse);
} else {
chain.doFilter(request, response);
}
}
@Override
public void destroy() {}
private class CharResponseWrapper extends HttpServletResponseWrapper {
private CharArrayWriter writer = new CharArrayWriter();
public CharResponseWrapper(HttpServletResponse response) {
super(response);
}
@Override
public PrintWriter getWriter() {
return new PrintWriter(writer);
}
@Override
public String toString() {
return writer.toString();
}
}
}
3. Compile the java file.
go to the folder cd //WEB-INF/classes
javac -cp ".:/webapps/identityiq/WEB-INF/lib/*" com/custom/IdentityResponseFilter.java
4. if javacp is not installed, install it
# Install Java JDK (includes javac compiler)
sudo yum install java-1.8.0-openjdk-devel -y
# OR for Java 11
sudo yum install java-11-openjdk-devel -y
5. go to web-inf/web.xml, take the backup and search for Servlets and above servlets where, </filter-mapping> is closed, put the below lines <!-- Identity Response Security Filter -->
<filter>
<filter-name>IdentityResponseFilter</filter-name>
<filter-class>com.custom.IdentityResponseFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IdentityResponseFilter</filter-name>
<url-pattern>/include/identityQuery.json</url-pattern>
</filter-mapping>
6. Once done save the web.xml file and restart your browser. if needed close your browser or remove cache( this is not needed, for me it worked without doing this), and see all you attribute should be hidden.
Regards
Naveen Kumar
Thankyou very much @naveenkumar3 !
I will deploy this fix in my lab environment and test it out.
Best regards,
Pérsio
Yeah do test it out, It is working for me, and in the code, juts add more attribute if you want to hide
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.