Bug in form based authorization ( url-patter /* and loginform in /*)

Similar Messages

• How to trigger a form based on object type and process type

  Hi all,
  I am new into SRM.. I have been asked to develop a form by cloning an existing standard form..
  Using bbp_output_change_sf badi you can trigger the form by passing the object type but the scenario is such that depending on the object type and process type the new form should be triggered.
  The parameter iv_object_type passes the object type but how could i pass the process type ?
  In the badi I noticed an import parameter is_event that has a field called transction_type that carries the process type but this field never got populated when i checked using debugger.
  Please help as to how i can trigger the form based on the object_type and the process_type.
  Thanx in advance.

  Thanx again Jay Yang.. Well is there any possibility that you could get the items that were confirmed..
  Let me eleborate..
  Suppose in the PO u order an item for 10 nos and 5 gets confirmed and u return 2..
  Well in my case it is that i need to fill up a field Qty returned / Qty confirmed..
  I was able to get the number of items from the PO by passing the the passing the parameter to the FM "bbp_pd_conf_getdetaill"
  but i dont know how to get the number of items been confirmed..
  The quantity field in the line item structure gives me the number of items returned..
  Can u tell me how to get the number of items been confirmed....

• Problem in tabular form based on dynamic view and pagination

  Hi All,
  I have a manual tabular form based on a dynamic view. The view fetches the records based on search criteria given by the user in all cases. But this view fetches ALL records when user clicks on pagination, without considering the search criteria. This is the problem I am facing.
  I am doing the following:
  Since tabular form does not support pl/sql function returning query, I cannot use a table directly. I need my results based on search criteria selected by user. Hence I created a dynamic view and used a "INSTEAD OF UPDATE" trigger to update the table.
  I use a set bind variables procedure, on load before header for setting the variables.
  This view fetches the correct data based on user search always. It creates a problem only in one situation, when using pagination in the report.
  The example can be found at:
  http://apex.oracle.com/pls/otn/f?p=19399:1:
  username = [email protected]
  pwd = kishore
  Here if "manager name" is entered as test, we get 5 records in "Summary of requests" report and 5 records in "Inactive Requests" report. When user clicks on Pagination in any of the reports, ALL the 7 records get fetched in "Summary of Requests" and 6 records in "Inactive Requests". How can I overcome this problem?? The report must consider the search variables even when pagination occurs.
  Is this because, the inbuilt "html_PPR_Report_Page" executes the region query once again by considering all search variables as NULL?
  Backend Code is at:
  http://apex.oracle.com/pls/otn/
  workspace: sekhar.nooney
  Username :[email protected]
  pwd: kishore
  application id = 19399
  My region code is something like:
  select *
  from regadm_request_v
  where access_type = :F110_REGADM
  and status <> 'INACTIVE'
  order by request_id
  My view code is:
  CREATE OR REPLACE VIEW REGADM_REQUEST_V
  AS
  SELECT *
  FROM REGREGOWNER.REGADM_REQUEST
  WHERE upper(employee_name) LIKE '%'||nvl(upper(REGADM_REQUEST_PKG.GET_EMPLOYEE_NAME),'%')||'%'
  AND upper(manager_name) LIKE '%'||nvl(upper(REGADM_REQUEST_PKG.GET_MANAGER_NAME),'%')||'%'
  AND upper(employee_sunetid) LIKE '%'||nvl(upper(REGADM_REQUEST_PKG.GET_EMPLOYEE_SUNET_ID),'%')||'%'
  AND upper(manager_sunetid) LIKE '%'||nvl(upper(REGADM_REQUEST_PKG.GET_MANAGER_SUNET_ID),'%')||'%'
  AND upper(request_date) LIKE '%'||nvl(upper(REGADM_REQUEST_PKG.GET_REQUEST_DATE),'%')||'%'
  AND upper(USAGE_AGREEMENT_RECVD) LIKE '%'||nvl(upper(DECODE(REGADM_REQUEST_PKG.GET_USAGE_AGREMNT_RECVD,'~!@',NULL,REGADM_REQUEST_PKG.GET_USAGE_AGREMNT_RECVD)),'%')||'%'
  AND upper(STATUS) LIKE '%'||nvl(upper(DECODE(REGADM_REQUEST_PKG.GET_STATUS,'~!@',NULL,REGADM_REQUEST_PKG.GET_STATUS)),'%')||'%'
  AND upper(REQUEST_APPROVED) LIKE '%'||nvl(upper(DECODE(REGADM_REQUEST_PKG.GET_REQUEST_APPROVED,'~!@',NULL,REGADM_REQUEST_PKG.GET_REQUEST_APPROVED)),'%')||'%'
  AND upper(nvl(APPROVAL_DATE,sysdate)) LIKE '%'||nvl(upper(REGADM_REQUEST_PKG.GET_APPROVED_DATE),'%')||'%'
  AND upper(APRVL_REQUEST_SENT) LIKE '%'||nvl(upper(DECODE(REGADM_REQUEST_PKG.GET_EMAIL_APPROVERS,'~!@',NULL,REGADM_REQUEST_PKG.GET_EMAIL_APPROVERS)),'%')||'%'
  AND upper(NOTIFY_APPROVED) LIKE '%'||nvl(upper(DECODE(REGADM_REQUEST_PKG.GET_APPROVAL_NOTIFICATION,'~!@',NULL,REGADM_REQUEST_PKG.GET_APPROVAL_NOTIFICATION)),'%')||'%'
  I would be glad for any suggestions.
  Andy/Varad any ideas? You both helped me a lot on my problems for the same application that I had faced before in More Problems in Tabular form - Please give me suggestions.
  Thanks,
  Sumana

  Hi Andy,
  The view and the package for setting bind variables work properly in my entire application other than the pagination. A pity that I came across this only now :(
  I have used this same method for holding variables in another application before, where I needed to print to PDF. I used this approach in the other application because my queries were not within the APEX character limit specified for the "SQL Query of Report Query shared component".
  In this application, I initially had to fetch values from 2 tables and update the 2 tables. Updateable form works only with one table right? Hence I had created a view. Later the design got changed to include search and instead of changing the application design I just changed the view then. Still later, my clients merged the 2 tables. Once again I had just changed my view.
  Now, I wanted to know if any method was available for the pagination issue (using the view itself). Hence I posted this.
  But as you suggested, I think it is better to change the page design quickly (as it would be much easier).
  If I change the region query to use the table and the APEX bind parameters in the where clause as:
  SELECT *
  FROM REGADM_REQUEST
  WHERE upper(employee_name) LIKE '%'||nvl(upper(:P1_EMPLOYEE_NAME),'%')||'%' .....
  I also changed the ApplyMRU to refer to the table.
  Here the pagination issue is resolved. But here the "last Update By" and "Last Update Date" columns do not get updated with "SYSDATE" and "v(APP_USER)" values, when update takes place. Even if I make the columns as readonly text field, I am not sure how I can ensure that SYSDATE and v('APP_uSER') can be passed to the columns. Any way I can ensure this? Please have a look at the issue here: http://apex.oracle.com/pls/otn/f?p=19399:1:
  I have currently resolved the "last update" column issue by modifying my view as:
  CREATE OR REPLACE VIEW REGADM_REQUEST_V
  AS
  SELECT *
  FROM REGADM_REQUEST
  I modified my region query to use APEX bind parameters itself as:
  SELECT *
  FROM REGADM_REQUEST_V
  WHERE upper(employee_name) LIKE '%'||nvl(upper(:P1_EMPLOYEE_NAME),'%')||'%' .....
  And I use the "INSTEAD OF UPDATE" trigger that I had initially written for update. The code is:
  CREATE OR REPLACE TRIGGER REGADM_REQUEST_UPD_TRG
  INSTEAD OF UPDATE
  ON REGADM_REQUEST_V
  REFERENCING NEW AS NEW OLD AS OLD
  FOR EACH ROW
  BEGIN
  UPDATE REGREGOWNER.REGADM_REQUEST
  SET MANAGER_EMAIL = :NEW.MANAGER_EMAIL
  , EMPLOYEE_EMAIL = :NEW.EMPLOYEE_EMAIL
  , STATUS_UPDATE_DATETIME = SYSDATE
  , USER_UPDATE_ID = (SELECT v('APP_USER') FROM DUAL)
  WHERE REQUEST_ID = :OLD.REQUEST_ID;
  END;
  Please let me know how I can resolve the "last update" column issue using the table itself. (Just for my learning)
  Thanks,
  Sumana

• Resource Based Authorization sample program and application

  Recently i have studied about the types of authorization and i also did some samples for role based authorization. Now i am looking for Resource based authorization, the sad thing is that i could not able to understand the concept.
  So i am looking for the sample application and C# program. 
  I just want to know the concept of resource based authorization and also the sample application file and c# coding file.
  Please provide me the sample.
  Thanks in Advance. 

  Hi,
  Technet forums are dedicated by technologies. Since you are more looking for concept, you should check for blogs on the Internet (try google...).
  Otherwise please refer to TechNet forums homepage and look for your technology (C# for instance).
  Hope this helps.
  Guillaume Rouyre - MBA, MCP, MCTS

• ORA-04020 Deadlock when trying to create form based on stored proceure

  Hi,
  I'm trying to create a form based on a stored procedure, and I'm getting " Failed to execute - Missing string(create_package_body) language(us) domain (wwv) sub_domain (wwv_builder) (WWV-04300)
  ORA-04020: deadlock detected while trying to lock object PUBLIC.WARRENP (WWV-11230)
  Failed to parse as PORTAL - (WWV-08300) " when I try to generate the form. I have created a new database provider (warrenp), and I've given it the same privs as the PORTAL_DEMO provider.
  GRANT EXECUTE ON PORTAL.WWCTX_API TO WARRENP;
  GRANT EXECUTE ON WWPRO_API_PARAMETERS TO WARRENP;
  GRANT EXECUTE ON WWPRO_API_INVALIDATION TO WARRENP;
  GRANT SELECT ON WWV_USER_CORNERS TO WARRENP;
  GRANT EXECUTE ON WWPOB_PAGE_UTIL TO WARRENP;
  I create a stored procedure
  CREATE OR REPLACE PROCEDURE sp_test (foo IN number) AS
  BEGIN
  NULL;
  END;
  GRANT EXECUTE ON sp_test TO PUBLIC;
  Then I try to create a form based on this procedure and it fails with the above error. I can create this procedure in the PORTAL_DEMO schema without problems. I can also create a form in the WARRENP provider based on PORTAL_DEMO.GIVE_RAISE and that works also.
  I'm on Portal 10G (9.0.4) on Linux, infrastructure database is 9.0.1.5.0.
  Can anyone tell me what I've missed in my setup?
  Thanks

  I've been informed that this is caused by database bug 2651669.

• Calling a form based on a procedure from a report

  I have a report and want the user to link to a form based on a stored procedure passing params from the report record. That I can do using the link option. But to complicate matters I have more than one form based on a procedure and depending on values in the reports data depends on which form will be called (passing values to the form (all based on stored procedures).
  How can I do this ?
  Any advice would be really appreciated.

  If you want to display other HTML page after successful submission, you need to use
  either go or call method.
  I created a form on SCOTT.EMP and a report on SCOTT.EMP and the report accept a parameter for
  the deptno. Here is my on successfull submission code:
  declare
  l_dept number;
  l_url varchar2(2000);
  begin
  l_dept := p_session.get_value_as_number('DEFAULT', 'A_DEPTNO', 1);
  l_url := 'scott.rpt_mask_1.show?p_arg_names=emp.deptno&p_arg_values='&#0124; &#0124;l_dept;
  go(l_url);
  end;
  null

• How do I open up a form based on a query/parameter

  Can someone please tell me how can I open the form based on a query and the query is based on a pre-set value. Thanks.
  I am new to Oracle Form. Please treat me like a newbie. Thanks.

  Hi,
  If I understand u , you want to call a form
  and execute query automatically with preset value.
  Is that what you mean?.
  1.suggestion: You can use the call_form, or open_form .
  check all parameters like "auto query" and so on.
  (see help-online for parameters to pass for call_form, open_form....)
  2.Suggestion: In the pre-query trigger set the value.
  in the When-new-form-instance
  write this code:
  Begin
  execute_query; -- built-in procedure
  end;
  I hope this gives you an idea,
  Regards
  CB

• Query forms based on detail block

  My question is pretty simple: Is it possible to query a form (Forms [32 Bit] Version 6.0.8.11.3) based on a detail block? Let me explain my problem! I have a table called REQUISITION and of its field is STATUS_CODE. Then I have another table called STATUS that have the following fields: CODE, NAME, DESCRIPTION, PHASE, etc. The join condition between REQUISTION and STATUS is REQUISITION.STATUS_CODE = STATUS.CODE. On my form, all of the fields come from table REQUISITION but the problem is that we have over 30 different status and my user can't remember their names and phase. So I inserted two display fields on the forms and wrote a post-query trigger to populate the field with their corresponding names and phases. But now my end user are complaining that the fields don't allow queries to be performed which prevents them to use a query to know all requisitions that are on phase "Procurement" which corresponds to four different status_code. So I though in inserting the fields PHASE and DESCRIPTION into table REQUISITION and write a trigger that would populate those field every time the STATUS change but that would cause a problem when lets say STATUS 01 is part of PHASE "Procurement" then comes next week the company decides that is not longer part of phase "Procurement" but now it is part of PHASE "Purchasing" they would go the form based on table STATUS and change the field PHASE of the corresponding STATUS that they want. But now I have this data on another table holding information that is no longer valid. Sure I could write another trigger to change field REQUISITION.STATUS_PHASE whenever there is a change on STATUS.PHASE but wouldn't that be too much bookkeeping? Would be so much easier if I could query my forms based on the detail block (this case table STATUS and master block table REQUISITION)?
  thanks so much in advance for any thought! Btw, I am open to other suggestions too!!!!!
  gleisson henrique

  if I understood you correctly, you can do this manually. what I mean is,
  when the end user picks phase "Purchasing", you can change the where clause on the master block and execute the query to get the desired results
  e.g.
  v_cod varchar2(200) := 'STATUS_CODE in (select code from status where phase = ''Purchasing'')';
  begin
  set_block_property(requisition_blk,default_where,v_cod);
  execute_query;ofcourse you have to change "Purchasing" in the previous code to the item that holds the user inputs
  hope this is helpful
  Edited by: Mohammed H. on Sep 19, 2008 6:45 PM

• Trapping exceptions/error messages on form based on procedure

  I am trying to display meaningful error messages when various exceptions arise. I have created a form based on a procedure and the procedure works and returns an exception where I want it.
  I have been trying to use the PL/SQL Button event handler to return an error message to the user, but have not succeeded. I have tried:
  doSubmit;
  exception
  when others then
  p_session.set_value(
  p_block_name => 'DEFAULT',
  p_attribute_name => '_STATUS',
  p_value => 'my error message';
  (I have run this code both with a return at the end and not.)
  This runs, but this return a page that says:
  Error: WWV-0000.
  (It does not display 'my error message'.)
  I have also tried, from the Portal FAQs:
  doSubmit;
  exception
  when others then
  wwa_app_module.set_target('myschema.MY_ERRORS.SHOW?p_arg_names=p_errcode&p_arg_values=-1',
  'GO');
  where my_errors is a dynamic page that displays an error message when you pass it a value, in this case, -1.
  I get the following error message from this code:
  PLS-00201: identifier 'WWA_APP_MODULE.SET_TARGET' must be declared
  I did find some discussions on problems with exceptions when you have a form based on a procedure, but these were from 2001. Any help with this or directions to documentation would be greatly appreciated.

  I worked out one answer: the code provided by Oracle for the second example omitted the portal schema qualifier on the wwa_app_module. It should be (for 10g release 2, at least)
  PORTAL.wwa_app_module.set_target('myschema.MY_ERRORS.SHOW?p_arg_names=p_errcode&p_arg_values=-1',
  ^^^^^^^^^^
  'GO');
  This worked, and returned the custom error message.
  I still can't figure out why the p_session.set_value returns an error message that's just WWV-0000, but I would like to. Any help, even just what page in what document to look at would be appreciated.

• Tcode for form based report

  dear sap gurus:
  can any one tell me the all t code for form based report like ke86 and other and why it is diffrent from report painter

  Dear Makrand,
  Please look into the following:
  I brought profit center in selection criterion:
  For this I have changed my Form T Code:  KE35:
  General Data Selection :
  Included Profit center along with the controlling Area.
  Then I changed my report:
  KE30:
  Variables Tab:
  Givn Profit center as entry at execution.
  Hope this will helps you......
  Regards,
  Pavan Kumar Arvapally

• Ask for help with form based authentication & authorization

  Hi:
  I encountered the following problem when I tried the form based authentication & authorization (see the attached part of the config files, web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, it doesn't go the login error page as long as the user/pwd match, even though the user does not have the necessary role
  in the example below, user3 should be denied to access the signin page, but seems no login error page returned, actually I never see any page / error message which complain about the authorization / access control error
  2. after authenticate correctly, always get redirected to the / (context root) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

  Hi, Paul:
  Thanks a lot for your reply.
  Firstly let me just correct a little in the attachment I put previously, I think I missed following lines :
  <auth-constraint>
  <description>no description</description>
  <role-name>customer</role-name>
  </auth-constraint>
  So, user1 & user2 are in the customer group, but user3 not, and /control/singin is protected by this security constraint, as a result, when anyone click the link to /control/singin, he was led to the login page, if he tries to login as user1 & user2, he should pass & led to original page (in this case /control/singin, and my code's logic, once /control/signin is used, means that he already login successfully & redirected to the login success page), but if he tries to login as user3, he should only pass the authentication check, but fail the authorization check, and led to login error page.
  What not happen are :
  1. user1 & user2 pass, but redirect to /
  2. user3 also pass, because I see that debug message shows also get redirected to /, instead of login error page
  (login error page will be displayed, only if I try to login as a user with either wrong userid, or wrong password)
  3. one more thing I notice after I first time post the message, the container does not remember the principal, after 1. is done, not even for a while
  And the similar configuration works under Tomcat 3.2.1, for all 3. mentioned above.
  Any idea ?
  HaiMing
  "Paul Patrick" <[email protected]> wrote:
  If I understand what your trying to do, everyone should get access to the
  login page since roles are not
  associated with principals until after they authenticate. If I follow what
  you specified in the XML files,
  authenticated users user1 and user2 are members of a group called
  customer_group.
  The principal customer_group (and therefore its members) is mapped in the
  weblogic.xml file to the role
  customer.
  I can't speak to the reason your being redirected to the document root.
  Paul Patrick
  "HaiMing" <[email protected]> wrote in message
  news:[email protected]...
  Hi:
  I encountered the following problem when I tried the form basedauthentication & authorization (see the attached part of the config files,
  web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, itdoesn't go the login error page as long as the user/pwd match, even though
  the user does not have the necessary role
  in the example below, user3 should be denied to access the signinpage, but seems no login error page returned, actually I never see any page
  / error message which complain about the authorization / access control
  error
  2. after authenticate correctly, always get redirected to the / (contextroot) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

• Form Based Authentication Redirect URL

  I'm using form based authentication in standalone OC4J 10.1.3.1. I have set the system property oc4j.formauth.redirect to true to force OC4J to redirect using 302 any successful authentication to j_security_check.
  The problem is that the redirect URL loses any query parameters. Here's the raw HTTP being posted:
  POST http://localhost:8988/manage/j_security_check HTTP/1.1
  Host: mvakoc-pc.peoplesoft.com:8099
  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
  Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip,deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 300
  Connection: keep-alive
  Referer: http://mvakoc-pc.peoplesoft.com:8099/manage/target?instanceName=denlcmlx1_entserver_1&targetType=entserver
  Cookie: JSESSIONID=0a8b7ff6231c049914997fdb4ebb93b4854b0956862b; SignOnDefault=18438; e1AppState=
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 62
  X-Forwarded-For: 10.139.127.246
  j_username=username&j_password=password&url=%2Fmanage%2Fhome
  However the response back drops off the query parameters:
  HTTP/1.1 302 Moved Temporarily
  Date: Fri, 05 Jan 2007 21:59:22 GMT
  Server: Oracle Containers for J2EE
  Content-Length: 231
  Connection: Keep-Alive
  Keep-Alive: timeout=15, max=100
  Location: http://mvakoc-pc.peoplesoft.com:8099/manage/target
  <HTML><HEAD><TITLE>Redirect to http://mvakoc-pc.peoplesoft.com:8099/manage/target</TITLE></HEAD><BODY>http://mvakoc-pc.peoplesoft.com:8099/manage/target</BODY></HTML>
  Any workaround?

  It does not appear to be quite the same issue. That bug indicates that everything works fine in a standalone OC4J environment. This would be true with the use case specified as the original URL (/em/console/ias) does not include any query parameters. In my case the original URL contains query parameters so the ultimate redirected URL should also contain those.

• Form based j_security_check with javax.servlet.Filter and some pesky images

  We have defined the web app to use Form based authentication. Some of the images internal to our application we would like to allow access without having to formally log into the system. In order to accomodate this we have created an javax.servlet.Filter where we strip off some parameters off of the end of the url to log them in.
  This works great for everything EXCEPT urls that are in <img src> tags. urls in these tags will never hit the filter. You can take the same url and place it in the browser and it will hit the filter. Its just urls in <img src> tags.
  The images cannot be moved to a public place, they must stay where they are.
  Does anyone know why the <img src> tag is doing this? It is fairly easy to replicate. Just use form based authentication, create a filter, and try to access an image from an img src tag.
  Be sure to clear your browser cache and try again if you think you have it working.
  Any security gods out there?
  Thanks,
  Mark

  Since nobody responded, I will tell you what we decided to do. For images, we use a servlet outside of the security wall that loads and streams an image back to the browser instead of a direct image url.
  So we do something like this:
  <img src="https:\\foo.com\Servlet\ImageDisplay?id=1234&user=23432">
  Then our servlet parses the params, finds and streams back the image, and instead of returning back "html\text" in the servlet, the servlet returns something like this:
  HttpServletResponse response = blah...
  BufferedImage bi = new BufferedImage("load in the image resource");
  try {
  response.setContentType("image/gif");
  ServletOutputStream out = response.getOutputStream();
  JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(out);
  encoder.encode(bi);
  catch (IOException ioe) {
  servlet.log("DrawMapAction: IO Exception encoding JPEG to ServletOutputStream.", ioe);
  }

• Can you enable both Windows Based Authentication and Forms Based Authenication for the same web application?

  Hello Community
      In WS2012 and SharePoint 2013 Server is it possible when creating a
  web application to enable both Windows Based Authentication/Negotiate
  (Kerberos) and enable Forms Based Authentication or does the web application
  use either one or the other?
      Thank you
      Shabeaut 

  Yes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
  Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
  http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
  http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• SSL and login form for form based login over ldap

  Hello,
  i have configured an apache reverse proxy with virtual named host and the the webgate is also running on this server.
  On a second server i have configured a webserver with the login form.
  Access to the protected ressources is working when i use the following parameters in my Authentication schema
  form:/form/login.html
  action:/dummy
  creds:userid password
  ssoCookie:httponly
  passthrough:no
  SSL Required No
  Challenge Redirect http://dummyserver.dummy.org
  Changing the SSL required to yes and the url to https has the following result.
  After filling out the login form and pressing the submit button "the requested URL /dummy was not found on this server"
  Any hints are welcome.
  Kind regards

  Hi Colin,
  Yes the dummy url is protected. Otherwise it should not work when using http.
  I assume that i am not redirected back to the origin source. The obSSOCookie should do this in some way, when i remember that correctly.
  I can see that the obSSOCokkies are created for both urls but the content is "loggedoutcontinue". Thats the difference to the http communication.
  Is there anything else to configure when using SSL with a form based login. Have i missed some basics?
  In the documentation it looks really simple - just trning it on - looking for access - and everything works :-)
  KR