Accessing a page requiring authentication

Similar Messages

• Public pages in authenticated application (NTLM)

  I've been using a custome authentication method based on the NTLM Authentication method documented in the [white paper|http://www.oracle.com/technology/products/database/application_express/pdf/apex_ntlm_authentication_wp.pdf] for a while now with no problems.
  This basically does the following 2 steps:
  1) Standard NTLM Auth
  2) Check returned user ID exists in a seperate table containing valid users
  I've recently been working on an application where the bulk of the application is restricted to users with relevant permissions to edit the data. However there needs to be a public search facility open to anyone.
  I was assuming that I'd be able to do this by just setting the authentication of the relevant page to "Page is Public", however this has presented a problem.
  When I run the app as a user which passes both steps above (ie. auth succeeds), everything works fine.
  However when I run as a user which fails step 2 above (auth fails) the public page loads fine, but whenever anything is posted I get an error like
  Expecting p_company or wwv_flow_company cookie to contain security group id of application owner.
  Error ERR-7621 Could not determine workspace for application (:) on application accept. Also this problem only rears it's head in IE (tried in 7&8), everything works fine in Firefox.
  Also I've created a seperate application with just the public page (and the application set to use the DATABASE auth (i.e. no auth)) and this works fine.
  This is fine as a workaround in this one instance, but i suspect there is likely to be call for similar public pages in other applications, and I don't want to have to create seperate apps for these unless I really have to.
  Anyone any ideas about what the cause of the problem may be, or even pointers about where to look?

  Try Page properties, Security tab, Authentication setting. It has values: Page requires authentication (default) / page is public. Havent tried though..
  Just tried. it works. i manually changed page address in address line like http://something.lt:7777/pls/htmldb/f?p=103:19:3411287399936455. The user connected is "nobody". Public page is page 19.
  Simas
  Message was edited by:
  SimAkas

• Accessing a WMS created with Geoserver that requires authentication

  Can I create a WMS theme in Map Viewer that is served from Geoserver? This Geoserver WMS requires authentication. I can access it in ArcGIS but I don't know how to access it in Map Viewer.

  Where is the Authentication?  The following operates are done in 11.1.1.7.1. Is there any problem? Please talk more detail!
  1.Create a WMS theme by Using the Map Builder tool. It's name is wms_theme130wps. The result is the following:
  Record contents to be stored into USER_SDO_THEMES
  NAME: wms_theme130wps
  DESCRIPTON:
  BASE_TABLE: WMS
  GEOMETRY_COLUMN: WMS
  STYLING_RULES:
  <?xml version="1.0" standalone="yes"?>
  <styling_rules theme_type="wms">
    <service_url> http://localhost:8080/mapviewer/wms? </service_url>
    <user> wms </user>
    <password> +wE1RbfVl94yXdaLJKtG09v64OPJtG40 </password>
    <layers> COUNTIES_TERR </layers>
    <version> 1.3.0 </version>
    <srs> EPSG:4326 </srs>
    <format> image/png </format>
    <bgcolor> 0xA6CAF0 </bgcolor>
    <transparent> true </transparent>
    <exceptions> xml </exceptions>
  <capabilities_url> http://localhost:8080/mapviewer/wms? </capabilities_url>
    </styling_rules>
  2. Request with the URL, http://localhost:8080/mapviewer/wms?REQUEST=GetMap&VERSION=1.3.0&LAYERS=wms_theme130wps&WIDTH=1500&HEIGHT=560&CRS=SDO:8307&BBOX=-180,-90,180,90&FORMAT=image/png.
  This request is without any Authentication message!
  3.Request returns a PNG Image.

• Problems invoking external web page that requires authentication

  We have a web service deployed to OAS 10. This web service needs to be able to open a URL and read the results. This URL requires authentication.
  We have a subclass of Authenticator that provides the user name and password.
  When we run this web service using the debugger from JDeveloper, it works just fine. However, when deployed to the app server, it fails.
  java.io.IOException: Server returned HTTP response code: 401 for URL: http://... at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1149)
  I've stripped out the URL details, but it's invoking a report using Microsoft's SQL Reporting Services.
  If I read the error stream, it indicates that request couldn't be authenticated.
  So, I'm hoping some people here can point me at what's different between the debugger environment and the application server environment. We suspect that it may be related to permissions in a java policy file, or perhaps some other file from which the application server derives its permissions. But our fiddling with these hasn't helped so far.
  So, any ideas as to what went wrong? Ideas on how to open things up so this works?
  Thanks in advance for any help provided.
  BTW, if there's a better forum into which this should be posted, please let me know.

  Greetings,
  401 indicates authentication failure, as you have stated. Once deployed, have you attempted to access the report URL using the uname\pword combination with the strings which are hard-coded in your subclass? You can turn up logging to FINEST and customize what logging on the server returns. Login to your OAS administration portal and review the logging options there. If you start the server from the command line, you can view the output there real-time.
  -Michael

• HT202879 I apparently have the newest Pages version uploaded and installed. But I cannot access it.  I do not find any agreement or anything which needs approval.  I cannot access my pages documents.  Message says an upgrade is required.  When ITunes is o

  I cannot access my pages documents after upgrade to OSX 10.9.1.  Pages and Numbers show they are upgraded also, but when I try to access the existing documents it says I need an upgraded version.  I cannot upgrade because Apps says I already have.  But the apps continue to report that they are in the older version.  OSX is updated.  I've tried to accept user agreements etc but no luck.  HELP

  You have 2 versions of Pages on your Mac.
  Pages 5 is in your Applications folder.
  Pages '09/'08 is in your Applications/iWork folder.
  You are alternately opening the wrong versions.
  Pages '09/'08 can not open Pages 5 files and you will get the warning that you need a newer version.
  Pages 5 can open Pages '09 files but may damage/alter them. It can not open Pages '08 files at all.
  Once opened and saved in Pages 5 the Pages '09 files can not be opened in Pages '09.
  Anything that is saved to iCloud is also converted to Pages 5 files.
  All Pages files no matter what version and incompatibility have the same extension .pages.
  Pages 5 files are now only compatible with themselves on a very restricted set of hardware, software and Operating Systems and will not transfer correctly on any other server software than iCloud.
  Note: Apple has removed over 90 features from Pages 5 and added many bugs:
  http://www.freeforum101.com/iworktipsntrick/viewforum.php?f=22&sid=3527487677f0c 6fa05b6297cd00f8eb9&mforum=iworktipsntrick
  Archive/trash Pages 5, after exporting all Pages 5 files to Pages '09 or Word .docx, and rate/review it in the App Store, then get back to work.
  Peter

• How do I scrape external content using a URLScraper channel through a proxy that requires authentication?

  I need to scrape external content but my Portal Server lies in my Intranet. The company has a Proxy server that needs authentication in order to browse the Internet.
  In the gateway settings, I have made the entries:
  iplanet.com|
  * Proxyip:proxyport|
  This works in the sense that the gateway contacts the proxy for the content, but I get the Proxy Authentication failed page.
  Where do I pass my username and password?
  Regards,
  Vibha

  At the present time, you cannot use URLScraper with proxies that require authentication. You can either reconfigure the proxy to not require authentication when accessed by the portal, or create your own custom provider to pass proxy authentication information in the HTTP header.
  Stephen

• NI Installers & downloaders do not support proxy servers requiring authentication

  Hello, I'm posting this on the LabVIEW forum since it applies to the LabVIEW installer and evaluation version downloader, but it also applies to other products that use the NI meta-installer framework and other products that use the NI downloader.
  We are behind a corporate firewall which requires the use of a proxy for internet access.  In addition, the proxy requires authentication, which I believe is the complicating factor.
  When running an NI installer, if we check the box that requests that the installer contact NI for new notifications, this will inevitably fail when trying to connect to the notification server. 
  Also when trying to use the NI downloader to download drivers or other products, the download always fails.
  Most other software (e.g. Browsers, Dropbox, etc.) are able to use the proxy and allow entry of the username and password (either through a pop-up username/password dialog or configuration page).
  This has generally not been a showstopper problem, but since it affects the NI installer framework it impacts many products and thus they would all benefit from a single bug fix.
  Thanks,
  Joe

  Hi GeekySeb, 
  Are you using the most current versions of the NI Downloader and NI Update Service?  The problems with proxy servers have been repaired in both of them.
  You can download the current version of the NI Update Service here, either by using the NI Downloader or by downloading the installation file directly.  This option should exist for most of our software downloads, so if the NI Downloader does not appear to be working for you then there is an alternate download option.
  http://www.ni.com/download/ni-update-service-14.0/2617/en/
  If none of these options work for you, I would recommend contacting your company's support group for help in configuring your firewall to be able to download NI's software.
  Regards,
  Kelly B.
  Applications Engineering
  National Instruments

• Accessing a page from login page without login

  hi gurus,
  i have a link on my login page, for example-- about company. if i try to access it, it will always ask for login first and then go to that about company page. can i access this page without logging in?
  i saw some solutions like hidden region displayed on same login page, but what if i need to navigate to a different page?
  nadeem

  Hi Nadeem,
  As long as the page has no functionality on it - typical for things like "Terms and Conditions" etc, then you can just make that page public. Edit the page attributes and set Authorization Scheme to "-No Page Authorization Required-" and set Authentication to "Page is Public".
  That way, the page can be seen by anyone whether they are logged in or not.
  Andy

• HTTP Error 405 - The HTTP verb used to access this page is not .....

  Goodmorning,
  I've installed BO XI R3 SP4 on a 2k3-server with IIS 6.0. I wanted to configurate the SSO. After changing the web.config file and restart of the IIS , I get the following error :
  HTTP Error 405 - The HTTP verb used to access this page is not allowed.
  Internet Information Services (IIS)
  The frame where you normally are using for authentication has this error, the frame around is normal.
  Hope someony can help, thx in advance

  I can't fin a upload button , so the file in plain text gepasted
  Hope it is readable :
  #Software: Microsoft Internet Information Services 6.0
  #Version: 1.0
  #Date: 2012-02-29 12:19:21
  #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/logon.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/res/schema.blue/default.css.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/js/utils.js.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/js/helpSystem.js.ashx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logon.pattern 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/listing/blank.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logo 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 GET /InfoViewApp/logon/logon.aspx parameter=logonService 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:19:21 W3SVC1 10.13.0.119 POST /PlatformServices/Shared/Logon/Logon.aspx - 80 - 10.13.0.119 Mozilla/4.0(compatible;MSIE7.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 405 0 1
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/logon.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/res/schema.blue/default.css.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/js/utils.js.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/js/helpSystem.js.ashx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/listing/blank.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logon.pattern 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/common/appService.aspx service=skinning&resource=img&img=img.banner.logo 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 GET /InfoViewApp/logon/logon.aspx parameter=logonService 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 200 0 0
  2012-02-29 12:32:05 W3SVC1 127.0.0.1 POST /PlatformServices/Shared/Logon/Logon.aspx - 80 - 127.0.0.1 Mozilla/4.0(compatible;MSIE8.0;WindowsNT5.2;Trident/4.0;.NETCLR1.1.4322;.NETCLR2.0.50727;.NETCLR3.0.4506.2152;.NETCLR+3.5.30729) 405 0 1
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 OPTIONS /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 200 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  2012-02-29 12:33:17 W3SVC1 10.13.0.119 PROPFIND /c$ - 80 - 10.13.8.13 Microsoft-WebDAV-MiniRedir/6.1.7601 501 0 0
  Thx in advance for your reply

• Parsing Content From A Site That Requires Authentication

  Ive been scanning websites using the Java HTML parser from htmlparser.sourceforge.net to gather useful data into a more easily used format, in this case it is stored in a mySQL database.
  The problem that has stumped me for the past few days is how to get around the login authenication page required to access content from the website www.racingpost.com . I am a registered user but am having difficulty logging in via Java and managing the cookies to bypass the login page HTML I keep getting instead of the race data.
  I am unsure when and where I should be passing cookies around. Also logging in using POST is confusing me.
  Thanks for any help you can offer.

  this should help you out with posting to a URL. It is taken from:
  http://javaalmanac.com/egs/java.net/Post.html
  // e135. Sending a POST Request Using a URL
      try {
          // Construct data
          String data = URLEncoder.encode("key1", "UTF-8") + "=" + URLEncoder.encode("value1", "UTF-8");
          data += "&" + URLEncoder.encode("key2", "UTF-8") + "=" + URLEncoder.encode("value2", "UTF-8");
          // Send data
          URL url = new URL("http://hostname:80/cgi");
          URLConnection conn = url.openConnection();
          conn.setDoOutput(true);
          OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
          wr.write(data);
          wr.flush();
          // Get the response
          BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
          String line;
          while ((line = rd.readLine()) != null) {
              // Process line...
          wr.close();
          rd.close();
      } catch (Exception e) {
      }

• How to access a page from another website in to the portlet

  Hai,
  I need this specific requirement. In a portlet that is written in jsp, i need to access another page which is running in another server.I will explain what is my requirement clearly.. In a portlet, i have to acess a page from another site, and i have to pass a parameter directly. If i use URL-Based Portlet with passing parameters, It ask the user to enter the parameter and submit the page.. But what my need is, i have to pass the parameter directly. what i am planning is in a new tab, i will add a portlet, where i need to access the another website page..when the user opens that tab, it directly shows that website..... How do i proceed...
  Can anybody help me.. Its URGENT....
  If possible send me the code..
  my mail id: [email protected]
  Thanks in advance
  damodar

  Damodar,
  To include an existing JSP page as a portlet have a look in the PDK section http://portalcenter.oracle.com there is lots useful information. The two things you might find most relevant is a paper on creating java portlets. This paper has a section on turning an existing JSP page into a portlet
  http://portalstudio.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/PDK/ARTICLES/HOW.TO.BUILD.A.JAVA.PORTLET.USING.PDK.JAVA.V2.HTML
  and to pass parameters and events
  http://portalstudio.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/PDK/ARTICLES/OVERVIEW.PARAMETERS.EVENTS.HTML
  Hope this helps,
  Candace

• Customize Access Requried page with code behind attached to it in sharepoint 2010

  Hi,
  I have modified default AccessDenied page to my custom accessdenied.aspx page and put Request Access button on it and javascript client side redirection to my requestaccess (reqestaccess.aspx, reqestaccess.aspx.cs) application page.
  Here the problem is whenever i try to redirect to custom requesaccess page in _layouts it again shows me accessdenied page since user is not having access.
  I changed requrestaccess to my custom requestaccess through Powershell command (UpdateMapping - 5). I can only modify the UI part of requestaccess.aspx and can not bind code behind where i want user to select combination of what access is required
  on the site, there are lots of controls on requestaccess page e.g. dropdown that fetches data from list\external list and so on.
  I tried many things to attach code behind to requestaccess page e.g. <%@ Page Inherits="codebehind.cs" /> and all.
  Q - How can i redirect user to custom request access page (includes both aspx, aspx.cs) and allow user to interact with custom page? Is there any way OR WORKAROUND to do this in Sharepoint 2010?
  OR
  Can we overide with ElevetedPermissions in UI\CodeBehind and show the application page to user?
  OR
  Can user access application page even though they donot have rights to access site? Anything will do.
  OR
  In short, I need to redirect a user to some .aspx\.aspx.cs page from AccessDenied page, irrespective of user having access or not. 
  I hope question is clear enough to understand the issue. :)
  Regards,
  Rahul

  Hi,
  According to your post, my understanding is that you had an issue about the custom Access Required page.
  Microsoft supported using code behind, but for these pages it seemed some difference.
  However, as a workaround, we can put all the functionality to the aspx page directly.
  http://umbraes-tower.blogspot.com/2011/10/custom-request-access-page-in.html
  More reference:
  http://onlinecoder.blogspot.com/2011/05/how-to-customize-requestaccess.html
  http://oszakiewski.net/eric/customizing-the-access-request-page-in-sharepoint-2010
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support

• Dreamweaver CS4 Content on this page requires a newer version of Adobe Flash Player.

  I'm working with the CS4 Design Premium Suite.  I've done all the updates. I've followed all the steps in the training.
  I've used the adobe media encoder to create FLV file from a windows media clip.
  Then on a simple new html page. saved to a brand new local folder I try to insert my conent:
  I  use  menu command "Insert _ Media _ FLV"  I browse to the file,  I insert & save the page
  I can see a place holder in design view but if I go to live view I see the message"Content on this page requires a newer version of Adobe Flash Player."
  If I preview to a browser I get the same thing,
  If I go to the local folder and access the page directly I get the same thing.
  I alse created simple SWF file in Flash CS4.  Saved in the root folder.
  I use the menu command "Insert _ Media _ SWF"  I see a place holder.
  Save it, save all the files.
  Same thing. Content on this page requires a newer version of Adobe Flash Player.
  I read online where others are having this issue, someone one said "Why are you using "swfobject_modified?"  "Try swfobject.modified"
  tried with no visble change.
  I thought that flash & dreamweaver are supposed to be fully intergrated?
  Why are these seemingly simple operations causing me so much grief?
  I'm days behind in my training & on my project due to this problem.   Any help anyone could offer would be appreciated.
  Thank you!

  Again... a novice at the "code"... is this helpful?
  <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="250" height="420" id="FlashID" title="Spaceman USA UNITS">
              <param name="movie" value="/web/units.swf" />
              <param name="quality" value="high" />
              <param name="wmode" value="opaque" />
              <param name="swfversion" value="6.0.65.0" />
              <!-- This param tag prompts users with Flash Player 6.0 r65 and higher to download the latest version of Flash Player. Delete it if you don’t want users to see the prompt. -->
              <param name="expressinstall" value="/web/Scripts/expressInstall.swf" />
              <!-- Next object tag is for non-IE browsers. So hide it from IE using IECC. -->
              <!--[if !IE]>-->
              <object type="application/x-shockwave-flash" data="/web/units.swf" width="250" height="420">
                <!--<![endif]-->
                <param name="quality" value="high" />
                <param name="wmode" value="opaque" />
                <param name="swfversion" value="6.0.65.0" />
                <param name="expressinstall" value="/web/Scripts/expressInstall.swf" />
                <!-- The browser displays the following alternative content for users with Flash Player 6.0 and older. -->
                <div>
                  <h4>Content on this page requires a newer version of Adobe Flash Player.</h4>
                  <p><a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" width="112" height="33" /></a></p>
                </div>
                <!--[if !IE]>-->
              </object>
              <!--<![endif]-->
            </object>

• Query regarding database access segregation using os authentication in windows environment

  Hi ,
  I have a query regarding database access segragation using os authentication (like sqlplus "/ as sysdba") in windows environment.Let me briefly explain my requirement:-
  Suppose you have two DBA`s viz DBA1 and DBA2 and 4 databases resideds in a windows server say A,B,C & D.Now I want to set up such a way if DBA1 logs into the server then he can login to database A and B only using OS authentication and DBA2 can login to database C and D only using OS authentication.
  Please let me know how to do setup for this requirement.
  Database version is 11.2.0.3

  1494629, I am not a Windows person but if there is any way to do this I suspect some additional information is necessary:
  Are the DBA users members of the Administrators Group ?
  Do all 4 database share the same $ORACLE_HOME ?
  I suspect if either answer above is yes then this is not possible, but like I said I am not a Windows person.  I would just ask for two servers and the associated licensing to be acquired.  The requirement to spend money to do something management wants usually elimanates the request in my world.
  HTH -- Mark D Powell --

• I accessed the page protected by ADF security using direct url access attac

  hi,
  I played with my application which is based on SRDemo code (with added ADF security handling protection of resources) using direct url access scenarios. I was able to access a protected page as authenticated but not authorized user. I'll try to explain what I did.
  There are two folders/web resources in my application, faces/folderA/* and faces/folderB/*.
  roleA only is configured to access first web resource and the roleB is configured to access the second resource.
  I used ADF security to authorize only roleA for page in folderA and to authorize only roleB for page in folderB.
  I configured error pages in web.xml:
  <error-page>
  <error-code>400</error-code>
  <location>faces/error/error400.jspx</location>
  </error-page>
  <error-page>
  <error-code>401</error-code>
  <location>faces/error/error401.jspx</location>
  </error-page>
  <error-page>
  <error-code>403</error-code>
  <location>faces/error/error403.jspx</location>
  </error-page>
  <error-page>
  <error-code>404</error-code>
  <location>faces/error/error404.jspx</location>
  </error-page>
  <error-page>
  <exception-type>java.lang.Throwable</exception-type>
  <location>faces/error/error500.jspx</location>
  </error-page>
  Other config params are:
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>infrastructure/ABLogin.jspx</form-login-page>
  <form-error-page>faces/error/error401.jspx</form-error-page>
  </form-login-config>
  </login-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AB Prototype</web-resource-name>
  <url-pattern>faces/ABAbout.jspx</url-pattern>
  <url-pattern>faces/ABHelp.jspx</url-pattern>
  <url-pattern>faces/ABLogout.jspx</url-pattern>
  <url-pattern>faces/ABWelcome.jspx</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>A</role-name>
  <role-name>B</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AZone</web-resource-name>
  <url-pattern>faces/folderA/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>A</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>BZone</web-resource-name>
  <url-pattern>faces/folderB/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>B</role-name>
  </auth-constraint>
  </security-constraint>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  <init-param>
  <param-name>unauthorizedErrorPage</param-name>
  <param-value>faces/error/error401.jspx</param-value>
  </init-param>
  </filter>
  <filter>
  <filter-name>adfFaces</filter-name>
  <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jspx</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfFaces</filter-name>
  <url-pattern>*.jsp</url-pattern>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>ERROR</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfFaces</filter-name>
  <url-pattern>*.jspx</url-pattern>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>ERROR</dispatcher>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <load-on-startup>2</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  Once I authenticated as user in roleA I was trying to directly access URLs accessible only by users in roleB. In the beginning everything worked OK: I was dispatched to error401.jspx page with message Not authorized... etc.
  But I kept trying to access different URLs, like http://localhost:8988/AB/faces, http://localhost:8988/AB/faces/folderB, http://localhost:8988/AB/faces/folderB/pageB.jspx, http://localhost:8988/AB
  (not necessarily in that order, I played for a couple of minutes and the system would always dispatch to error401.jspx page if unauthorized attempt. But all of sudden, to my surprise, I got the pageB.jspx page while logged in as user belonging to roleA!)
  Not sure how that happened but the connectedUser on pageB (#{userInfo.authenticated}) shows that I am logged in as user whose role is A.
  I checked Authorization in ADF security and it is still correct: pageB is only accessible to roleB and pageA is only accessible to roleA.
  I hope I made some stupid mistake in my configuration?

  Hi,
  ADF Security is JAAS permission based and not container managed. Note that unless you explicitly configured ADF Security you don't use ADF Security but container managed security, which is all that I can see in your configurations.
  Not sure which version fo JDeveloper you use, but if you could change the following setting
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>AZone</web-resource-name>
  <url-pattern>faces/folderA/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>A</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>BZone</web-resource-name>
  <url-pattern>faces/folderB/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>B</role-name>
  </auth-constraint>
  </security-constraint>
  to contain jspx file references instead of wildcards like in faces/folderB/* then what you see should no longer be possible. There was a known issue with the security settings in SRDemo that was caused by a defect in OC4J container managed security. I would expect this issue to be fixed in a more recent version of OC4J.
  However, the work around until then is to protect all JSPX files in a directory instead of using wild card matches
  Frank